Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help requested removing PC Cleaner Pro from windows XP machine [Solved

malware pccleanerpro

  • This topic is locked This topic is locked

#1
Doc T

Doc T

    Member

  • Member
  • PipPip
  • 42 posts

Hi,

 

I downloaded a tool to check on processes running on startup and I ended up downloading several extra programs

 

casiopesa

aracadetwist

pc pro cleaner

 

Malwarebytes took care of the first two but I can still see pc pro cleaner when I run add/remove programs. There is no option to remove this one.

 

I ran the Farbar scan and the two logs are posted below.

 

Thanks for any help.

 

Ray

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01
Ran by Ray (administrator) on D7LWB3C1 on 01-07-2015 17:52:20
Running from C:\Documents and Settings\Ray\Desktop
Loaded Profiles: Ray &  (Available Profiles: Ray & Administrator)
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\locator.exe
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
() C:\Program Files\ASUS\Printer Utilities\UsbService.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\realplay.exe
() C:\Program Files\Dell\Media Experience\DMXLauncher.exe
(Google Inc.) C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Google Inc.) C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\update.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\updrgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\update.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-10-14] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-10-14] (Intel Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [282624 2006-02-10] (SigmaTel, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [RealTray] => C:\Program Files\Real\RealPlayer\RealPlay.exe [26112 2006-11-14] (RealNetworks, Inc.)
HKLM\...\Run: [DMXLauncher] => C:\Program Files\Dell\Media Experience\DMXLauncher.exe [94208 2005-10-05] ()
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\Run: [Google Update] => C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\MountPoints2: {09abc2b6-962c-11e0-a3b4-001372e8b2d3} - E:\LaunchU3.exe -a
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {09abc2b6-962c-11e0-a3b4-001372e8b2d3} - E:\LaunchU3.exe -a
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Google Update] => C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {09abc2b6-962c-11e0-a3b4-001372e8b2d3} - E:\LaunchU3.exe -a
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DellSupport] => C:\Program Files\Dell Support\DSAgnt.exe [389120 2006-07-16] (Gteko Ltd.)
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [DellSupport] => C:\Program Files\Dell Support\DSAgnt.exe [389120 2006-07-16] (Gteko Ltd.)
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [DellSupport] => C:\Program Files\Dell Support\DSAgnt.exe [389120 2006-07-16] (Gteko Ltd.)
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Advanced Virus Remover] => C:\Program Files\AdvancedVirusRemover\PAVRM.exe
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sspipes.scr [610304 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Advanced Virus Remover] => C:\Program Files\AdvancedVirusRemover\PAVRM.exe
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sspipes.scr [610304 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Advanced Virus Remover] => C:\Program Files\AdvancedVirusRemover\PAVRM.exe
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sspipes.scr [610304 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DellSupport] => C:\Program Files\Dell Support\DSAgnt.exe [389120 2006-07-16] (Gteko Ltd.)
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Logitech Vid HD] => C:\Program Files\Logitech\Logitech Vid\vid.exe [6061400 2010-05-11] (Logitech Inc.)
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [DellSupport] => C:\Program Files\Dell Support\DSAgnt.exe [389120 2006-07-16] (Gteko Ltd.)
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Logitech Vid HD] => C:\Program Files\Logitech\Logitech Vid\vid.exe [6061400 2010-05-11] (Logitech Inc.)
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [DellSupport] => C:\Program Files\Dell Support\DSAgnt.exe [389120 2006-07-16] (Gteko Ltd.)
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Logitech Vid HD] => C:\Program Files\Logitech\Logitech Vid\vid.exe [6061400 2010-05-11] (Logitech Inc.)
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-367943299-334765024-3848587932-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DellSupport] => C:\Program Files\Dell Support\DSAgnt.exe [389120 2006-07-16] (Gteko Ltd.)
HKU\S-1-5-21-367943299-334765024-3848587932-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [DellSupport] => C:\Program Files\Dell Support\DSAgnt.exe [389120 2006-07-16] (Gteko Ltd.)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
Lsa: [Notification Packages] :\WINDOW scecli
BootExecute: autocheck autochk * sprestrt
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-367943299-334765024-3848587932-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-367943299-334765024-3848587932-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-367943299-334765024-3848587932-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-367943299-334765024-3848587932-1006\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-367943299-334765024-3848587932-1006\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-367943299-334765024-3848587932-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-367943299-334765024-3848587932-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-367943299-334765024-3848587932-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061114
HKU\S-1-5-21-367943299-334765024-3848587932-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} -  No File
URLSearchHook: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - (No Name) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} -  No File
URLSearchHook: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 - (No Name) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} -  No File
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "www.google.com" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-367943299-334765024-3848587932-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
BHO: No Name -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} ->  No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1006 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1006 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1006 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> No Name - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} -  No File
Toolbar: HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} http://zone.msn.com/...eb.1.0.0.15.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://zone.msn.com/...h2.1.0.0.68.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1279896881000
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1232750557062
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/...mjolauncher.cab
DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} file://D:\html\nafcom.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab
DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} http://h30155.www3.h...edsolutions.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://zone.msn.com/...esPlayer_v6.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://zone.msn.com/...tg.1.0.0.37.cab
DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} https://esis.ncwise....iator/jinit.exe
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} https://esis.ncwise..../jinit13128.exe
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://gamerival.obe...ronGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://download.game...outLauncher.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/.../default/ct.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://sympatico.zon...sh.1.0.0.94.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.co...ploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} http://zone.msn.com/...sh.1.0.0.50.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2005-10-07] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F00A8FCD-D76A-45A3-99FC-0D076323A313}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\pnj59lvs.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-27] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2008-01-15] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-10-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-367943299-334765024-3848587932-1006: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-367943299-334765024-3848587932-1006: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-07-30]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Avira Toolbar) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj [2015-03-30]
CHR Extension: (Google Slides) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-30]
CHR Extension: (Google Docs) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-30]
CHR Extension: (Google Drive) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-30]
CHR Extension: (YouTube) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-30]
CHR Extension: (Google Search) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-30]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-31]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-30]
CHR Extension: (Gmail) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Profile: C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Profile 1
CHR Extension: (Avira Toolbar) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj [2014-08-05]
CHR Extension: (Google Drive) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-23]
CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-05]
CHR HKLM\...\Chrome\Extension: [aaaangaohdajkgeopjhpbnlpkehbhmbj] - C:\Documents and Settings\Ray\Local Settings\Application Data\APN\GoogleCRXs\aaaangaohdajkgeopjhpbnlpkehbhmbj_7.15.4.0.crx [2012-08-08]
StartMenuInternet: chrome.exe - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [825136 2015-06-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [450808 2015-06-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1187336 2015-06-18] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2008-04-13] (Microsoft Corporation)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-12] (Microsoft Corporation)
S3 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [142112 2007-05-11] (Logitech Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation) [File not signed]
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-13] (Microsoft Corporation)
R2 UsbService; C:\Program Files\ASUS\Printer Utilities\UsbService.exe [217088 2010-08-10] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2004-08-12] (Microsoft Corporation)
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2006-11-14] (Windows ® 2000 DDK provider) [File not signed]
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [108448 2015-06-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136728 2015-06-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-05-20] (Avira Operations GmbH & Co. KG)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 DSproct; C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [4864 2006-01-10] (GTek Technologies Ltd.) [File not signed]
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23832 2009-10-07] (Logitech Inc.)
S3 LVcKap; C:\WINDOWS\System32\DRIVERS\LVcKap.sys [2107808 2007-05-11] ()
S3 LVMVDrv; C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys [2142752 2007-05-11] (Logitech Inc.)
R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 LVUSBSta; C:\WINDOWS\System32\drivers\LVUSBSta.sys [41888 2007-05-11] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-01] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
R3 nusb3hub; C:\WINDOWS\System32\DRIVERS\nusb3hub.sys [62336 2010-12-10] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\WINDOWS\System32\DRIVERS\nusb3xhc.sys [141440 2010-12-10] (Renesas Electronics Corporation)
S3 SDDMI2; C:\WINDOWS\system32\DDMI2.sys [6977 2004-06-09] (Gteko Ltd.) [File not signed]
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [31848 2015-06-18] (Avira Operations GmbH & Co. KG)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1107224 2006-02-10] (SigmaTel, Inc.)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
R3 vuhub; C:\WINDOWS\System32\DRIVERS\vuhub.sys [66432 2007-12-20] ()
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-01 17:48 - 2015-07-01 17:50 - 00062114 _____ C:\Documents and Settings\Ray\Desktop\Addition.txt
2015-07-01 17:46 - 2015-07-01 17:52 - 00050232 _____ C:\Documents and Settings\Ray\Desktop\FRST.txt
2015-07-01 17:44 - 2015-07-01 17:52 - 00000000 ____D C:\FRST
2015-07-01 17:43 - 2015-07-01 17:43 - 01636352 _____ (Farbar) C:\Documents and Settings\Ray\Desktop\FRST.exe
2015-06-30 16:58 - 2015-06-30 16:58 - 04846734 _____ C:\Documents and Settings\Ray\My Documents\D7LWB3C1.arn
2015-06-30 16:22 - 2015-06-30 16:22 - 00001062 _____ C:\mal threat.txt
2015-06-30 14:51 - 2015-06-30 14:51 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\VOTPrx
2015-06-30 14:50 - 2015-06-30 17:01 - 00003654 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-30 14:37 - 2015-06-30 14:37 - 00000000 ____D C:\Documents and Settings\Ray\Local Settings\Application Data\Rainmaker_Software_Group_
2015-06-30 14:20 - 2015-06-30 14:50 - 00000436 _____ C:\WINDOWS\Tasks\Client.job
2015-06-30 14:20 - 2015-06-30 14:50 - 00000380 _____ C:\WINDOWS\Tasks\Check Updates.job
2015-06-30 14:20 - 2015-06-30 14:50 - 00000376 _____ C:\WINDOWS\Tasks\Run Tasks.job
2015-06-30 14:20 - 2015-06-30 14:20 - 00000064 _____ C:\Documents and Settings\Ray\Local Settings\Application Data\13f6b1ebd1a5ab9edcf1aba924202cbb
2015-06-30 14:08 - 2015-06-30 16:24 - 00000000 ____D C:\Documents and Settings\Ray\Application Data\Rainmaker Software Group LLC
2015-06-30 14:08 - 2015-06-30 14:08 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\VOTPrx
2015-06-30 13:59 - 2015-06-30 13:59 - 00000000 ____D C:\Documents and Settings\Ray\Local Settings\Application Data\Chromium
2015-06-30 13:37 - 2015-06-30 13:37 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\Canon Easy-WebPrint EX
2015-06-07 14:17 - 2015-06-07 14:17 - 00000000 ____D C:\Program Files\Roxio
2015-06-03 21:10 - 2015-06-03 21:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-03 20:40 - 2015-06-03 20:40 - 00001853 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-01 17:55 - 2009-09-26 15:06 - 00000000 ____D C:\Documents and Settings\Ray\Local Settings\temp
2015-07-01 17:33 - 2014-08-02 11:26 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-01 16:24 - 2004-08-10 14:02 - 01110230 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-01 15:50 - 2012-07-24 23:52 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-06-30 17:33 - 2014-08-02 11:26 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-30 17:33 - 2014-08-02 11:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-30 17:33 - 2014-08-02 10:03 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-30 17:04 - 2015-01-17 18:42 - 00000299 _____ C:\WINDOWS\wiadebug.log
2015-06-30 17:04 - 2015-01-17 18:42 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-06-30 17:04 - 2009-09-26 15:06 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-06-30 16:59 - 2012-04-08 18:14 - 00300294 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-06-30 16:59 - 2006-11-16 22:51 - 00000178 ___SH C:\Documents and Settings\Ray\ntuser.ini
2015-06-30 16:59 - 2006-11-16 22:51 - 00000000 ____D C:\Documents and Settings\Ray
2015-06-30 16:59 - 2006-11-14 10:21 - 00000282 ___SH C:\boot.ini
2015-06-30 16:59 - 2004-08-10 13:51 - 00000647 _____ C:\WINDOWS\win.ini
2015-06-30 16:59 - 2004-08-10 13:51 - 00000227 _____ C:\WINDOWS\system.ini
2015-06-30 16:48 - 2004-08-10 13:52 - 00000000 ____D C:\WINDOWS\Help
2015-06-30 16:47 - 2007-12-25 14:54 - 00000000 ____D C:\Documents and Settings\Ray\Application Data\Skype
2015-06-30 16:24 - 2010-07-26 10:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979482$
2015-06-30 15:20 - 2006-11-24 16:50 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2015-06-30 15:19 - 2004-08-10 14:02 - 00000000 ____D C:\WINDOWS\Registration
2015-06-30 14:49 - 2012-04-08 18:14 - 02334886 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-367943299-334765024-3848587932-1006-0.dat
2015-06-30 13:41 - 2007-03-13 21:34 - 00001318 _____ C:\WINDOWS\maxlink.ini
2015-06-30 13:41 - 2007-03-13 21:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PaperPort
2015-06-30 13:41 - 2004-08-10 13:52 - 00000000 ____D C:\WINDOWS\twain_32
2015-06-30 13:41 - 2004-08-10 13:52 - 00000000 ____D C:\WINDOWS\Driver Cache
2015-06-30 13:37 - 2015-01-17 18:47 - 00000000 ____D C:\Documents and Settings\Ray\Application Data\Canon Easy-WebPrint EX
2015-06-30 13:37 - 2010-04-07 21:44 - 00000000 ____D C:\Program Files\Citrix
2015-06-30 13:37 - 2006-11-16 23:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google
2015-06-30 13:37 - 2006-11-16 22:51 - 00000000 ____D C:\Documents and Settings\Ray\Local Settings\Application Data\Google
2015-06-30 13:37 - 2006-11-14 10:47 - 00000000 ____D C:\Program Files\Google
2015-06-30 13:36 - 2013-03-04 22:18 - 00000000 ____D C:\Documents and Settings\Ray\Local Settings\Application Data\Facebook
2015-06-30 10:12 - 2006-07-09 17:44 - 00000000 ____D C:\Documents and Settings\Ray\My Documents\TurboTax
2015-06-30 09:40 - 2014-03-29 14:22 - 00002393 _____ C:\Documents and Settings\All Users\Desktop\TurboTax 2013.lnk
2015-06-27 14:04 - 2011-12-04 13:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2015-06-27 13:49 - 2004-08-10 13:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-23 09:03 - 2010-07-24 13:11 - 00002268 _____ C:\Documents and Settings\Ray\Desktop\Google Chrome.lnk
2015-06-18 08:41 - 2014-08-02 11:26 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-08-02 11:26 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-18 08:31 - 2012-11-04 22:31 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-06-18 08:31 - 2012-11-04 22:31 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-06-18 08:31 - 2012-11-04 22:31 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2015-06-09 21:31 - 2013-08-01 16:27 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-09 21:31 - 2008-01-06 21:18 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-09 20:03 - 2006-11-22 22:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB913580$
2015-06-09 17:28 - 2014-09-13 11:11 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-07 14:17 - 2013-04-20 15:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Uninstall
2015-06-07 14:17 - 2013-04-20 14:18 - 00000000 ____D C:\Documents and Settings\Ray\Application Data\Roxio Log Files
 
==================== Files in the root of some directories =======
 
2014-08-12 19:09 - 2014-08-12 19:18 - 0000242 _____ () C:\Documents and Settings\Ray\Application Data\burnaware.ini
2013-08-17 23:02 - 2013-08-17 23:02 - 0889416 ____C (Microsoft Corporation) C:\Documents and Settings\Ray\Application Data\dotNetFx40_Full_setup.exe
2009-08-29 11:57 - 2014-10-31 20:02 - 0001878 ____C () C:\Documents and Settings\Ray\Application Data\mainhst.zgh
2006-11-16 22:52 - 2015-05-26 19:46 - 0042580 _____ () C:\Documents and Settings\Ray\Application Data\wklnhst.dat
2015-06-30 14:20 - 2015-06-30 14:20 - 0000064 _____ () C:\Documents and Settings\Ray\Local Settings\Application Data\13f6b1ebd1a5ab9edcf1aba924202cbb
2014-08-12 19:18 - 2014-08-12 19:18 - 0000031 _____ () C:\Documents and Settings\Ray\Local Settings\Application Data\burnaware.ini
2008-09-02 18:44 - 2015-05-24 19:11 - 0022528 _____ () C:\Documents and Settings\Ray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-11 15:44 - 2013-05-11 15:44 - 0000000 ____C () C:\Documents and Settings\Ray\Local Settings\Application Data\rx_image32.Cache
 
Some files in TEMP:
====================
C:\Documents and Settings\Ray\Local Settings\temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by Ray at 2015-07-01 17:56:34
Running from C:\Documents and Settings\Ray\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-367943299-334765024-3848587932-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-367943299-334765024-3848587932-1015 - Limited - Enabled)
Guest (S-1-5-21-367943299-334765024-3848587932-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-367943299-334765024-3848587932-1005 - Limited - Disabled)
Ray (S-1-5-21-367943299-334765024-3848587932-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Ray
SUPPORT_388945a0 (S-1-5-21-367943299-334765024-3848587932-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.7.186 - Adobe Systems Incorporated)
Acrobat.com (Version: 1.7.186 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19480 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.228 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AOLIcon (Version: 1.00.0000 - Dell) Hidden
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.4.0 - Ask.com) <==== ATTENTION
Avira (HKLM\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.3.0.23930 - Ask.com) <==== ATTENTION
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.3.0.23930 - Ask.com) <==== ATTENTION
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.3.0.23930 - Ask.com) <==== ATTENTION
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.3.0.23930 - Ask.com) <==== ATTENTION
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.3.0.23930 - Ask.com) <==== ATTENTION
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.3.0.23930 - Ask.com) <==== ATTENTION
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
AVStoDVD 2.4.2 (HKLM\...\AVStoDVD) (Version: 2.4.2 - MrC)
BotHunter (HKLM\...\{4CB2511D-A074-40E0-A5ED-A875EBBDDF49}) (Version: 1.00.0000 - SRI International)
BurnAware Free 7.3 (HKLM\...\BurnAware Free_is1) (Version:  - Burnaware)
CAM UnZip 4.42 (HKLM\...\CUZ4_is1) (Version:  - CAM Development)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM\...\Canon MX920 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4954 - CDBurnerXP)
CinemaNow Media Manager (HKLM\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.0.63 - CinemaNow, Inc.)
Citrix online plug-in - web (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 11.2.0.31560 - Citrix Systems, Inc.)
Dell CinePlayer (HKLM\...\{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}) (Version: 3.0 - Dell)
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell Support 3.2 (HKLM\...\{3846E811-639D-4DE1-844B-30491C0A6C0C}) (Version: 5.5.2038 - Dell)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Digital Content Portal (HKLM\...\{B702CCCE-3176-4DBF-B932-D1B8F402F330}) (Version: 1.00.0000 - Dell)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
Forces in 1 Dimension (HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\Forces in 1 Dimension) (Version:  - University of Colorado, Department of Physics)
Forces in 1 Dimension (HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Forces in 1 Dimension) (Version:  - University of Colorado, Department of Physics)
Forces in 1 Dimension (HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Forces in 1 Dimension) (Version:  - University of Colorado, Department of Physics)
Google Chrome (HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Chrome (HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Chrome (HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
HP Photo and Imaging 1.0 - HP Photosmart Printer Series (HKLM\...\{0D396571-7BBD-44CE-ABB3-518BF86B72F7}) (Version: 1.1.0000 - {&Tahoma8}Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4410 - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Intel® PROSet for Wired Connections (HKLM\...\{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}) (Version: 9.20.0000 - Dell)
iTunes (HKLM\...\{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}) (Version: 7.6.0.29 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Logitech Legacy USB Camera Driver Package (HKLM\...\legacyqcam_11.00) (Version: 11.00.1217 - )
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.70.1044 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Macromedia Shockwave Player (HKLM\...\Macromedia Shockwave Player) (Version:  - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Digital Image Standard 2006 (HKLM\...\PictureItPrem_v11) (Version: 11.0.0422 - Microsoft Corporation)
Microsoft Encarta Encyclopedia Standard 2006 (HKLM\...\{06040048-3E21-46D6-9A91-D927BA08F41D}) (Version: 2006 - Microsoft Corporation)
Microsoft Money 2006 (HKLM\...\Money2006b) (Version: 15 - Microsoft)
Microsoft Office Publisher 2007 Trial (HKLM\...\PUBLISHERR) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Streets & Trips 2006 (HKLM\...\{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}) (Version: 13.00.09.0200 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 2002 (HKLM\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft Works Suite 2006 Setup Launcher (HKLM\...\Works2006Setup) (Version:  - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}) (Version: 8.0.0.0000 - Microsoft Corporation)
MKVtoolnix 4.9.1 (HKLM\...\MKVtoolnix) (Version: 4.9.1 - Moritz Bunkus)
MotionDV STUDIO 5.6E LE for DV (HKLM\...\{E07C71A6-1576-4F7F-8856-B1C439E669AC}) (Version:  - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\Move Networks Player - IE) (Version:  - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Move Networks Player - IE) (Version:  - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Move Networks Player - IE) (Version:  - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Move Networks Player - IE) (Version:  - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Move Networks Player - IE) (Version:  - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Move Networks Player - IE) (Version:  - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Move Networks Player - IE) (Version:  - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Move Networks Player - IE) (Version:  - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Move Networks Player - IE) (Version:  - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Move Networks Player - IE) (Version:  - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Move Networks Player - IE) (Version:  - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Move Networks Player - IE) (Version:  - )
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
MVision (Version: 11.00.1217 - Logitech Inc.) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.3.6280.92 - PC-Doctor, Inc.)
Oracle JInitiator 1.3.1.13 (HKLM\...\Oracle JInitiator 1.3.1.13) (Version:  - )
Oracle JInitiator 1.3.1.28 (HKLM\...\{CAFECAFE-0013-0001-0128-ABCDEFABCDEF}) (Version:  - )
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.2.00.03250 - Sony Corporation)
PowerTeacher Gradebook Launcher (HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\PTg) (Version: 1.0 - Pearson)
PowerTeacher Gradebook Launcher (HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\PTg) (Version: 1.0 - Pearson)
PowerTeacher Gradebook Launcher (HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\PTg) (Version: 1.0 - Pearson)
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Roxio Video Capture USB (HKLM\...\{61A43DB0-B0AA-4EDA-88E7-D11659CD7DF4}) (Version: 1.0 - Roxio)
Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.8.0 - SmartSound Software Inc) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Sony Image Data Suite (HKLM\...\{359FCAA7-B544-4147-AE3B-8C8A526E2427}) (Version: 3.2.00.19080 - Sony Corporation)
Startup Delayer v2.5 (build 138) (HKLM\...\Startup Delayer) (Version:  - )
TurboTax 2008 (HKLM\...\TurboTax 2008) (Version:  - )
TurboTax 2009 (HKLM\...\TurboTax 2009) (Version:  - Intuit, Inc)
TurboTax 2010 (HKLM\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax Deluxe 2007 (HKLM\...\TurboTax Deluxe 2007) (Version:  - )
TurboTax Deluxe Deduction Maximizer 2006 (HKLM\...\TurboTax Deluxe Deduction Maximizer 2006) (Version:  - )
TurboTax ItsDeductible 2006 (HKLM\...\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}) (Version: 10.00.0000 - Intuit)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
VanDyke Software SecureCRT 5.5 (HKLM\...\SecureCRT) (Version: 5.5 - VanDyke Software, Inc.)
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
WavePad Uninstall (HKLM\...\WavePad) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\WinDirStat) (Version:  - )
WinDirStat 1.1.2 (HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WinDirStat) (Version:  - )
WinDirStat 1.1.2 (HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\WinDirStat) (Version:  - )
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0059.1 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Works Upgrade (Version: 8.0.0.0000 - Microsoft Corporation) Hidden
ZipGenius 6 (6.0.3.1150) (HKLM\...\{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1) (Version: 6.0 - M.Dev Software)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{01329177-32B9-43A7-A4DE-98C73B23B340}\InprocServer32 -> C:\Program Files\ItsDeductible2006\DPDF_Gen98.dll (ceTe, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{07B27DE3-0C8C-4F21-B249-ED5BDC5AFF6F}\InprocServer32 -> C:\Program Files\ItsDeductible2006\DPDF_Gen98.dll (ceTe, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{08D1779E-7D4B-4B64-8F9F-AA29DE48DAA3}\InprocServer32 -> C:\Program Files\ItsDeductible2006\DPDF_Gen98.dll (ceTe, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{1B52ECE0-8483-101C-933E-0000C005958C}\InprocServer32 -> C:\Program Files\ItsDeductible2006\SPR32X30.ocx (FarPoint Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{1B52ECE1-8483-101C-933E-0000C005958C}\InprocServer32 -> C:\Program Files\ItsDeductible2006\SPR32X30.ocx (FarPoint Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{1B52ECE2-8483-101C-933E-0000C005958C}\InprocServer32 -> C:\Program Files\ItsDeductible2006\SPR32X30.ocx (FarPoint Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\system32\MSSTDFMT.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{3A7C460B-9855-49B0-91F4-A99297930EBD}\InprocServer32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Pearson VUE Common\DecryptionSourceFil (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{4D2ACF01-745F-11CF-8BC4-00AA00B42B7C}\InprocServer32 -> C:\Program Files\ItsDeductible2006\SPR32X30.ocx (FarPoint Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\43.0.2357.130\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{62022DB3-AEBA-4E84-9D13-4F4AEDD8FCBA}\InprocServer32 -> C:\Program Files\ItsDeductible2006\DPDF_Gen98.dll (ceTe, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{664E2200-24DB-11D2-9A82-444553540000}\InprocServer32 -> C:\Program Files\ItsDeductible2006\SPR32X30.ocx (FarPoint Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\system32\MSSTDFMT.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{7BB7994B-5297-49B3-A42C-4812B51D8331}\InprocServer32 -> C:\Program Files\ItsDeductible2006\DPDF_Gen98.dll (ceTe, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\system32\MSSTDFMT.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{A0359AE6-F410-4425-A975-684AAB785ABD}\InprocServer32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\AskToolbar\Downloaded Program Files\AviraBrowserSecurity.dll (Ask.com)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{A28E8A2F-75FD-4809-897D-8CEE473E9A72}\InprocServer32 -> C:\Program Files\ItsDeductible2006\DPDF_Gen98.dll (ceTe, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{B47C6567-880B-40F7-989D-F944BDE4E446}\InprocServer32 -> C:\Program Files\ItsDeductible2006\DPDF_Gen98.dll (ceTe, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{BAB5D6C9-3634-4D96-88CF-5A8B10C1996C}\InprocServer32 -> C:\Program Files\ItsDeductible2006\DPDF_Gen98.dll (ceTe, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{C75C4FE5-848D-11CE-AF28-861BF46909CC}\InprocServer32 -> C:\Program Files\ItsDeductible2006\SPR32X30.ocx (FarPoint Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{C9047280-848F-101C-933E-0000C005958C}\InprocServer32 -> C:\Program Files\ItsDeductible2006\SPR32X30.ocx (FarPoint Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{C9047281-848F-101C-933E-0000C005958C}\InprocServer32 -> C:\Program Files\ItsDeductible2006\SPR32X30.ocx (FarPoint Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{E2454650-4D87-11D2-B8B2-0000C00A958C}\InprocServer32 -> C:\Program Files\ItsDeductible2006\SPR32X30.ocx (FarPoint Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Documents and Settings\Ray\Application Data\Move Networks\ie_bin\qsp2ie071101000055.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Documents and Settings\Ray\Application Data\Move Networks\ie_bin\qsp2ie071101000055.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\COMDLG32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Documents and Settings\Ray\Application Data\Move Networks\ie_bin\qsp2ie071101000055.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Documents and Settings\Ray\Application Data\Move Networks\ie_bin\qsp2ie071101000055.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-367943299-334765024-3848587932-1006_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
 
==================== Restore Points =========================
 
Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-10 13:51 - 2009-09-06 12:32 - 00000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Check Updates.job => C:\Program Files\user extensions\Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Client.job => C:\WINDOWS\system32\cmd.exe:/C start C:\Program Files\user extensions\client.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cc70b8b63cad68.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf8d4a4f3e0196.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfef0a5083d644.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfff3a9089981a.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d040079ba3f34a.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d090f79611c254.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-367943299-334765024-3848587932-1006Core1cf8c819316a1bc.job => C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-367943299-334765024-3848587932-1006Core1cfef3450c153be.job => C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-367943299-334765024-3848587932-1006Core1cffef1c6d40b6.job => C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-367943299-334765024-3848587932-1006Core1d0407112c40424.job => C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-367943299-334765024-3848587932-1006Core1d0900fc9a40c28.job => C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Usg Daily.job => C:\Program Files\hp photosmart 11\printer\Hphusg04.exe
Task: C:\WINDOWS\Tasks\HP Usg Login.job => C:\Program Files\hp photosmart 11\printer\Hphusg04.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Run Tasks.job => C:\Program Files\user extensions\Tasks.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job => C:\Program Files\Ask.com\UpdateTask.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-06-26 18:31 - 2010-08-10 21:37 - 00217088 _____ () C:\Program Files\ASUS\Printer Utilities\UsbService.exe
2005-10-05 04:12 - 2005-10-05 04:12 - 00094208 _____ () C:\Program Files\Dell\Media Experience\DMXLauncher.exe
2004-08-12 09:56 - 2008-04-13 20:11 - 00059904 ____N () C:\WINDOWS\system32\devenum.dll
2004-08-12 10:00 - 2008-04-13 20:11 - 00014336 ____N () C:\WINDOWS\system32\msdmo.dll
2015-06-23 09:03 - 2015-06-20 01:46 - 15003976 _____ () C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:00C31200
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0104E054
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1D6686D8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:3C1C493B
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:3CD562B4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:41099CE9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:444C53BA
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:47BE4EDF
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4D7FCCD3
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5216CD26
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:615435BE
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:61E5F0F7
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:74699137
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8DD623B3
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:949483BD
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C4A1F01E
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D66B5EAE
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DA3C6C07
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DAFD38AE
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E36F5B57
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E71141D2
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:EA2FBCA1
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTPrx => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\turbotax.com -> hxxps://turbotax.com
 
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-367943299-334765024-3848587932-1006\...\100sexlinks.com -> 100sexlinks.com
 
There are 4929 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-21-367943299-334765024-3848587932-1006\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Ray\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Ray\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Ray\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Sally\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Sally\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Sally\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Rachel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Rachel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Rachel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Erica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Erica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Erica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
HKU\S-1-5-21-367943299-334765024-3848587932-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: Share-to-Web Namespace Daemon => C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] => Enabled:AOL
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe] => Enabled:AOL
DomainProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe] => :LocalSubNet:Enabled:TurboTax
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Enabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe] => :LocalSubNet:Disabled:Intuit Update Shared Downloads Server
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Ray\Local Settings\Application Data\Pearson VUE\NBPTS Tutorial and Demo\jre\bin\java.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe] => Enabled:CinemaNow Media Manager
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Ray\Local Settings\Application Data\Pearson VUE Common\JRE\jre1.6.0_32\bin\java.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\plugin\geplugin.exe] => Disabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\client\googleearth.exe] => Disabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Disabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre7\bin\javaw.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Ray\Local Settings\Application Data\Pearson VUE Common\JRE\jre1.6.0_37\bin\java.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Plugin Manager\skypePM.exe] => Disabled:Skype Extras Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe] => :LocalSubNet:Disabled:TurboTax
StandardProfile\AuthorizedApplications: [C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe] => :LocalSubNet:Disabled:TurboTax Update Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe] => :LocalSubNet:Disabled:TurboTax Update Manager
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Ray\Local Settings\temp\pft3EF.tmp\Printer.exe] => Enabled:ASUS Wireless Router Utility
StandardProfile\AuthorizedApplications: [C:\Program Files\ASUS\Printer Utilities\UsbService.exe] => Enabled:ASUS Virtual USB Service
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Ray\Local Settings\temp\pft625.tmp\Printer.exe] => Enabled:ASUS Virtual USB Utility
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe] => :LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\Logitech\Logitech Vid\Vid.exe] => Enabled:Logitech Vid HD
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [10243:TCP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
DomainProfile\GloballyOpenPorts: [10280:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
DomainProfile\GloballyOpenPorts: [10281:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
DomainProfile\GloballyOpenPorts: [10282:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
DomainProfile\GloballyOpenPorts: [10283:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
DomainProfile\GloballyOpenPorts: [10284:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [10243:TCP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
StandardProfile\GloballyOpenPorts: [10280:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
StandardProfile\GloballyOpenPorts: [10281:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
StandardProfile\GloballyOpenPorts: [10282:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
StandardProfile\GloballyOpenPorts: [10283:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
StandardProfile\GloballyOpenPorts: [10284:UDP] => :LocalSubNet:Enabled:Windows Media Player Network Sharing Service
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/30/2015 02:49:37 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (06/30/2015 02:49:37 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (06/30/2015 01:56:38 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (5664) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).
 
Error: (06/30/2015 01:56:38 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (5664) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).
 
Error: (06/30/2015 01:56:38 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (5664) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).
 
Error: (06/30/2015 01:56:38 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (5664) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).
 
Error: (06/30/2015 01:56:38 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (5664) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).
 
Error: (06/30/2015 01:56:38 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (5664) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).
 
Error: (06/30/2015 01:56:38 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (5664) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).
 
Error: (06/30/2015 01:56:38 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (5664) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).
 
 
System errors:
=============
Error: (07/01/2015 05:58:46 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
 
Error: (07/01/2015 05:57:34 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
 
Error: (07/01/2015 05:56:59 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
 
Error: (07/01/2015 05:56:22 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
 
Error: (07/01/2015 05:55:46 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
 
Error: (07/01/2015 05:55:07 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
 
Error: (07/01/2015 05:54:25 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
 
Error: (07/01/2015 05:53:49 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
 
Error: (07/01/2015 05:53:13 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
 
Error: (07/01/2015 05:52:35 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
 
 
Microsoft Office:
=========================
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® 4 CPU 3.06GHz
Percentage of memory in use: 73%
Total physical RAM: 2038.07 MB
Available physical RAM: 544.67 MB
Total Virtual: 3409.18 MB
Available Virtual: 1775.21 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:71.05 GB) (Free:32.47 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=71.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3.4 GB) - (Type=DB)
 
==================== End of log ============================
 

  • 0

Advertisements


#2
Doc T

Doc T

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Problem Solved!

 

Used Revo Uninstaller Pro 3.1.2 and was able to delete the program. Also got rid of adminupdate.exe program that had gotten on the computer.

 

Time to be more careful about 3rd party downloads.

 

Thanks,

Ray


  • 0

#3
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thanks for letting us know.


  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, pccleanerpro

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP