Hi,
I downloaded a tool to check on processes running on startup and I ended up downloading several extra programs
casiopesa
aracadetwist
pc pro cleaner
Malwarebytes took care of the first two but I can still see pc pro cleaner when I run add/remove programs. There is no option to remove this one.
I ran the Farbar scan and the two logs are posted below.
Thanks for any help.
Ray
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01
Ran by Ray (administrator) on D7LWB3C1 on 01-07-2015 17:52:20
Running from C:\Documents and Settings\Ray\Desktop
Loaded Profiles: Ray & (Available Profiles: Ray & Administrator)
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\locator.exe
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
() C:\Program Files\ASUS\Printer Utilities\UsbService.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\realplay.exe
() C:\Program Files\Dell\Media Experience\DMXLauncher.exe
(Google Inc.) C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Google Inc.) C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\update.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\updrgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\update.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-10-14] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-10-14] (Intel Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [282624 2006-02-10] (SigmaTel, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [RealTray] => C:\Program Files\Real\RealPlayer\RealPlay.exe [26112 2006-11-14] (RealNetworks, Inc.)
HKLM\...\Run: [DMXLauncher] => C:\Program Files\Dell\Media Experience\DMXLauncher.exe [94208 2005-10-05] ()
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\Run: [Google Update] => C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\MountPoints2: {09abc2b6-962c-11e0-a3b4-001372e8b2d3} - E:\LaunchU3.exe -a
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {09abc2b6-962c-11e0-a3b4-001372e8b2d3} - E:\LaunchU3.exe -a
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Google Update] => C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {09abc2b6-962c-11e0-a3b4-001372e8b2d3} - E:\LaunchU3.exe -a
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DellSupport] => C:\Program Files\Dell Support\DSAgnt.exe [389120 2006-07-16] (Gteko Ltd.)
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [DellSupport] => C:\Program Files\Dell Support\DSAgnt.exe [389120 2006-07-16] (Gteko Ltd.)
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [DellSupport] => C:\Program Files\Dell Support\DSAgnt.exe [389120 2006-07-16] (Gteko Ltd.)
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Advanced Virus Remover] => C:\Program Files\AdvancedVirusRemover\PAVRM.exe
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sspipes.scr [610304 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Advanced Virus Remover] => C:\Program Files\AdvancedVirusRemover\PAVRM.exe
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sspipes.scr [610304 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Advanced Virus Remover] => C:\Program Files\AdvancedVirusRemover\PAVRM.exe
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sspipes.scr [610304 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DellSupport] => C:\Program Files\Dell Support\DSAgnt.exe [389120 2006-07-16] (Gteko Ltd.)
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Logitech Vid HD] => C:\Program Files\Logitech\Logitech Vid\vid.exe [6061400 2010-05-11] (Logitech Inc.)
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [DellSupport] => C:\Program Files\Dell Support\DSAgnt.exe [389120 2006-07-16] (Gteko Ltd.)
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Logitech Vid HD] => C:\Program Files\Logitech\Logitech Vid\vid.exe [6061400 2010-05-11] (Logitech Inc.)
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [DellSupport] => C:\Program Files\Dell Support\DSAgnt.exe [389120 2006-07-16] (Gteko Ltd.)
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Logitech Vid HD] => C:\Program Files\Logitech\Logitech Vid\vid.exe [6061400 2010-05-11] (Logitech Inc.)
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DellSupport] => C:\Program Files\Dell Support\DSAgnt.exe [389120 2006-07-16] (Gteko Ltd.)
HKU\S-1-5-21-367943299-334765024-3848587932-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [DellSupport] => C:\Program Files\Dell Support\DSAgnt.exe [389120 2006-07-16] (Gteko Ltd.)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
Lsa: [Notification Packages] :\WINDOW scecli
BootExecute: autocheck autochk * sprestrt
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-367943299-334765024-3848587932-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-367943299-334765024-3848587932-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-367943299-334765024-3848587932-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ie
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ie
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ie
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ie
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ie
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ie
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ie
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ie
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ie
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ie
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ie
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-367943299-334765024-3848587932-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
URLSearchHook: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
URLSearchHook: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - (No Name) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
URLSearchHook: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 - (No Name) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "www.google.com" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-367943299-334765024-3848587932-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
BHO: No Name -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1006 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1006 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1006 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} file://D:\html\nafcom.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2005-10-07] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F00A8FCD-D76A-45A3-99FC-0D076323A313}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\pnj59lvs.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-27] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2008-01-15] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-10-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-367943299-334765024-3848587932-1006: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-367943299-334765024-3848587932-1006: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-07-30]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
Chrome:
=======
CHR Profile: C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Avira Toolbar) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj [2015-03-30]
CHR Extension: (Google Slides) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-30]
CHR Extension: (Google Docs) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-30]
CHR Extension: (Google Drive) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-30]
CHR Extension: (YouTube) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-30]
CHR Extension: (Google Search) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-30]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-31]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-30]
CHR Extension: (Gmail) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Profile: C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Profile 1
CHR Extension: (Avira Toolbar) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj [2014-08-05]
CHR Extension: (Google Drive) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-23]
CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-05]
CHR HKLM\...\Chrome\Extension: [aaaangaohdajkgeopjhpbnlpkehbhmbj] - C:\Documents and Settings\Ray\Local Settings\Application Data\APN\GoogleCRXs\aaaangaohdajkgeopjhpbnlpkehbhmbj_7.15.4.0.crx [2012-08-08]
StartMenuInternet: chrome.exe - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [825136 2015-06-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [450808 2015-06-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1187336 2015-06-18] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2008-04-13] (Microsoft Corporation)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-12] (Microsoft Corporation)
S3 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [142112 2007-05-11] (Logitech Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation) [File not signed]
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-13] (Microsoft Corporation)
R2 UsbService; C:\Program Files\ASUS\Printer Utilities\UsbService.exe [217088 2010-08-10] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2004-08-12] (Microsoft Corporation)
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2006-11-14] (Windows ® 2000 DDK provider) [File not signed]
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [108448 2015-06-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136728 2015-06-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-05-20] (Avira Operations GmbH & Co. KG)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 DSproct; C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [4864 2006-01-10] (GTek Technologies Ltd.) [File not signed]
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23832 2009-10-07] (Logitech Inc.)
S3 LVcKap; C:\WINDOWS\System32\DRIVERS\LVcKap.sys [2107808 2007-05-11] ()
S3 LVMVDrv; C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys [2142752 2007-05-11] (Logitech Inc.)
R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 LVUSBSta; C:\WINDOWS\System32\drivers\LVUSBSta.sys [41888 2007-05-11] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-01] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
R3 nusb3hub; C:\WINDOWS\System32\DRIVERS\nusb3hub.sys [62336 2010-12-10] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\WINDOWS\System32\DRIVERS\nusb3xhc.sys [141440 2010-12-10] (Renesas Electronics Corporation)
S3 SDDMI2; C:\WINDOWS\system32\DDMI2.sys [6977 2004-06-09] (Gteko Ltd.) [File not signed]
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [31848 2015-06-18] (Avira Operations GmbH & Co. KG)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1107224 2006-02-10] (SigmaTel, Inc.)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
R3 vuhub; C:\WINDOWS\System32\DRIVERS\vuhub.sys [66432 2007-12-20] ()
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-01 17:48 - 2015-07-01 17:50 - 00062114 _____ C:\Documents and Settings\Ray\Desktop\Addition.txt
2015-07-01 17:46 - 2015-07-01 17:52 - 00050232 _____ C:\Documents and Settings\Ray\Desktop\FRST.txt
2015-07-01 17:44 - 2015-07-01 17:52 - 00000000 ____D C:\FRST
2015-07-01 17:43 - 2015-07-01 17:43 - 01636352 _____ (Farbar) C:\Documents and Settings\Ray\Desktop\FRST.exe
2015-06-30 16:58 - 2015-06-30 16:58 - 04846734 _____ C:\Documents and Settings\Ray\My Documents\D7LWB3C1.arn
2015-06-30 16:22 - 2015-06-30 16:22 - 00001062 _____ C:\mal threat.txt
2015-06-30 14:51 - 2015-06-30 14:51 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\VOTPrx
2015-06-30 14:50 - 2015-06-30 17:01 - 00003654 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-30 14:37 - 2015-06-30 14:37 - 00000000 ____D C:\Documents and Settings\Ray\Local Settings\Application Data\Rainmaker_Software_Group_
2015-06-30 14:20 - 2015-06-30 14:50 - 00000436 _____ C:\WINDOWS\Tasks\Client.job
2015-06-30 14:20 - 2015-06-30 14:50 - 00000380 _____ C:\WINDOWS\Tasks\Check Updates.job
2015-06-30 14:20 - 2015-06-30 14:50 - 00000376 _____ C:\WINDOWS\Tasks\Run Tasks.job
2015-06-30 14:20 - 2015-06-30 14:20 - 00000064 _____ C:\Documents and Settings\Ray\Local Settings\Application Data\13f6b1ebd1a5ab9edcf1aba924202cbb
2015-06-30 14:08 - 2015-06-30 16:24 - 00000000 ____D C:\Documents and Settings\Ray\Application Data\Rainmaker Software Group LLC
2015-06-30 14:08 - 2015-06-30 14:08 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\VOTPrx
2015-06-30 13:59 - 2015-06-30 13:59 - 00000000 ____D C:\Documents and Settings\Ray\Local Settings\Application Data\Chromium
2015-06-30 13:37 - 2015-06-30 13:37 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\Canon Easy-WebPrint EX
2015-06-07 14:17 - 2015-06-07 14:17 - 00000000 ____D C:\Program Files\Roxio
2015-06-03 21:10 - 2015-06-03 21:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-03 20:40 - 2015-06-03 20:40 - 00001853 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-01 17:55 - 2009-09-26 15:06 - 00000000 ____D C:\Documents and Settings\Ray\Local Settings\temp
2015-07-01 17:33 - 2014-08-02 11:26 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-01 16:24 - 2004-08-10 14:02 - 01110230 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-01 15:50 - 2012-07-24 23:52 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-06-30 17:33 - 2014-08-02 11:26 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-30 17:33 - 2014-08-02 11:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-30 17:33 - 2014-08-02 10:03 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-30 17:04 - 2015-01-17 18:42 - 00000299 _____ C:\WINDOWS\wiadebug.log
2015-06-30 17:04 - 2015-01-17 18:42 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-06-30 17:04 - 2009-09-26 15:06 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-06-30 16:59 - 2012-04-08 18:14 - 00300294 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-06-30 16:59 - 2006-11-16 22:51 - 00000178 ___SH C:\Documents and Settings\Ray\ntuser.ini
2015-06-30 16:59 - 2006-11-16 22:51 - 00000000 ____D C:\Documents and Settings\Ray
2015-06-30 16:59 - 2006-11-14 10:21 - 00000282 ___SH C:\boot.ini
2015-06-30 16:59 - 2004-08-10 13:51 - 00000647 _____ C:\WINDOWS\win.ini
2015-06-30 16:59 - 2004-08-10 13:51 - 00000227 _____ C:\WINDOWS\system.ini
2015-06-30 16:48 - 2004-08-10 13:52 - 00000000 ____D C:\WINDOWS\Help
2015-06-30 16:47 - 2007-12-25 14:54 - 00000000 ____D C:\Documents and Settings\Ray\Application Data\Skype
2015-06-30 16:24 - 2010-07-26 10:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979482$
2015-06-30 15:20 - 2006-11-24 16:50 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2015-06-30 15:19 - 2004-08-10 14:02 - 00000000 ____D C:\WINDOWS\Registration
2015-06-30 14:49 - 2012-04-08 18:14 - 02334886 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-367943299-334765024-3848587932-1006-0.dat
2015-06-30 13:41 - 2007-03-13 21:34 - 00001318 _____ C:\WINDOWS\maxlink.ini
2015-06-30 13:41 - 2007-03-13 21:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PaperPort
2015-06-30 13:41 - 2004-08-10 13:52 - 00000000 ____D C:\WINDOWS\twain_32
2015-06-30 13:41 - 2004-08-10 13:52 - 00000000 ____D C:\WINDOWS\Driver Cache
2015-06-30 13:37 - 2015-01-17 18:47 - 00000000 ____D C:\Documents and Settings\Ray\Application Data\Canon Easy-WebPrint EX
2015-06-30 13:37 - 2010-04-07 21:44 - 00000000 ____D C:\Program Files\Citrix
2015-06-30 13:37 - 2006-11-16 23:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google
2015-06-30 13:37 - 2006-11-16 22:51 - 00000000 ____D C:\Documents and Settings\Ray\Local Settings\Application Data\Google
2015-06-30 13:37 - 2006-11-14 10:47 - 00000000 ____D C:\Program Files\Google
2015-06-30 13:36 - 2013-03-04 22:18 - 00000000 ____D C:\Documents and Settings\Ray\Local Settings\Application Data\Facebook
2015-06-30 10:12 - 2006-07-09 17:44 - 00000000 ____D C:\Documents and Settings\Ray\My Documents\TurboTax
2015-06-30 09:40 - 2014-03-29 14:22 - 00002393 _____ C:\Documents and Settings\All Users\Desktop\TurboTax 2013.lnk
2015-06-27 14:04 - 2011-12-04 13:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2015-06-27 13:49 - 2004-08-10 13:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-23 09:03 - 2010-07-24 13:11 - 00002268 _____ C:\Documents and Settings\Ray\Desktop\Google Chrome.lnk
2015-06-18 08:41 - 2014-08-02 11:26 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-08-02 11:26 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-18 08:31 - 2012-11-04 22:31 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-06-18 08:31 - 2012-11-04 22:31 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-06-18 08:31 - 2012-11-04 22:31 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2015-06-09 21:31 - 2013-08-01 16:27 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-09 21:31 - 2008-01-06 21:18 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-09 20:03 - 2006-11-22 22:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB913580$
2015-06-09 17:28 - 2014-09-13 11:11 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-07 14:17 - 2013-04-20 15:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Uninstall
2015-06-07 14:17 - 2013-04-20 14:18 - 00000000 ____D C:\Documents and Settings\Ray\Application Data\Roxio Log Files
==================== Files in the root of some directories =======
2014-08-12 19:09 - 2014-08-12 19:18 - 0000242 _____ () C:\Documents and Settings\Ray\Application Data\burnaware.ini
2013-08-17 23:02 - 2013-08-17 23:02 - 0889416 ____C (Microsoft Corporation) C:\Documents and Settings\Ray\Application Data\dotNetFx40_Full_setup.exe
2009-08-29 11:57 - 2014-10-31 20:02 - 0001878 ____C () C:\Documents and Settings\Ray\Application Data\mainhst.zgh
2006-11-16 22:52 - 2015-05-26 19:46 - 0042580 _____ () C:\Documents and Settings\Ray\Application Data\wklnhst.dat
2015-06-30 14:20 - 2015-06-30 14:20 - 0000064 _____ () C:\Documents and Settings\Ray\Local Settings\Application Data\13f6b1ebd1a5ab9edcf1aba924202cbb
2014-08-12 19:18 - 2014-08-12 19:18 - 0000031 _____ () C:\Documents and Settings\Ray\Local Settings\Application Data\burnaware.ini
2008-09-02 18:44 - 2015-05-24 19:11 - 0022528 _____ () C:\Documents and Settings\Ray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-11 15:44 - 2013-05-11 15:44 - 0000000 ____C () C:\Documents and Settings\Ray\Local Settings\Application Data\rx_image32.Cache
Some files in TEMP:
====================
C:\Documents and Settings\Ray\Local Settings\temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by Ray at 2015-07-01 17:56:34
Running from C:\Documents and Settings\Ray\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-367943299-334765024-3848587932-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-367943299-334765024-3848587932-1015 - Limited - Enabled)
Guest (S-1-5-21-367943299-334765024-3848587932-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-367943299-334765024-3848587932-1005 - Limited - Disabled)
Ray (S-1-5-21-367943299-334765024-3848587932-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Ray
SUPPORT_388945a0 (S-1-5-21-367943299-334765024-3848587932-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 1 (SP1) (Version: - Microsoft) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.7.186 - Adobe Systems Incorporated)
Acrobat.com (Version: 1.7.186 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19480 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.228 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AOLIcon (Version: 1.00.0000 - Dell) Hidden
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.4.0 - Ask.com) <==== ATTENTION
Avira (HKLM\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.3.0.23930 - Ask.com) <==== ATTENTION
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.3.0.23930 - Ask.com) <==== ATTENTION
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.3.0.23930 - Ask.com) <==== ATTENTION
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.3.0.23930 - Ask.com) <==== ATTENTION
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.3.0.23930 - Ask.com) <==== ATTENTION
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.3.0.23930 - Ask.com) <==== ATTENTION
AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
AVStoDVD 2.4.2 (HKLM\...\AVStoDVD) (Version: 2.4.2 - MrC)
BotHunter (HKLM\...\{4CB2511D-A074-40E0-A5ED-A875EBBDDF49}) (Version: 1.00.0000 - SRI International)
BurnAware Free 7.3 (HKLM\...\BurnAware Free_is1) (Version: - Burnaware)
CAM UnZip 4.42 (HKLM\...\CUZ4_is1) (Version: - CAM Development)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM\...\Canon MX920 series User Registration) (Version: - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4954 - CDBurnerXP)
CinemaNow Media Manager (HKLM\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.0.63 - CinemaNow, Inc.)
Citrix online plug-in - web (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 11.2.0.31560 - Citrix Systems, Inc.)
Dell CinePlayer (HKLM\...\{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}) (Version: 3.0 - Dell)
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell Support 3.2 (HKLM\...\{3846E811-639D-4DE1-844B-30491C0A6C0C}) (Version: 5.5.2038 - Dell)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Digital Content Portal (HKLM\...\{B702CCCE-3176-4DBF-B932-D1B8F402F330}) (Version: 1.00.0000 - Dell)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
Forces in 1 Dimension (HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\Forces in 1 Dimension) (Version: - University of Colorado, Department of Physics)
Forces in 1 Dimension (HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Forces in 1 Dimension) (Version: - University of Colorado, Department of Physics)
Forces in 1 Dimension (HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Forces in 1 Dimension) (Version: - University of Colorado, Department of Physics)
Google Chrome (HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Chrome (HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Chrome (HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
HP Photo and Imaging 1.0 - HP Photosmart Printer Series (HKLM\...\{0D396571-7BBD-44CE-ABB3-518BF86B72F7}) (Version: 1.1.0000 - {&Tahoma8}Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4410 - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
Intel® PROSet for Wired Connections (HKLM\...\{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}) (Version: 9.20.0000 - Dell)
iTunes (HKLM\...\{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}) (Version: 7.6.0.29 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Logitech Legacy USB Camera Driver Package (HKLM\...\legacyqcam_11.00) (Version: 11.00.1217 - )
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.70.1044 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Macromedia Shockwave Player (HKLM\...\Macromedia Shockwave Player) (Version: - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Digital Image Standard 2006 (HKLM\...\PictureItPrem_v11) (Version: 11.0.0422 - Microsoft Corporation)
Microsoft Encarta Encyclopedia Standard 2006 (HKLM\...\{06040048-3E21-46D6-9A91-D927BA08F41D}) (Version: 2006 - Microsoft Corporation)
Microsoft Money 2006 (HKLM\...\Money2006b) (Version: 15 - Microsoft)
Microsoft Office Publisher 2007 Trial (HKLM\...\PUBLISHERR) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Streets & Trips 2006 (HKLM\...\{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}) (Version: 13.00.09.0200 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 2002 (HKLM\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft Works Suite 2006 Setup Launcher (HKLM\...\Works2006Setup) (Version: - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}) (Version: 8.0.0.0000 - Microsoft Corporation)
MKVtoolnix 4.9.1 (HKLM\...\MKVtoolnix) (Version: 4.9.1 - Moritz Bunkus)
MotionDV STUDIO 5.6E LE for DV (HKLM\...\{E07C71A6-1576-4F7F-8856-B1C439E669AC}) (Version: - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\Move Networks Player - IE) (Version: - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Move Networks Player - IE) (Version: - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Move Networks Player - IE) (Version: - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Move Networks Player - IE) (Version: - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Move Networks Player - IE) (Version: - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Move Networks Player - IE) (Version: - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Move Networks Player - IE) (Version: - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Move Networks Player - IE) (Version: - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Move Networks Player - IE) (Version: - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Move Networks Player - IE) (Version: - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Move Networks Player - IE) (Version: - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Move Networks Player - IE) (Version: - )
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
MVision (Version: 11.00.1217 - Logitech Inc.) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.3.6280.92 - PC-Doctor, Inc.)
Oracle JInitiator 1.3.1.13 (HKLM\...\Oracle JInitiator 1.3.1.13) (Version: - )
Oracle JInitiator 1.3.1.28 (HKLM\...\{CAFECAFE-0013-0001-0128-ABCDEFABCDEF}) (Version: - )
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.2.00.03250 - Sony Corporation)
PowerTeacher Gradebook Launcher (HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\PTg) (Version: 1.0 - Pearson)
PowerTeacher Gradebook Launcher (HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\PTg) (Version: 1.0 - Pearson)
PowerTeacher Gradebook Launcher (HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\PTg) (Version: 1.0 - Pearson)
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version: - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Roxio Video Capture USB (HKLM\...\{61A43DB0-B0AA-4EDA-88E7-D11659CD7DF4}) (Version: 1.0 - Roxio)
Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.8.0 - SmartSound Software Inc) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Sony Image Data Suite (HKLM\...\{359FCAA7-B544-4147-AE3B-8C8A526E2427}) (Version: 3.2.00.19080 - Sony Corporation)
Startup Delayer v2.5 (build 138) (HKLM\...\Startup Delayer) (Version: - )
TurboTax 2008 (HKLM\...\TurboTax 2008) (Version: - )
TurboTax 2009 (HKLM\...\TurboTax 2009) (Version: - Intuit, Inc)
TurboTax 2010 (HKLM\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax Deluxe 2007 (HKLM\...\TurboTax Deluxe 2007) (Version: - )
TurboTax Deluxe Deduction Maximizer 2006 (HKLM\...\TurboTax Deluxe Deduction Maximizer 2006) (Version: - )
TurboTax ItsDeductible 2006 (HKLM\...\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}) (Version: 10.00.0000 - Intuit)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
VanDyke Software SecureCRT 5.5 (HKLM\...\SecureCRT) (Version: 5.5 - VanDyke Software, Inc.)
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )
WavePad Uninstall (HKLM\...\WavePad) (Version: - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\WinDirStat) (Version: - )
WinDirStat 1.1.2 (HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WinDirStat) (Version: - )
WinDirStat 1.1.2 (HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\WinDirStat) (Version: - )
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0059.1 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Works Upgrade (Version: 8.0.0.0000 - Microsoft Corporation) Hidden
ZipGenius 6 (6.0.3.1150) (HKLM\...\{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1) (Version: 6.0 - M.Dev Software)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{01329177-32B9-43A7-A4DE-98C73B23B340}\InprocServer32 -> C:\Program Files\ItsDeductible2006\DPDF_Gen98.dll (ceTe, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{07B27DE3-0C8C-4F21-B249-ED5BDC5AFF6F}\InprocServer32 -> C:\Program Files\ItsDeductible2006\DPDF_Gen98.dll (ceTe, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{08D1779E-7D4B-4B64-8F9F-AA29DE48DAA3}\InprocServer32 -> C:\Program Files\ItsDeductible2006\DPDF_Gen98.dll (ceTe, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{1B52ECE0-8483-101C-933E-0000C005958C}\InprocServer32 -> C:\Program Files\ItsDeductible2006\SPR32X30.ocx (FarPoint Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{1B52ECE1-8483-101C-933E-0000C005958C}\InprocServer32 -> C:\Program Files\ItsDeductible2006\SPR32X30.ocx (FarPoint Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{1B52ECE2-8483-101C-933E-0000C005958C}\InprocServer32 -> C:\Program Files\ItsDeductible2006\SPR32X30.ocx (FarPoint Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\system32\MSSTDFMT.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{3A7C460B-9855-49B0-91F4-A99297930EBD}\InprocServer32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Pearson VUE Common\DecryptionSourceFil (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{4D2ACF01-745F-11CF-8BC4-00AA00B42B7C}\InprocServer32 -> C:\Program Files\ItsDeductible2006\SPR32X30.ocx (FarPoint Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\43.0.2357.130\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{62022DB3-AEBA-4E84-9D13-4F4AEDD8FCBA}\InprocServer32 -> C:\Program Files\ItsDeductible2006\DPDF_Gen98.dll (ceTe, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{664E2200-24DB-11D2-9A82-444553540000}\InprocServer32 -> C:\Program Files\ItsDeductible2006\SPR32X30.ocx (FarPoint Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\system32\MSSTDFMT.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{7BB7994B-5297-49B3-A42C-4812B51D8331}\InprocServer32 -> C:\Program Files\ItsDeductible2006\DPDF_Gen98.dll (ceTe, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\system32\MSSTDFMT.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{A0359AE6-F410-4425-A975-684AAB785ABD}\InprocServer32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\AskToolbar\Downloaded Program Files\AviraBrowserSecurity.dll (Ask.com)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{A28E8A2F-75FD-4809-897D-8CEE473E9A72}\InprocServer32 -> C:\Program Files\ItsDeductible2006\DPDF_Gen98.dll (ceTe, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{B47C6567-880B-40F7-989D-F944BDE4E446}\InprocServer32 -> C:\Program Files\ItsDeductible2006\DPDF_Gen98.dll (ceTe, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{BAB5D6C9-3634-4D96-88CF-5A8B10C1996C}\InprocServer32 -> C:\Program Files\ItsDeductible2006\DPDF_Gen98.dll (ceTe, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{C75C4FE5-848D-11CE-AF28-861BF46909CC}\InprocServer32 -> C:\Program Files\ItsDeductible2006\SPR32X30.ocx (FarPoint Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{C9047280-848F-101C-933E-0000C005958C}\InprocServer32 -> C:\Program Files\ItsDeductible2006\SPR32X30.ocx (FarPoint Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{C9047281-848F-101C-933E-0000C005958C}\InprocServer32 -> C:\Program Files\ItsDeductible2006\SPR32X30.ocx (FarPoint Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{E2454650-4D87-11D2-B8B2-0000C00A958C}\InprocServer32 -> C:\Program Files\ItsDeductible2006\SPR32X30.ocx (FarPoint Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Documents and Settings\Ray\Application Data\Move Networks\ie_bin\qsp2ie071101000055.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Documents and Settings\Ray\Application Data\Move Networks\ie_bin\qsp2ie071101000055.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\COMDLG32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Documents and Settings\Ray\Application Data\Move Networks\ie_bin\qsp2ie071101000055.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Documents and Settings\Ray\Application Data\Move Networks\ie_bin\qsp2ie071101000055.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
==================== Restore Points =========================
Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-10 13:51 - 2009-09-06 12:32 - 00000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Check Updates.job => C:\Program Files\user extensions\Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Client.job => C:\WINDOWS\system32\cmd.exe:/C start C:\Program Files\user extensions\client.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cc70b8b63cad68.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf8d4a4f3e0196.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfef0a5083d644.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfff3a9089981a.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d040079ba3f34a.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d090f79611c254.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-367943299-334765024-3848587932-1006Core1cf8c819316a1bc.job => C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-367943299-334765024-3848587932-1006Core1cfef3450c153be.job => C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-367943299-334765024-3848587932-1006Core1cffef1c6d40b6.job => C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-367943299-334765024-3848587932-1006Core1d0407112c40424.job => C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-367943299-334765024-3848587932-1006Core1d0900fc9a40c28.job => C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Usg Daily.job => C:\Program Files\hp photosmart 11\printer\Hphusg04.exe
Task: C:\WINDOWS\Tasks\HP Usg Login.job => C:\Program Files\hp photosmart 11\printer\Hphusg04.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Run Tasks.job => C:\Program Files\user extensions\Tasks.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job => C:\Program Files\Ask.com\UpdateTask.exe
==================== Loaded Modules (Whitelisted) ==============
2014-06-26 18:31 - 2010-08-10 21:37 - 00217088 _____ () C:\Program Files\ASUS\Printer Utilities\UsbService.exe
2005-10-05 04:12 - 2005-10-05 04:12 - 00094208 _____ () C:\Program Files\Dell\Media Experience\DMXLauncher.exe
2004-08-12 09:56 - 2008-04-13 20:11 - 00059904 ____N () C:\WINDOWS\system32\devenum.dll
2004-08-12 10:00 - 2008-04-13 20:11 - 00014336 ____N () C:\WINDOWS\system32\msdmo.dll
2015-06-23 09:03 - 2015-06-20 01:46 - 15003976 _____ () C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:00C31200
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0104E054
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1D6686D8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:3C1C493B
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:3CD562B4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:41099CE9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:444C53BA
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:47BE4EDF
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4D7FCCD3
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5216CD26
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:615435BE
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:61E5F0F7
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:74699137
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8DD623B3
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:949483BD
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C4A1F01E
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D66B5EAE
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DA3C6C07
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DAFD38AE
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E36F5B57
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E71141D2
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:EA2FBCA1
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTPrx => ""="service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\turbotax.com -> hxxps://turbotax.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\100sexlinks.com -> 100sexlinks.com
There are 4929 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-21-367943299-334765024-3848587932-1006\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Ray\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Ray\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Ray\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Sally\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Sally\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Sally\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Rachel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Rachel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Rachel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Erica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Erica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Erica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: Share-to-Web Namespace Daemon => C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] => Enabled:AOL
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe] => Enabled:AOL
DomainProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe] => :LocalSubNet:Enabled:TurboTax
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Enabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe] => :LocalSubNet:Disabled:Intuit Update Shared Downloads Server
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Ray\Local Settings\Application Data\Pearson VUE\NBPTS Tutorial and Demo\jre\bin\java.exe] => Enabled:Java Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe] => Enabled:CinemaNow Media Manager
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Ray\Local Settings\Application Data\Pearson VUE Common\JRE\jre1.6.0_32\bin\java.exe] => Enabled:Java Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\plugin\geplugin.exe] => Disabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\client\googleearth.exe] => Disabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Disabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre7\bin\javaw.exe] => Enabled:Java Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Ray\Local Settings\Application Data\Pearson VUE Common\JRE\jre1.6.0_37\bin\java.exe] => Enabled:Java Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Plugin Manager\skypePM.exe] => Disabled:Skype Extras Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe] => :LocalSubNet:Disabled:TurboTax
StandardProfile\AuthorizedApplications: [C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe] => :LocalSubNet:Disabled:TurboTax Update Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe] => :LocalSubNet:Disabled:TurboTax Update Manager
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Ray\Local Settings\temp\pft3EF.tmp\Printer.exe] => Enabled:ASUS Wireless Router Utility
StandardProfile\AuthorizedApplications: [C:\Program Files\ASUS\Printer Utilities\UsbService.exe] => Enabled:ASUS Virtual USB Service
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Ray\Local Settings\temp\pft625.tmp\Printer.exe] => Enabled:ASUS Virtual USB Utility
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe] => :LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\Logitech\Logitech Vid\Vid.exe] => Enabled:Logitech Vid HD
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [10243:TCP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
DomainProfile\GloballyOpenPorts: [10280:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
DomainProfile\GloballyOpenPorts: [10281:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
DomainProfile\GloballyOpenPorts: [10282:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
DomainProfile\GloballyOpenPorts: [10283:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
DomainProfile\GloballyOpenPorts: [10284:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [10243:TCP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
StandardProfile\GloballyOpenPorts: [10280:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
StandardProfile\GloballyOpenPorts: [10281:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
StandardProfile\GloballyOpenPorts: [10282:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
StandardProfile\GloballyOpenPorts: [10283:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
StandardProfile\GloballyOpenPorts: [10284:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/30/2015 02:49:37 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (06/30/2015 02:49:37 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (06/30/2015 01:56:38 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (5664) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).
Error: (06/30/2015 01:56:38 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (5664) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).
Error: (06/30/2015 01:56:38 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (5664) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).
Error: (06/30/2015 01:56:38 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (5664) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).
Error: (06/30/2015 01:56:38 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (5664) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).
Error: (06/30/2015 01:56:38 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (5664) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).
Error: (06/30/2015 01:56:38 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (5664) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).
Error: (06/30/2015 01:56:38 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (5664) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).
System errors:
=============
Error: (07/01/2015 05:58:46 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
Error: (07/01/2015 05:57:34 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
Error: (07/01/2015 05:56:59 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
Error: (07/01/2015 05:56:22 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
Error: (07/01/2015 05:55:46 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
Error: (07/01/2015 05:55:07 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
Error: (07/01/2015 05:54:25 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
Error: (07/01/2015 05:53:49 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
Error: (07/01/2015 05:53:13 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
Error: (07/01/2015 05:52:35 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
Microsoft Office:
=========================
==================== Memory info ===========================
Processor: Intel® Pentium® 4 CPU 3.06GHz
Percentage of memory in use: 73%
Total physical RAM: 2038.07 MB
Available physical RAM: 544.67 MB
Total Virtual: 3409.18 MB
Available Virtual: 1775.21 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:71.05 GB) (Free:32.47 GB) NTFS ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=71.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3.4 GB) - (Type=DB)
==================== End of log ============================