Jump to content

[ Solved ] HELP. router hacked

bob12a
 Share

Recommended Posts

bob12a Newbie

bob12a

Posted
Posted

Ken,Nev

See my "before I go on"thread and my replies.

 

Could my router be hacked

Bob

Bob

(bob12a)

My 3D pictures need red cyan glasses to view

medion MD8855,Win 7 IE8, Firefox/3, Avast,MS security essentials, NERO 9,malware bytes.Mailwasher pro ,6.54,Roboform,spybot S&D 1.6, Canon ixus 860 X 2,PS CS5

  • Replies 31
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Plastic Nev Newbie

Plastic Nev

Posted
Posted

Considering the computer itself is behaving oddly, I doubt that the router is to blame, however please let us know the make and model of your router as some makes did have a vulnerability.

In those cases, where they were hacked there was no sign of it on the computer anyway, they just let hackers see your personal outgoing stuff.

 

I assume you have now run scans with Malwarebytes and your antivirus, have they turned up anything?

 

One more thing, just check and see if the computers behaviour is because finally service pack 1 has managed to install behind the scenes.

 

Finally, if any sort of concern that malware is responsible for this behaviour, follow the guide and post the logs for one of our security guys to check.

 

Nev.

Need help with your computer problems? Then why not join Free PC Help. Register here.

If Free PC Help has helped you then please consider a donation. Click here

 We are all members helping other members. Please return here where you may be able to help someone else.  

After all, no one knows everything and you may have the answer that someone needs.

--------------------------------------------------------------------

I have installed Windows, now how do I install the curtains? 😄

image.png

bob12a Newbie

bob12a

Posted
  • Author
Posted

Hi Nev

 

Will do all the tests you mention and get back thanks.

Router is BRIGHT BOX 2

SUPPLIED BY EE

 

Did run ESET NODE32

Bob

(bob12a)

My 3D pictures need red cyan glasses to view

medion MD8855,Win 7 IE8, Firefox/3, Avast,MS security essentials, NERO 9,malware bytes.Mailwasher pro ,6.54,Roboform,spybot S&D 1.6, Canon ixus 860 X 2,PS CS5

bob12a Newbie

bob12a

Posted
  • Author
Posted

Hi Ken Nev

Malware produced 25 PUPs I cleaned them. Ran another malware

Node 32 clean but with 25 items in quaritine. Left alone

One more thing, just check and see if the computers behaviour is because finally service pack 1 has managed to install behind the scenes.

 

The sp1 no show

 

It seems strange this change/fault happened on 2 laptops and I PC.I promise I was not mucking around.

 

Again thanks both for your help.

Bob

(bob12a)

My 3D pictures need red cyan glasses to view

medion MD8855,Win 7 IE8, Firefox/3, Avast,MS security essentials, NERO 9,malware bytes.Mailwasher pro ,6.54,Roboform,spybot S&D 1.6, Canon ixus 860 X 2,PS CS5

Plastic Nev Newbie

Plastic Nev

Posted
Posted

One of the malware guys might want to look at the PUP's and quarantined stuff Bob, so don't delete them just yet.

 

If at least one of the PUP's is common to all the laptops and desktop, it may well have been that, but lets see what is said by the experts.

 

Hopefully they will see this and ask.

 

Nev.

Need help with your computer problems? Then why not join Free PC Help. Register here.

If Free PC Help has helped you then please consider a donation. Click here

 We are all members helping other members. Please return here where you may be able to help someone else.  

After all, no one knows everything and you may have the answer that someone needs.

--------------------------------------------------------------------

I have installed Windows, now how do I install the curtains? 😄

image.png

Starbuck Newbie

Starbuck

Posted
Posted

Hi Bob

 

Could my router be hacked

It's possible, but as only PuPs have been found.... I doubt it at the moment.

 

Malware produced 25 PUPs I cleaned them. Ran another malware

Node 32 clean but with 25 items in quaritine.

I suspect that Nod32 found the items that MBAM had quarantined.

 

Can you post the report from MBAM, so i can see exactly what was found.

 

Restart MBAM

  • Click on the History tab >> Application Logs.
  • Double click on the scan log which shows the Date and time of the scan that showed the infections.
     
    http://img.photobucket.com/albums/v708/starbuck50/mbamlog_zpsa7413aad.png
     
  • Click 'Copy to Clipboard'
     
    http://img.photobucket.com/albums/v708/starbuck50/mbamhis_zps7bfe6503.png
     
  • Paste the report into your next reply.

 

 

 

Thanks

Member of:

UNITE

bob12a Newbie

bob12a

Posted
  • Author
Posted

thank you Peter below as requested

 

Malwarebytes Anti-Malware

http://www.malwarebytes.org

 

 

Scan Date: 23/10/2014

Scan Time: 10:36:02

Logfile:

Administrator: Yes

 

 

Version: 2.00.3.1025

Malware Database: v2014.10.23.02

Rootkit Database: v2014.10.22.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

 

OS: Windows 7

CPU: x86

File System: NTFS

User: BF2010

 

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 352321

Time Elapsed: 26 min, 44 sec

 

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

 

Processes: 0

(No malicious items detected)

 

 

Modules: 0

(No malicious items detected)

 

 

Registry Keys: 1

PUP.Optional.Updater.A, HKU\S-1-5-21-2785784116-2001642337-1380054423-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Digital Sites, No Action By User, [96888296a6d621151e9ff11c7d8651af],

 

 

Registry Values: 0

(No malicious items detected)

 

 

Registry Data: 0

(No malicious items detected)

 

 

Folders: 8

PUP.Optional.SearchProtect.A, C:\Users\BF2010\AppData\Local\SearchProtect, No Action By User, [d34bff199fdd5fd7a0308b7ae320fe02],

PUP.Optional.SearchProtect.A, C:\Users\BF2010\AppData\Local\SearchProtect\Logs, No Action By User, [d34bff199fdd5fd7a0308b7ae320fe02],

PUP.Optional.Updater.A, C:\Users\BF2010\AppData\Roaming\DigitalSites\UpdateProc, No Action By User, [96888296a6d621151e9ff11c7d8651af],

PUP.Optional.Astromenda, C:\Program Files\WSE_Astromenda, No Action By User, [011d53c5027a3afcdf5216fdb05312ee],

PUP.Optional.Astromenda, C:\Program Files\WSE_Astromenda\bh, No Action By User, [011d53c5027a3afcdf5216fdb05312ee],

PUP.Optional.Astromenda.A, C:\Users\BF2010\AppData\Roaming\WSE_Astromenda, No Action By User, [f7271ff9661642f41733ce45bf4417e9],

PUP.Optional.Astromenda.A, C:\Users\BF2010\AppData\Roaming\WSE_Astromenda\icons_3.2.1.5, No Action By User, [f7271ff9661642f41733ce45bf4417e9],

PUP.Optional.Astromenda.A, C:\Users\BF2010\AppData\Roaming\WSE_Astromenda\UpdateProc, No Action By User, [f7271ff9661642f41733ce45bf4417e9],

 

 

Files: 18

PUP.Optional.InstalLCore, C:\Users\BF2010\AppData\Local\Temp\is1242154493\2982149_stp.EXE, No Action By User, [cb539f790a72f83ee9f12fdaf60fa957],

PUP.Optional.Conduit.A, C:\Users\BF2010\AppData\Local\Temp\nsc4D08.tmp\82\SPIdentifier.exe, No Action By User, [ef2f44d4b9c3f4424bca22005ca53ac6],

PUP.Optional.Astromenda, C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\n0cs74ko.default\searchplugins\Astromenda.xml, No Action By User, [fb239e7a6c1060d676e8ed3aba4934cc],

PUP.Optional.SearchProtect.A, C:\Users\BF2010\AppData\Local\SearchProtect\Logs\sp_nsvEFAE.log, No Action By User, [d34bff199fdd5fd7a0308b7ae320fe02],

PUP.Optional.Updater.A, C:\Users\BF2010\AppData\Roaming\DigitalSites\UpdateProc\bkup.dat, No Action By User, [96888296a6d621151e9ff11c7d8651af],

PUP.Optional.Updater.A, C:\Users\BF2010\AppData\Roaming\DigitalSites\UpdateProc\config.dat, No Action By User, [96888296a6d621151e9ff11c7d8651af],

PUP.Optional.Updater.A, C:\Users\BF2010\AppData\Roaming\DigitalSites\UpdateProc\info.dat, No Action By User, [96888296a6d621151e9ff11c7d8651af],

PUP.Optional.Updater.A, C:\Users\BF2010\AppData\Roaming\DigitalSites\UpdateProc\prod.dat, No Action By User, [96888296a6d621151e9ff11c7d8651af],

PUP.Optional.Updater.A, C:\Users\BF2010\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT, No Action By User, [96888296a6d621151e9ff11c7d8651af],

PUP.Optional.Updater.A, C:\Users\BF2010\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT, No Action By User, [96888296a6d621151e9ff11c7d8651af],

PUP.Optional.Updater.A, C:\Users\BF2010\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe, No Action By User, [96888296a6d621151e9ff11c7d8651af],

PUP.Optional.Astromenda, C:\Program Files\WSE_Astromenda\astcnfg.dat, No Action By User, [011d53c5027a3afcdf5216fdb05312ee],

PUP.Optional.Astromenda, C:\Program Files\WSE_Astromenda\uninst.dat, No Action By User, [011d53c5027a3afcdf5216fdb05312ee],

PUP.Optional.Astromenda.A, C:\Users\BF2010\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat, No Action By User, [f7271ff9661642f41733ce45bf4417e9],

PUP.Optional.Astromenda.A, C:\Users\BF2010\AppData\Roaming\WSE_Astromenda\UpdateProc\config.dat, No Action By User, [f7271ff9661642f41733ce45bf4417e9],

PUP.Optional.Astromenda.A, C:\Users\BF2010\AppData\Roaming\WSE_Astromenda\UpdateProc\info.dat, No Action By User, [f7271ff9661642f41733ce45bf4417e9],

PUP.Optional.Astromenda.A, C:\Users\BF2010\AppData\Roaming\WSE_Astromenda\UpdateProc\STTL.DAT, No Action By User, [f7271ff9661642f41733ce45bf4417e9],

PUP.Optional.Astromenda.A, C:\Users\BF2010\AppData\Roaming\WSE_Astromenda\UpdateProc\TTL.DAT, No Action By User, [f7271ff9661642f41733ce45bf4417e9],

 

 

Physical Sectors: 0

(No malicious items detected)

 

 

 

 

(end)

Bob

(bob12a)

My 3D pictures need red cyan glasses to view

medion MD8855,Win 7 IE8, Firefox/3, Avast,MS security essentials, NERO 9,malware bytes.Mailwasher pro ,6.54,Roboform,spybot S&D 1.6, Canon ixus 860 X 2,PS CS5

Starbuck Newbie

Starbuck

Posted
Posted

Hi Bob,

 

Your version of MBAM is out of date:

Version: 2.00.3.1025

The latest version is: 2.1.4.1018

It's very important that the latest version is used.

 

  • Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
  • Restart your computer (very important).
  • Download mbam clean and save to your Desktop.
  • Please close all open applications and temporarily shutdown your antivirus to avoid any conflicts when running the tool.
  • Locate the file mbam-clean.exe and double-click to run it... Vista/Windows 7/8 users right-click and select Run As Administrator.. and follow the onscreen prompts.
  • It will ask to restart your computer, please allow it to do so (very important)
  • After the computer restarts..........
  • Ensure that your antivirus is enabled and download the latest version of Malwarebytes Anti-Malware from Here and save it to your desktop.
  • Now close all open applications including your browser and again temporarily disable your antivirus as before and launch the Malwarebytes installer you just downloaded.
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program
    I recommend that you UNtick this option.
  • Click Finish
  • When installation is complete....Make sure you re-enabled your Anti-Virus/Internet-Security applications.

 

  • If you are notified the Database is out of date click Update Now
     
    http://img.photobucket.com/albums/v708/starbuck50/mbamnew_zpsdc989cc1.png
     
  • Click Scan Now >>
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

.

 

(Copy to clipboard for pasting into forum replies)

 

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab >> Application Logs.
     
    http://img.photobucket.com/albums/v708/starbuck50/mbamapplog_zps222887ef.png
     
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
     
    http://img.photobucket.com/albums/v708/starbuck50/mbamhis_zps7bfe6503.png
     
  • Paste the contents of the clipboard into your reply.

 

 

Thanks

Member of:

UNITE

bob12a Newbie

bob12a

Posted
  • Author
Posted
Will follow your instructions tomorrow Thanks

Bob

(bob12a)

My 3D pictures need red cyan glasses to view

medion MD8855,Win 7 IE8, Firefox/3, Avast,MS security essentials, NERO 9,malware bytes.Mailwasher pro ,6.54,Roboform,spybot S&D 1.6, Canon ixus 860 X 2,PS CS5

bob12a Newbie

bob12a

Posted
  • Author
Posted

Hope this is what you want

 

 

Malwarebytes Anti-Malware

http://www.malwarebytes.org

 

 

Scan Date: 30/03/2015

Scan Time: 08:51:59

Logfile:

Administrator: Yes

 

 

Version: 2.01.4.1018

Malware Database: v2015.03.30.04

Rootkit Database: v2015.03.26.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

 

OS: Windows 7

CPU: x86

File System: NTFS

User: BF2010

 

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 470627

Time Elapsed: 28 min, 24 sec

 

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

 

Processes: 0

(No malicious items detected)

 

 

Modules: 0

(No malicious items detected)

 

 

Registry Keys: 0

(No malicious items detected)

 

 

Registry Values: 0

(No malicious items detected)

 

 

Registry Data: 0

(No malicious items detected)

 

 

Folders: 0

(No malicious items detected)

 

 

Files: 0

(No malicious items detected)

 

 

Physical Sectors: 0

(No malicious items detected)

 

 

 

 

(end)

Bob

(bob12a)

My 3D pictures need red cyan glasses to view

medion MD8855,Win 7 IE8, Firefox/3, Avast,MS security essentials, NERO 9,malware bytes.Mailwasher pro ,6.54,Roboform,spybot S&D 1.6, Canon ixus 860 X 2,PS CS5

Starbuck Newbie

Starbuck

Posted
Posted

Hi Bob,

 

Hope this is what you want

Yep, that was it. :)

 

I can reset the text sizes and move the desktop icons around to what I want

Have you reset these yet?

 

Let's make sure that there's no PuP leftovers.

 

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Cleaning button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

Step 2

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

 

  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
     
    http://img.photobucket.com/albums/v708/starbuck50/frsticon_zpsdc3cbdc3.png
     
  • When the tool opens click Yes to disclaimer.
     
    http://img.photobucket.com/albums/v708/starbuck50/frstdis_zps7f598f12.png
     
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.
     
    http://img.photobucket.com/albums/v708/starbuck50/newfrst_zpsa63ffa3d.png
     
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

 

 

 

 

 

In your next reply, please submit:

JRT.txt

AdwCleaner report

Both reports from FRST

 

 

Thanks.

Member of:

UNITE

bob12a Newbie

bob12a

Posted
  • Author
Posted
Hi Bob,

 

 

 

Have you reset these yet?

No problem resetting the size and moving icons on desktop

 

Let's make sure that there's no PuP leftovers.

 

Thanks.

 

Thank you for your time hope this is the logs/files you want.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.8 (03.30.2015:1)

OS: Windows 7 Home Premium x86

Ran by BF2010 on 31/03/2015 at 7:23:00.75

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

 

 

 

~~~ Services

 

 

 

 

 

 

~~~ Registry Values

 

 

 

 

 

 

~~~ Registry Keys

 

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RoboTaskBarIcon_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RoboTaskBarIcon_RASMANCS

 

 

 

 

 

 

~~~ Files

 

 

Successfully deleted: [File] "C:\Windows\wininit.ini"

 

 

 

 

 

 

~~~ Folders

 

 

Successfully deleted: [Folder] "C:\ProgramData\apn"

Successfully deleted: [Empty Folder] C:\Users\BF2010\appdata\local\{49370636-461B-49FC-AD38-4188C7857F16}

Successfully deleted: [Empty Folder] C:\Users\BF2010\appdata\local\{891E73BA-0BFE-448F-B192-CCA6B8C4480C}

Successfully deleted: [Empty Folder] C:\Users\BF2010\appdata\local\{8AC0045E-C2D1-4C23-BEF9-561E6512B533}

Successfully deleted: [Empty Folder] C:\Users\BF2010\appdata\local\{9D1F4CD2-2AEC-4373-866C-CC82BF51336C}

Successfully deleted: [Empty Folder] C:\Users\BF2010\appdata\local\{C770D582-55FB-4746-9E20-D1457D6DE08B}

 

 

 

 

 

 

~~~ FireFox

 

 

Successfully deleted: [File] C:\Users\BF2010\AppData\Roaming\mozilla\firefox\profiles\smtw6sxf.default-1424709629288\user.js

Emptied folder: C:\Users\BF2010\AppData\Roaming\mozilla\firefox\profiles\smtw6sxf.default-1424709629288\minidumps [5 files]

 

 

 

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 31/03/2015 at 7:24:45.73

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015

Ran by BF2010 (administrator) on BF2010-PC on 31-03-2015 07:44:23

Running from C:\Users\BF2010\Desktop\unwanted for now\pete

Loaded Profiles: BF2010 (Available profiles: BF2010 & bob02)

Platform: Microsoft Windows 7 Home Premium (X86) OS Language: English (United States)

Internet Explorer Version 9 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

==================== Processes (Whitelisted) =================

 

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Microsoft Corporation) C:\Windows\System32\CISVC.EXE

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe

(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

(Secunia) C:\Program Files\Secunia\PSI\psia.exe

(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Google Inc.) C:\Users\BF2010\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe

(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe

(Firetrust) C:\Program Files\FireTrust\MailWasher\MailWasherPro.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe

 

 

 

 

==================== Registry (Whitelisted) ==================

 

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

 

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2014-10-01] (ESET)

HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-10] (Google)

HKU\S-1-5-21-2785784116-2001642337-1380054423-1000\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-03-04] (Siber Systems)

HKU\S-1-5-21-2785784116-2001642337-1380054423-1000\...\Run: [Google+ Auto Backup] => C:\Users\BF2010\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)

HKU\S-1-5-18\...\Run: [samsung.PCSync] => C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe [1294336 2009-06-04] (Nokia)

IFEO\taskmgr.exe: [Debugger] C:\Program Files\TuneUp Utilities 2014\PMLauncher.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

Startup: C:\Users\BF2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk

ShortcutTarget: MailWasherPro.lnk -> C:\Program Files\FireTrust\MailWasher\MailWasherPro.exe (Firetrust)

Startup: C:\Users\bob2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk

ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe ()

ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

 

==================== Internet (Whitelisted) ====================

 

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

HKU\S-1-5-21-2785784116-2001642337-1380054423-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.roboform.com

HKU\S-1-5-21-2785784116-2001642337-1380054423-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50

HKU\S-1-5-21-2785784116-2001642337-1380054423-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2015-03-04] (Siber Systems Inc.)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-06] (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll [2015-03-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-06] (Oracle Corporation)

Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2015-03-04] (Siber Systems Inc.)

Toolbar: HKU\S-1-5-21-2785784116-2001642337-1380054423-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2015-03-04] (Siber Systems Inc.)

DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1417862258607

DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

 

FireFox:

========

FF ProfilePath: C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\smtw6sxf.default-1424709629288

FF Homepage: hxxp://start.roboform.com

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-05] ()

FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)

FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-06-03] (DivX, LLC)

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)

FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)

FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-06] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-06] (Oracle Corporation)

FF Plugin: @Microsoft.com/DownloadManager,version=1.1 -> C:\Windows\ [2015-03-06] ()

FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-06-02] (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-09-10] (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-09-10] (NVIDIA Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2785784116-2001642337-1380054423-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\BF2010\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)

FF Plugin HKU\S-1-5-21-2785784116-2001642337-1380054423-1000: @talk.google.com/O1DPlugin -> C:\Users\BF2010\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)

FF Plugin HKU\S-1-5-21-2785784116-2001642337-1380054423-1000: @tools.google.com/Google Update;version=3 -> C:\Users\BF2010\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)

FF Plugin HKU\S-1-5-21-2785784116-2001642337-1380054423-1000: @tools.google.com/Google Update;version=9 -> C:\Users\BF2010\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2009-08-03] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-02-24] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-02-24] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-02-24] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-02-24] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-02-24] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\BF2010\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\BF2010\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)

FF Extension: Anaglyph 3D - C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\smtw6sxf.default-1424709629288\Extensions\anaglyph3d@internauta1024a.pl.xpi [2015-02-24]

FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox

FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010-03-25]

FF HKU\S-1-5-21-2785784116-2001642337-1380054423-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox

 

 

Chrome:

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Profile: C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default

CHR Profile: C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 4

CHR Extension: (eSpeedCheck Start) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ehchcmpfdjpoofcbkgaocnaogefilpci [2015-03-29]

CHR Extension: (My Search) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\igcjphndpn***fojcchcfeajgkgfefeb [2015-03-29]

CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-07]

CHR HKU\S-1-5-21-2785784116-2001642337-1380054423-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\BF2010\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-12-16]

CHR HKU\S-1-5-21-2785784116-2001642337-1380054423-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx

 

 

========================== Services (Whitelisted) =================

 

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

 

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [821016 2012-04-27] (Acronis)

S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3459024 2012-05-15] (Acronis)

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1349576 2014-10-01] (ESET)

S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915784 2014-09-17] (NVIDIA Corporation)

S4 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-10] (Google)

S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)

S4 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)

S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18044744 2014-09-17] (NVIDIA Corporation)

R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2462160 2014-07-21] (Paramount Software UK Ltd)

R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)

S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

S4 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [File not signed]

S4 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

S4 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [5914912 2012-04-27] (Acronis)

R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

 

 

==================== Drivers (Whitelisted) ====================

 

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

 

R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2009-07-07] (Advanced Micro Devices Inc.)

R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70464 2014-07-14] (Advanced Micro Devices)

R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34624 2014-07-14] (Advanced Micro Devices)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)

S3 AtiHdmiService; C:\Windows\System32\drivers\AtiHdmi.sys [100352 2009-11-19] (ATI Technologies, Inc.) [File not signed]

S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [225280 2011-07-19] (Intel Corporation)

S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [191928 2014-08-18] (ESET)

R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [135296 2014-08-18] (ESET)

R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [123424 2014-09-18] (ESET)

S3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [47104 2011-07-20] (Intel Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)

S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [25712 2013-05-13] (Microsoft Corporation)

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32928 2014-09-04] (NVIDIA Corporation)

R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)

R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16024 2012-04-26] (Macrium Software)

S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)

S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)

S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)

R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [775232 2012-05-15] (Acronis)

R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-06-23] (TuneUp Software)

S3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1310720 2007-06-28] (C-Media Inc)

R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [126880 2012-05-15] (Acronis)

R0 vidsflt67; C:\Windows\System32\DRIVERS\vsflt67.sys [86496 2012-05-15] (Acronis)

S3 BTWAMPFL; system32\DRIVERS\btwampfl.sys [X]

S3 btwaudio; system32\drivers\btwaudio.sys [X]

S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]

S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]

S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]

S3 DrvAgent32; \??\C:\Windows\system32\Drivers\DrvAgent32.sys [X]

 

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

 

 

==================== One Month Created Files and Folders ========

 

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

 

2015-03-31 07:32 - 2015-03-31 07:32 - 02208768 _____ () C:\Users\BF2010\Downloads\adwcleaner_4.200.exe

2015-03-31 07:24 - 2015-03-31 07:24 - 00001765 _____ () C:\Users\BF2010\Desktop\JRT.txt

2015-03-31 07:22 - 2015-03-31 07:22 - 01389097 _____ (Thisisu) C:\Users\BF2010\Downloads\JRT (8).exe

2015-03-31 07:20 - 2015-03-31 07:20 - 01389097 _____ (Thisisu) C:\Users\BF2010\Downloads\JRT (7).exe

2015-03-30 08:51 - 2015-03-30 08:51 - 00001048 _____ () C:\Users\BF2010\Desktop\mwb 30march.txt

2015-03-30 08:03 - 2015-03-30 08:03 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-03-30 08:01 - 2015-03-30 08:01 - 00001028 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-03-30 08:01 - 2015-03-30 08:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-03-30 08:01 - 2015-03-30 08:01 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-03-30 08:01 - 2015-03-30 08:01 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2015-03-30 08:01 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-03-30 08:01 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-03-30 08:01 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-03-30 07:54 - 2015-03-30 07:53 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\BF2010\Desktop\mbam-setup-2.1.4.1018 (1).exe

2015-03-30 07:53 - 2015-03-30 07:53 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\BF2010\Downloads\mbam-setup-2.1.4.1018 (1).exe

2015-03-30 07:24 - 2015-03-30 07:24 - 00321848 _____ (Malwarebytes Corporation) C:\Users\BF2010\Downloads\mbam-clean-2.1.1.1001 (1).exe

2015-03-29 18:21 - 2015-03-29 18:22 - 00321848 _____ (Malwarebytes Corporation) C:\Users\BF2010\Downloads\mbam-clean-2.1.1.1001.exe

2015-03-29 16:31 - 2015-03-29 16:31 - 00002096 _____ () C:\Users\BF2010\Downloads\BTW Performance Test EE.html

2015-03-29 16:31 - 2015-03-29 16:31 - 00000000 ____D () C:\Users\BF2010\Downloads\BTW Performance Test EE_files

2015-03-29 16:23 - 2015-03-29 16:23 - 00000120 _____ () C:\Users\BF2010\Documents\EEORANGE.txt

2015-03-29 09:45 - 2015-03-29 09:45 - 00000054 _____ () C:\Users\BF2010\Documents\NEW PHONE.txt

2015-03-27 16:32 - 2015-03-27 16:32 - 00118195 _____ () C:\mal test 02 27th feb.txt

2015-03-27 16:30 - 2015-03-27 16:30 - 00117922 _____ () C:\mal test 27th feb.txt

2015-03-26 17:10 - 2015-03-26 17:10 - 00001785 _____ () C:\Users\BF2010\Downloads\IShouldntEvenBeDoingThis.acsm

2015-03-26 13:04 - 2015-03-27 13:38 - 00000000 ____D () C:\Windows\system32\SPReview

2015-03-26 12:59 - 2015-03-11 02:55 - 00818176 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-03-26 12:59 - 2015-03-11 02:55 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-03-26 12:59 - 2015-03-11 02:55 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-03-26 12:59 - 2015-03-11 02:55 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-03-26 12:59 - 2015-03-11 02:55 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-03-26 12:59 - 2015-03-11 02:55 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-03-26 12:59 - 2015-03-11 02:52 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-03-25 19:11 - 2015-03-25 19:11 - 00001786 _____ () C:\Users\BF2010\Downloads\DanBrownEnigma9781843584582.acsm

2015-03-24 15:36 - 2015-03-24 15:37 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\BF2010\Downloads\mbam-setup-2.1.4.1018.exe

2015-03-24 15:33 - 2015-03-24 15:33 - 00880208 _____ (Google Inc.) C:\Users\BF2010\Downloads\ChromeSetup (6).exe

2015-03-24 15:32 - 2015-03-24 15:32 - 00001932 _____ () C:\Users\BF2010\Desktop\FileHippo App Manager.lnk

2015-03-24 15:30 - 2015-03-24 15:30 - 00849352 _____ () C:\Users\BF2010\Downloads\AppManagerSetup_1.47.exe

2015-03-24 15:24 - 2015-03-24 15:24 - 01380448 _____ (Skype Technologies S.A.) C:\Users\BF2010\Downloads\SkypeSetup (12).exe

2015-03-24 12:33 - 2015-03-24 12:33 - 00000000 ____D () C:\Users\BF2010\Desktop\01 RIGHT 2015

2015-03-24 12:32 - 2015-03-24 12:33 - 00000000 ____D () C:\Users\BF2010\Desktop\01 LEFT 2015

2015-03-12 11:35 - 2015-03-12 11:35 - 00880208 _____ (Google Inc.) C:\Users\BF2010\Downloads\googledrivesync(1).exe

2015-03-12 10:35 - 2015-03-12 10:35 - 00880208 _____ (Google Inc.) C:\Users\BF2010\Downloads\ChromeSetup(1).exe

2015-03-11 16:47 - 2015-03-30 10:05 - 00036472 _____ () C:\Windows\PFRO.log

2015-03-11 16:41 - 2015-03-11 16:41 - 00243368 _____ () C:\Users\BF2010\Downloads\Firefox Setup Stub 36.0.1.exe

2015-03-10 18:29 - 2015-03-10 18:29 - 00000000 ____D () C:\Users\bob02\AppData\Local\NVIDIA

2015-03-10 13:15 - 2015-03-10 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote

2015-03-10 08:25 - 2015-03-11 16:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2015-03-08 17:08 - 2015-03-08 17:08 - 00880208 _____ (Google Inc.) C:\Users\BF2010\Downloads\ChromeSetup (5).exe

2015-03-08 10:15 - 2015-03-08 10:25 - 00000000 ____D () C:\Users\BF2010\Downloads\stphmkre506

2015-03-08 10:15 - 2014-09-30 18:37 - 03223552 _____ (Masuji SUTO & David Sykes) C:\Users\BF2010\Desktop\stphmkre.exe

2015-03-08 10:14 - 2014-09-30 18:37 - 03223552 _____ (Masuji SUTO & David Sykes) C:\Program Files\stphmkre.exe

2015-03-08 09:00 - 2015-03-08 09:00 - 01332608 _____ () C:\Users\BF2010\Downloads\stphmkre506.zip

2015-03-06 11:59 - 2015-03-06 12:03 - 396170445 _____ (NVIDIA Corporation ) C:\Users\BF2010\Downloads\NVIDIA 3D Vision PowerPack - Santa Cruz Beach Boardwalk (MPO).exe

2015-03-06 11:53 - 2015-03-06 11:53 - 00000000 ____D () C:\Users\BF2010\AppData\Roaming\Oracle

2015-03-06 11:39 - 2014-09-10 17:58 - 00608072 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe

2015-03-06 11:36 - 2015-03-06 11:36 - 00000000 ____D () C:\temp

2015-03-06 11:32 - 2014-09-11 01:39 - 00162592 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda32v.sys

2015-03-06 11:32 - 2014-09-11 01:39 - 00028448 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap32.dll

2015-03-06 11:32 - 2014-09-11 01:31 - 00021316 _____ () C:\Windows\system32\nvinfo.pb

2015-03-06 11:32 - 2014-09-11 01:30 - 01053384 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234082.dll

2015-03-06 11:32 - 2014-09-11 01:30 - 00906568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234082.dll

2015-03-06 11:32 - 2014-09-10 21:46 - 11283384 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2015-03-06 11:32 - 2014-09-10 21:46 - 11222088 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2015-03-06 11:32 - 2014-09-10 21:46 - 00305648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim32.dll

2015-03-06 11:32 - 2014-09-10 21:45 - 15295296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2015-03-06 11:32 - 2014-09-10 21:45 - 00846880 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshim.dll

2015-03-06 11:32 - 2014-09-10 21:45 - 00146528 _____ (NVIDIA Corporation) C:\Windows\system32\nvinit.dll

2015-03-06 11:32 - 2014-09-10 21:44 - 16122896 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll

2015-03-06 11:31 - 2014-09-10 21:46 - 03986632 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2015-03-06 11:31 - 2014-09-10 21:46 - 00905928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll

2015-03-06 11:31 - 2014-09-10 21:46 - 00867016 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll

2015-03-06 11:31 - 2014-09-10 21:44 - 24549184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll

2015-03-06 11:31 - 2014-09-10 21:44 - 10680008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2015-03-06 11:28 - 2015-03-06 11:29 - 227607528 _____ (NVIDIA Corporation) C:\Users\BF2010\Downloads\340.82_geforce_win8_winvista_win7_international.exe

2015-03-06 10:56 - 2015-03-31 07:38 - 00003212 _____ () C:\Windows\setupact.log

2015-03-06 10:56 - 2015-03-06 10:56 - 00000000 _____ () C:\Windows\setuperr.log

2015-03-06 10:51 - 2015-03-06 10:51 - 02085240 _____ (NVIDIA Corporation ) C:\Users\BF2010\Downloads\NVIDIA_3D_Vision_v266.21_driver.exe

2015-03-06 09:14 - 2015-03-06 09:14 - 00000000 ____D () C:\Program Files\Common Files\Java

2015-03-06 09:14 - 2015-03-06 09:13 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2015-03-06 09:13 - 2015-03-10 08:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-03-06 09:10 - 2015-03-06 09:11 - 00561576 _____ (Oracle Corporation) C:\Users\BF2010\Downloads\chromeinstall-8u40.exe

2015-03-05 08:50 - 2015-03-05 08:50 - 00000995 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk

2015-03-04 11:05 - 2015-03-04 11:05 - 16441032 _____ (Siber Systems) C:\Users\BF2010\Downloads\RoboForm-Setup(3).exe

2015-03-04 08:35 - 2015-03-04 08:36 - 22893912 _____ (Siber Systems) C:\Users\BF2010\Downloads\GoodSync-Setup(1).exe

2015-03-01 15:53 - 2015-03-01 15:54 - 16441032 _____ (Siber Systems) C:\Users\BF2010\Downloads\RoboForm-Setup(2).exe

2015-03-01 15:52 - 2015-03-01 15:52 - 16441032 _____ (Siber Systems) C:\Users\BF2010\Downloads\RoboForm-Setup(1).exe

 

 

==================== One Month Modified Files and Folders =======

 

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

 

2015-03-31 07:44 - 2014-10-23 11:19 - 00000000 ____D () C:\FRST

2015-03-31 07:44 - 2011-04-10 11:39 - 01212330 _____ () C:\Windows\WindowsUpdate.log

2015-03-31 07:43 - 2015-02-07 08:38 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2785784116-2001642337-1380054423-1000Core1d042a91e5b5bc2.job

2015-03-31 07:43 - 2014-07-18 16:09 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2785784116-2001642337-1380054423-1000UA.job

2015-03-31 07:43 - 2014-07-18 16:09 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2785784116-2001642337-1380054423-1000Core.job

2015-03-31 07:38 - 2015-02-07 08:53 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d042ab334f8992.job

2015-03-31 07:38 - 2014-07-25 10:36 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-31 07:38 - 2011-10-26 17:36 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-03-31 07:38 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-31 07:37 - 2010-03-25 11:47 - 00000000 ____D () C:\Users\BF2010

2015-03-31 07:36 - 2013-09-27 16:51 - 00000000 ____D () C:\AdwCleaner

2015-03-31 07:17 - 2009-07-14 05:34 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-31 07:17 - 2009-07-14 05:34 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-30 19:58 - 2015-02-07 08:53 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d042ab34e17a14.job

2015-03-30 19:58 - 2014-07-25 10:36 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-03-30 17:43 - 2013-07-14 07:05 - 00000000 ____D () C:\Users\BF2010\Desktop\PHEREO PICS

2015-03-29 08:13 - 2010-02-15 17:52 - 00127016 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-03-28 09:08 - 2010-06-07 15:40 - 00000000 ___RD () C:\Users\BF2010\Desktop\unwanted for now

2015-03-27 13:38 - 2014-12-23 15:21 - 00000000 ____D () C:\Program Files\Common Files\Skype

2015-03-27 13:38 - 2014-12-13 13:18 - 00000000 ____D () C:\Windows\system32\appraiser

2015-03-27 13:38 - 2014-08-19 18:10 - 00000000 ___RD () C:\Program Files\Skype

2015-03-27 13:38 - 2014-07-11 13:19 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-03-27 13:38 - 2014-01-07 08:25 - 00000000 ____D () C:\Users\BF2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup

2015-03-27 13:38 - 2010-05-14 11:51 - 00000000 ____D () C:\ProgramData\Skype

2015-03-27 13:38 - 2010-03-26 11:45 - 00000000 ____D () C:\Users\BF2010\AppData\Roaming\IrfanView

2015-03-27 13:38 - 2010-03-26 09:54 - 00000000 ____D () C:\Program Files\FileHippo.com

2015-03-27 13:38 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration

2015-03-26 13:30 - 2013-08-14 06:56 - 00000000 ____D () C:\Windows\system32\MRT

2015-03-26 13:08 - 2010-02-16 11:43 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-03-25 07:42 - 2010-05-14 11:52 - 00000000 ____D () C:\Users\BF2010\AppData\Roaming\Skype

2015-03-24 15:54 - 2014-05-28 10:21 - 00000000 ____D () C:\Users\BF2010\Desktop\hals 3d

2015-03-24 15:19 - 2012-09-04 06:59 - 00000000 ___RD () C:\Users\BF2010\Desktop\quick

2015-03-24 12:01 - 2010-04-07 08:57 - 00000000 ____D () C:\ProgramData\ZoomBrowser

2015-03-14 19:00 - 2011-05-20 14:22 - 00000000 ____D () C:\Users\BF2010\AppData\Roaming\GoodSync

2015-03-14 15:28 - 2011-01-31 08:18 - 00000000 ____D () C:\Users\BF2010\AppData\Local\CrashDumps

2015-03-12 12:38 - 2014-11-27 11:07 - 00000000 ____D () C:\Program Files\OpenOffice 4

2015-03-12 12:35 - 2014-11-27 11:49 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1

2015-03-12 11:36 - 2012-05-03 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2015-03-11 16:47 - 2015-02-17 16:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2015-03-11 16:44 - 2015-02-17 16:12 - 00001085 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-03-11 16:44 - 2015-02-17 16:12 - 00001073 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-03-11 16:23 - 2015-02-10 12:58 - 00000000 ____D () C:\Users\BF2010\AppData\Local\Windows Live

2015-03-10 18:29 - 2015-01-31 11:27 - 00000000 ____D () C:\Users\bob02\AppData\Local\Google

2015-03-10 18:25 - 2013-12-19 12:05 - 10392120 _____ () C:\Program Files\Common Files\lpuninstall.exe

2015-03-10 14:09 - 2014-10-19 08:52 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-03-10 08:55 - 2014-09-18 14:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2015-03-10 08:55 - 2014-09-18 11:46 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2015-03-10 08:55 - 2012-02-21 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm

2015-03-10 08:54 - 2010-04-20 11:25 - 00000000 ____D () C:\Windows\pss

2015-03-10 08:54 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\security

2015-03-10 08:54 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Help

2015-03-06 09:12 - 2010-02-16 15:49 - 00000000 ____D () C:\Program Files\Java

2015-03-06 08:12 - 2011-08-13 12:27 - 00000000 ___RD () C:\Users\BF2010\Dropbox

2015-03-06 08:12 - 2011-08-13 12:24 - 00000000 ____D () C:\Users\BF2010\AppData\Roaming\Dropbox

2015-03-05 15:24 - 2011-12-09 19:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-03-05 08:52 - 2011-12-09 19:15 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-03-05 08:52 - 2011-09-09 07:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

 

 

==================== Files in the root of some directories =======

 

 

2014-10-13 15:58 - 2011-02-20 00:03 - 0421200 _____ (Microsoft Corporation) C:\Program Files\msvcp100.dll

2014-10-13 15:58 - 2011-02-19 01:40 - 0773968 _____ (Microsoft Corporation) C:\Program Files\msvcr100.dll

2015-03-08 10:14 - 2014-09-30 18:37 - 3223552 _____ (Masuji SUTO & David Sykes) C:\Program Files\stphmkre.exe

2013-12-19 12:05 - 2015-03-10 18:25 - 10392120 _____ () C:\Program Files\Common Files\lpuninstall.exe

2010-10-09 09:39 - 2012-04-14 12:57 - 0000132 _____ () C:\Users\BF2010\AppData\Roaming\Adobe BMP Format CS5 Prefs

2010-10-22 15:45 - 2012-07-20 06:58 - 0000132 _____ () C:\Users\BF2010\AppData\Roaming\Adobe PNG Format CS5 Prefs

2010-08-12 12:50 - 2010-08-12 12:50 - 0038429 _____ () C:\Users\BF2010\AppData\Roaming\Comma Separated Values (DOS).ADR

2010-03-31 16:42 - 2011-11-07 13:00 - 0000141 _____ () C:\Users\BF2010\AppData\Roaming\default.rss

2010-06-01 15:31 - 2010-06-01 15:31 - 0000000 _____ () C:\Users\BF2010\AppData\Roaming\downloads.m3u

2014-11-16 17:53 - 2014-11-16 18:48 - 0000115 _____ () C:\Users\BF2010\AppData\Roaming\LogFile.txt

2010-06-25 06:54 - 2010-06-25 06:55 - 0000195 _____ () C:\Users\BF2010\AppData\Roaming\ltbpr.dat

2010-06-30 15:28 - 2010-07-12 17:26 - 0038131 _____ () C:\Users\BF2010\AppData\Roaming\mdbu.bin

2014-10-20 10:20 - 2014-10-20 10:20 - 0000528 _____ () C:\Users\BF2010\AppData\Roaming\NMM-MetaData.db

2012-05-02 10:45 - 2012-11-04 18:32 - 0282624 _____ () C:\Users\BF2010\AppData\Roaming\SettingsDB.sdf

2011-07-27 09:54 - 2012-08-12 10:30 - 0000268 ___RH () C:\Users\BF2010\AppData\Roaming\Static Library

2011-12-22 16:27 - 2014-10-16 06:57 - 0000268 ___RH () C:\Users\BF2010\AppData\Roaming\StatusSheet

2011-07-27 09:54 - 2012-08-12 10:30 - 0000268 ___RH () C:\Users\BF2010\AppData\Roaming\Stingers

2012-08-12 07:03 - 2014-07-11 16:06 - 0000000 _____ () C:\Users\BF2010\AppData\Roaming\Synth Textures

2014-10-21 16:43 - 2014-10-22 11:21 - 0000067 _____ () C:\Users\BF2010\AppData\Roaming\WB.CFG

2010-09-13 12:54 - 2014-04-04 07:46 - 0001456 _____ () C:\Users\BF2010\AppData\Local\Adobe Save for Web 12.0 Prefs

2010-03-26 18:52 - 2013-02-28 16:48 - 0033280 _____ () C:\Users\BF2010\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-10-19 15:56 - 2014-10-19 15:56 - 0000001 _____ () C:\Users\BF2010\AppData\Local\DSI.DAT

2010-10-30 15:27 - 2014-04-13 09:06 - 0007648 _____ () C:\Users\BF2010\AppData\Local\resmon.resmoncfg

2011-08-13 16:24 - 2011-08-13 16:24 - 0000000 _____ () C:\Users\BF2010\AppData\Local\{CB311B15-645B-467F-AB72-A373C4B2F9EB}

2011-04-17 08:09 - 2011-04-17 08:14 - 0000088 __RSH () C:\ProgramData\DE100F8271.sys

2014-07-15 08:37 - 2014-07-15 08:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2010-05-14 12:23 - 2010-05-14 12:23 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

2011-04-17 08:09 - 2011-04-17 08:19 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys

2012-08-12 07:02 - 2014-07-11 16:06 - 0000000 ____H () C:\ProgramData\PKP_DLeo.DAT

2011-07-27 09:54 - 2014-10-16 06:57 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT

2011-07-27 09:54 - 2014-10-19 10:26 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT

2011-07-27 09:54 - 2014-02-04 17:29 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

2012-08-12 08:45 - 2012-08-12 08:45 - 0000000 _____ () C:\ProgramData\StartupItems

2012-08-12 08:45 - 2012-08-12 08:45 - 0000000 _____ () C:\ProgramData\StatusSheet

2012-08-12 10:30 - 2012-08-12 10:30 - 0000268 ___RH () C:\ProgramData\String Ensemble

2014-10-16 06:57 - 2014-10-16 06:57 - 0000268 ___RH () C:\ProgramData\Strings

2012-08-12 10:30 - 2012-08-12 10:30 - 0000268 ___RH () C:\ProgramData\Super Strings

2014-10-16 06:57 - 2014-10-16 06:57 - 0000012 ___RH () C:\ProgramData\Textures

2012-08-12 10:30 - 2012-08-12 10:30 - 0000012 ___RH () C:\ProgramData\Track Settings

 

 

Some content of TEMP:

====================

C:\Users\BF2010\AppData\Local\Temp\APNSetup.exe

C:\Users\BF2010\AppData\Local\Temp\C-Users-BF2010-Downloads-stphmkre506.zip-stphmkre.exe

C:\Users\BF2010\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpforaoy.dll

C:\Users\BF2010\AppData\Local\Temp\nvStInst.exe

C:\Users\BF2010\AppData\Local\Temp\Quarantine.exe

C:\Users\BF2010\AppData\Local\Temp\sqlite3.dll

 

 

 

 

==================== Bamital & volsnap Check =================

 

 

(There is no automatic fix for files that do not pass verification.)

 

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

 

 

LastRegBack: 2015-03-25 15:21

 

 

==================== End Of Log ============================

 

# AdwCleaner v4.200 - Logfile created 31/03/2015 at 07:35:57

# Updated 29/03/2015 by Xplode

# Database : 2015-03-29.1 [server]

# Operating system : Windows 7 Home Premium (x86)

# Username : BF2010 - BF2010-PC

# Running from : C:\Users\BF2010\Downloads\adwcleaner_4.200.exe

# Option : Cleaning

 

 

***** [ Services ] *****

 

 

 

 

***** [ Files / Folders ] *****

 

 

Folder Deleted : C:\ProgramData\Driver Manager

Folder Deleted : C:\Program Files\TotalSystemCare

Folder Deleted : C:\Program Files\DriverTuner

Folder Deleted : C:\Program Files\Driver Manager

[!] Folder Deleted : C:\Users\BF2010\hosts

Folder Deleted : C:\Users\BF2010\AppData\Local\DriverTuner

Folder Deleted : C:\Users\BF2010\AppData\Local\StormFall

Folder Deleted : C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk

File Deleted : C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eekjldapjblgadclklmgolijbagmdnfk_0.localstorage

File Deleted : C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eekjldapjblgadclklmgolijbagmdnfk_0.localstorage-journal

File Deleted : C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_eekjldapjblgadclklmgolijbagmdnfk_0

 

 

***** [ Scheduled tasks ] *****

 

 

 

 

***** [ Shortcuts ] *****

 

 

 

 

***** [ Registry ] *****

 

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf

Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL

Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1

Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}

Key Deleted : HKCU\Software\DriverTuner_Init

Key Deleted : HKCU\Software\DriverTuner

Key Deleted : HKLM\SOFTWARE\TotalSystemCare

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

 

 

***** [ Web browsers ] *****

 

 

-\\ Internet Explorer v9.0.8112.16599

 

 

 

 

-\\ Mozilla Firefox v36.0.1 (x86 en-US)

 

 

 

 

-\\ Google Chrome v43.0.2342.2

 

 

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20120113144702133&tb_oid=13-01-2012&tb_mrud=13-01-2012

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCzyyDtCyCyB0EzzyB0F0DtN0D0Tzu0CyCtBtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1963939764&ir=

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://isearch.avg.com/search?cid={2A2015BF-6395-48D3-B379-6487DAD9A87C}&mid=bb5fa39af0b147d0be1fd16b2f00eb96-7eb6571dbf07b5d1c1a910933d6d6d6b0c5f32d6&lang=en&ds=ft011&pr=sa&d=2012-06-25 11:43:53&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP14A48A8A-755D-4FE4-909D-9F0D6F07A68D&q={searchTerms}&SSPV=

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN38319773231728026&ctid=CT3289847&UM=2&sspv=CHNTI1

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Result***t.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282134&CUI=UN79000941023695132

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=01f7e029-3f2c-4aa1-b9bf-5603c525bc08&searchtype=ds&q={searchTerms}

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw={searchTerms}&tbid=60308

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://start.iminent.com/?appId=FB501CB0-7B16-4D7F-9B0F-46C293D57FC7&ref=toolbox&q={searchTerms}

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=X-TU&o=13983&src=kw&q={searchTerms}&locale=&apn_ptnrs=T3&apn_dtid=YYYYYYYYGB&apn_uid=e30a965a-29df-4a52-aa48-b8adeefed738&apn_sauid=A733475A-35C1-4804-9C7A-D6B2FB1804E4

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.roboform.com/search-results?cx=015801006164109306571%3Ahfae6nedzr4&cof=FORID%3A11&ie=UTF-8&q={searchTerms}&commit=

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}

[C:\Users\bob02\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20120113144702133&tb_oid=13-01-2012&tb_mrud=13-01-2012

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCzyyDtCyCyB0EzzyB0F0DtN0D0Tzu0CyCtBtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1963939764&ir=

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://isearch.avg.com/search?cid={2A2015BF-6395-48D3-B379-6487DAD9A87C}&mid=bb5fa39af0b147d0be1fd16b2f00eb96-7eb6571dbf07b5d1c1a910933d6d6d6b0c5f32d6&lang=en&ds=ft011&pr=sa&d=2012-06-25 11:43:53&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP14A48A8A-755D-4FE4-909D-9F0D6F07A68D&q={searchTerms}&SSPV=

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN38319773231728026&ctid=CT3289847&UM=2&sspv=CHNTI1

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.roboform.com/search-results?cx=015801006164109306571%3Ahfae6nedzr4&cof=FORID%3A11&ie=UTF-8&q={searchTerms}&commit=

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Result***t.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282134&CUI=UN79000941023695132

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=01f7e029-3f2c-4aa1-b9bf-5603c525bc08&searchtype=ds&q={searchTerms}

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw={searchTerms}&tbid=60308

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://start.iminent.com/?appId=FB501CB0-7B16-4D7F-9B0F-46C293D57FC7&ref=toolbox&q={searchTerms}

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=X-TU&o=13983&src=kw&q={searchTerms}&locale=&apn_ptnrs=T3&apn_dtid=YYYYYYYYGB&apn_uid=e30a965a-29df-4a52-aa48-b8adeefed738&apn_sauid=A733475A-35C1-4804-9C7A-D6B2FB1804E4

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : eekjldapjblgadclklmgolijbagmdnfk

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCzyyDtCyCyB0EzzyB0F0DtN0D0Tzu0CyCtBtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1963939764&ir=

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [startup_URLs] : hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCzyyDtCyCyB0EzzyB0F0DtN0D0Tzu0CyCtBtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1963939764&ir=

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] :

 

 

-\\ Comodo Dragon v

 

 

 

 

-\\ Opera v0.0.0.0

 

 

 

 

-\\ Chrome Canary v

 

 

 

 

*************************

 

 

AdwCleaner[R0].txt - [1047 bytes] - [27/09/2013 16:54:27]

AdwCleaner[R1].txt - [1164 bytes] - [27/09/2013 17:43:44]

AdwCleaner[R2].txt - [4567 bytes] - [23/10/2014 15:25:28]

AdwCleaner[R3].txt - [8020 bytes] - [23/10/2014 15:28:09]

AdwCleaner[R4].txt - [3280 bytes] - [04/11/2014 17:00:41]

AdwCleaner[R5].txt - [6638 bytes] - [18/01/2015 11:18:36]

AdwCleaner[R6].txt - [6698 bytes] - [18/01/2015 15:50:24]

AdwCleaner[R7].txt - [1554 bytes] - [18/01/2015 16:03:25]

AdwCleaner[R8].txt - [40384 bytes] - [31/03/2015 07:33:02]

AdwCleaner[s0].txt - [1115 bytes] - [27/09/2013 16:55:10]

AdwCleaner[s1].txt - [1232 bytes] - [27/09/2013 17:44:54]

AdwCleaner[s2].txt - [8272 bytes] - [23/10/2014 15:33:14]

AdwCleaner[s3].txt - [3468 bytes] - [04/11/2014 17:03:23]

AdwCleaner[s4].txt - [6861 bytes] - [18/01/2015 15:53:15]

AdwCleaner[s5].txt - [1615 bytes] - [18/01/2015 16:05:50]

AdwCleaner[s6].txt - [11070 bytes] - [31/03/2015 07:35:57]

 

 

########## EOF - C:\AdwCleaner\AdwCleaner[s6].txt - [11130 bytes] ##########

# AdwCleaner v4.200 - Logfile created 31/03/2015 at 07:35:57

# Updated 29/03/2015 by Xplode

# Database : 2015-03-29.1 [server]

# Operating system : Windows 7 Home Premium (x86)

# Username : BF2010 - BF2010-PC

# Running from : C:\Users\BF2010\Downloads\adwcleaner_4.200.exe

# Option : Cleaning

 

 

***** [ Services ] *****

 

 

 

 

***** [ Files / Folders ] *****

 

 

Folder Deleted : C:\ProgramData\Driver Manager

Folder Deleted : C:\Program Files\TotalSystemCare

Folder Deleted : C:\Program Files\DriverTuner

Folder Deleted : C:\Program Files\Driver Manager

[!] Folder Deleted : C:\Users\BF2010\hosts

Folder Deleted : C:\Users\BF2010\AppData\Local\DriverTuner

Folder Deleted : C:\Users\BF2010\AppData\Local\StormFall

Folder Deleted : C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk

File Deleted : C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eekjldapjblgadclklmgolijbagmdnfk_0.localstorage

File Deleted : C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eekjldapjblgadclklmgolijbagmdnfk_0.localstorage-journal

File Deleted : C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_eekjldapjblgadclklmgolijbagmdnfk_0

 

 

***** [ Scheduled tasks ] *****

 

 

 

 

***** [ Shortcuts ] *****

 

 

 

 

***** [ Registry ] *****

 

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf

Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL

Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1

Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}

Key Deleted : HKCU\Software\DriverTuner_Init

Key Deleted : HKCU\Software\DriverTuner

Key Deleted : HKLM\SOFTWARE\TotalSystemCare

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

 

 

***** [ Web browsers ] *****

 

 

-\\ Internet Explorer v9.0.8112.16599

 

 

 

 

-\\ Mozilla Firefox v36.0.1 (x86 en-US)

 

 

 

 

-\\ Google Chrome v43.0.2342.2

 

 

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20120113144702133&tb_oid=13-01-2012&tb_mrud=13-01-2012

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCzyyDtCyCyB0EzzyB0F0DtN0D0Tzu0CyCtBtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1963939764&ir=

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://isearch.avg.com/search?cid={2A2015BF-6395-48D3-B379-6487DAD9A87C}&mid=bb5fa39af0b147d0be1fd16b2f00eb96-7eb6571dbf07b5d1c1a910933d6d6d6b0c5f32d6&lang=en&ds=ft011&pr=sa&d=2012-06-25 11:43:53&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP14A48A8A-755D-4FE4-909D-9F0D6F07A68D&q={searchTerms}&SSPV=

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN38319773231728026&ctid=CT3289847&UM=2&sspv=CHNTI1

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Result***t.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282134&CUI=UN79000941023695132

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=01f7e029-3f2c-4aa1-b9bf-5603c525bc08&searchtype=ds&q={searchTerms}

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw={searchTerms}&tbid=60308

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://start.iminent.com/?appId=FB501CB0-7B16-4D7F-9B0F-46C293D57FC7&ref=toolbox&q={searchTerms}

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=X-TU&o=13983&src=kw&q={searchTerms}&locale=&apn_ptnrs=T3&apn_dtid=YYYYYYYYGB&apn_uid=e30a965a-29df-4a52-aa48-b8adeefed738&apn_sauid=A733475A-35C1-4804-9C7A-D6B2FB1804E4

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.roboform.com/search-results?cx=015801006164109306571%3Ahfae6nedzr4&cof=FORID%3A11&ie=UTF-8&q={searchTerms}&commit=

[C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}

[C:\Users\bob02\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20120113144702133&tb_oid=13-01-2012&tb_mrud=13-01-2012

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCzyyDtCyCyB0EzzyB0F0DtN0D0Tzu0CyCtBtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1963939764&ir=

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://isearch.avg.com/search?cid={2A2015BF-6395-48D3-B379-6487DAD9A87C}&mid=bb5fa39af0b147d0be1fd16b2f00eb96-7eb6571dbf07b5d1c1a910933d6d6d6b0c5f32d6&lang=en&ds=ft011&pr=sa&d=2012-06-25 11:43:53&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP14A48A8A-755D-4FE4-909D-9F0D6F07A68D&q={searchTerms}&SSPV=

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN38319773231728026&ctid=CT3289847&UM=2&sspv=CHNTI1

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.roboform.com/search-results?cx=015801006164109306571%3Ahfae6nedzr4&cof=FORID%3A11&ie=UTF-8&q={searchTerms}&commit=

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.conduit.com/Result***t.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282134&CUI=UN79000941023695132

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=01f7e029-3f2c-4aa1-b9bf-5603c525bc08&searchtype=ds&q={searchTerms}

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw={searchTerms}&tbid=60308

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://start.iminent.com/?appId=FB501CB0-7B16-4D7F-9B0F-46C293D57FC7&ref=toolbox&q={searchTerms}

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=X-TU&o=13983&src=kw&q={searchTerms}&locale=&apn_ptnrs=T3&apn_dtid=YYYYYYYYGB&apn_uid=e30a965a-29df-4a52-aa48-b8adeefed738&apn_sauid=A733475A-35C1-4804-9C7A-D6B2FB1804E4

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : eekjldapjblgadclklmgolijbagmdnfk

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCzyyDtCyCyB0EzzyB0F0DtN0D0Tzu0CyCtBtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1963939764&ir=

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [startup_URLs] : hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCzyyDtCyCyB0EzzyB0F0DtN0D0Tzu0CyCtBtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1963939764&ir=

[C:\Users\bob2\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] :

 

 

-\\ Comodo Dragon v

 

 

 

 

-\\ Opera v0.0.0.0

 

 

 

 

-\\ Chrome Canary v

 

 

 

 

*************************

 

 

AdwCleaner[R0].txt - [1047 bytes] - [27/09/2013 16:54:27]

AdwCleaner[R1].txt - [1164 bytes] - [27/09/2013 17:43:44]

AdwCleaner[R2].txt - [4567 bytes] - [23/10/2014 15:25:28]

AdwCleaner[R3].txt - [8020 bytes] - [23/10/2014 15:28:09]

AdwCleaner[R4].txt - [3280 bytes] - [04/11/2014 17:00:41]

AdwCleaner[R5].txt - [6638 bytes] - [18/01/2015 11:18:36]

AdwCleaner[R6].txt - [6698 bytes] - [18/01/2015 15:50:24]

AdwCleaner[R7].txt - [1554 bytes] - [18/01/2015 16:03:25]

AdwCleaner[R8].txt - [40384 bytes] - [31/03/2015 07:33:02]

AdwCleaner[s0].txt - [1115 bytes] - [27/09/2013 16:55:10]

AdwCleaner[s1].txt - [1232 bytes] - [27/09/2013 17:44:54]

AdwCleaner[s2].txt - [8272 bytes] - [23/10/2014 15:33:14]

AdwCleaner[s3].txt - [3468 bytes] - [04/11/2014 17:03:23]

AdwCleaner[s4].txt - [6861 bytes] - [18/01/2015 15:53:15]

AdwCleaner[s5].txt - [1615 bytes] - [18/01/2015 16:05:50]

AdwCleaner[s6].txt - [11070 bytes] - [31/03/2015 07:35:57]

 

 

########## EOF - C:\AdwCleaner\AdwCleaner[s6].txt - [11130 bytes] ##########

Bob

(bob12a)

My 3D pictures need red cyan glasses to view

medion MD8855,Win 7 IE8, Firefox/3, Avast,MS security essentials, NERO 9,malware bytes.Mailwasher pro ,6.54,Roboform,spybot S&D 1.6, Canon ixus 860 X 2,PS CS5

bob12a Newbie

bob12a

Posted
  • Author
Posted
Hi Bob,

 

You seem to have forgotten to post the 'addition.txt' from FRST.

There will be a copy here:

C:\Users\BF2010\Desktop\unwanted for now\pete

 

Thanks

 

 

Sorry silly me with your help I feel so confident getting round now.

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015

Ran by BF2010 at 2015-03-31 07:45:55

Running from C:\Users\BF2010\Desktop\unwanted for now\pete

Boot Mode: Normal

==========================================================

 

 

 

 

==================== Security Center ========================

 

 

(If an entry is included in the fixlist, it will be removed.)

 

 

AV: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

 

 

==================== Installed Programs ======================

 

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

 

Acronis True Image Home 2012 (HKLM\...\{BE0CD30D-69A6-4B3A-857D-218C2C32E912}Visible) (Version: 15.0.7119 - Acronis)

Acronis True Image Home 2012 (Version: 15.0.7119 - Acronis) Hidden

Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.143 - Adobe Systems Incorporated)

Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM\...\{1D55DE93-486D-40F7-88F3-CF08578F82AA}) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)

Akamai NetSession Interface (HKU\S-1-5-21-2785784116-2001642337-1380054423-1000\...\Akamai) (Version: - Akamai Technologies, Inc)

AMD Catalyst Install Manager (HKLM\...\{DC7723BE-A2BB-58A0-4820-5630F9B82198}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

AOL Messaging Toolbar (HKU\S-1-5-21-2785784116-2001642337-1380054423-1000\...\AOL Messaging Toolbar) (Version: - )

Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Application Profiles (HKLM\...\{64491CEE-3E23-AD3B-F8A5-CCDF2F8B7846}) (Version: 2.0.3937.33979 - ATI Technologies, Inc.)

ATI Catalyst Registration (Version: 3.00.0000 - ATI Technologies Inc.) Hidden

ATI Stream SDK v2 Developer (HKLM\...\{12E80513-E131-EEB9-56E1-AAB7850B7151}) (Version: 2.2.0.0 - ATI Technologies Inc.)

Belarc Advisor 8.1 (HKLM\...\Belarc Advisor) (Version: - )

Canon G.726 WMP-Decoder (HKLM\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - )

CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.)

Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)

Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)

Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.)

Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.)

Canon MP Navigator EX 4.1 (HKLM\...\MP Navigator EX 4.1) (Version: - )

Canon Utilities CameraWindow DC (HKLM\...\CameraWindowDC) (Version: 7.0.1.16 - )

Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.)

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.4.1.15 - )

Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)

Canon Utilities MyCamera DC (HKLM\...\MyCameraDC) (Version: 7.0.0.5 - )

Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.20.44 - )

Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.7.1.9 - )

Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.)

Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)

CanoScan 8800F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805) (Version: - )

CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)

ChromecastApp (HKU\S-1-5-21-2785784116-2001642337-1380054423-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)

Dropbox (HKU\S-1-5-21-2785784116-2001642337-1380054423-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)

ESET NOD32 Antivirus (HKLM\...\{A1A01D26-AF53-42C0-9DAE-1BC2FCC68812}) (Version: 8.0.304.0 - ESET, spol s r. o.)

Evernote v. 5.8.4 (HKLM\...\{C15841A6-C20A-11E4-977D-00163E98E7D6}) (Version: 5.8.4.6870 - Evernote Corp.)

FileHippo App Manager (HKLM\...\FileHippo.com) (Version: - FileHippo.com)

Flickr Uploadr 3.2.1 (HKLM\...\Flickr Uploadr) (Version: - )

Gadwin PrintScreen (HKLM\...\Gadwin PrintScreen) (Version: 4.4 - Gadwin Systems, Inc.)

GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 9.9.12.2 - Siber Systems)

Google Apps (HKLM\...\{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}) (Version: 1.2.279.2381 - Google Inc.)

Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2342.2 - Google Inc.)

Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)

Google Drive (HKLM\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)

Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Talk Plugin (HKLM\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden

Google+ Auto Backup (HKU\S-1-5-21-2785784116-2001642337-1380054423-1000\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)

ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden

Intel® Driver Update Utility (HKLM\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)

IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)

Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)

Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)

Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)

Macrium Reflect Free Edition (Version: 5.3.7256 - Paramount Software (UK) Ltd.) Hidden

MailWasherPro (HKLM\...\{3F914D52-8A29-4E37-9BF7-7FD7A303D0D5}) (Version: 7.5 - Firetrust)

Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)

Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)

Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Windows Debugging Symbols (HKLM\...\{8DD62FB6-083D-40B9-9D7D-48449FDDDED5}) (Version: 7601 - Microsoft)

Microsoft Windows Debugging Symbols (HKLM\...\{C6DB958A-50CC-481B-9ED8-3BAD236F7B49}) (Version: 7601 - Microsoft)

Mozilla Firefox 36.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)

MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 P****r (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 P****r (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MSXML 4.0 SP3 P****r (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

Nikon Message Center 2 (HKLM\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)

NVIDIA 3D Vision Controller Driver 340.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.82 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 340.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.82 - NVIDIA Corporation)

NVIDIA 3D Vision PowerPack - Santa Cruz Beach Boardwalk (MPO) (HKLM\...\NVIDIA 3D Vision PowerPack - Santa Cruz Beach Bo~0CE22E54_is1) (Version: - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)

NVIDIA Graphics Driver 340.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.82 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden

Opanda IExif 2.3 (HKLM\...\Opanda IExif_is1) (Version: 2.3 - Opanda Studio)

OpenOffice Beta 4.1.0 (HKLM\...\{1F752D02-F576-4DD6-8DA7-E478283F455A}) (Version: 4.10.9760 - Apache Software Foundation)

OpenOffice.org Packages (HKU\S-1-5-21-2785784116-2001642337-1380054423-1000\...\OpenOffice.org Packages) (Version: - ) <==== ATTENTION

OverDrive Media Console (HKLM\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)

PC Connectivity Solution (HKLM\...\{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}) (Version: 8.47.7.0 - Nokia)

PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden

Phereoshop version 2.0.3 (HKLM\...\{2C3289CB-6AA8-42CC-808E-8BB671644CEF}}_is1) (Version: 2.0.3 - Phereo Ltd.)

Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)

Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.4.16 - Nikon)

PL-2303 USB-to-Serial (HKLM\...\{A9111573-EF12-4D80-A5B9-55F620D5BCA1}) (Version: 1.00.000 - Prolific Technology INC)

QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)

RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden

Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)

RoboForm 7-9-12-2 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-12-2 - Siber Systems)

Samsung PC Studio 7 (HKLM\...\Samsung PC Studio 7) (Version: 7.2.24.9 - Samsung)

Samsung PC Studio 7 (Version: 7.2.24.9 - Samsung) Hidden

SamsungConnectivityCableDriver (HKLM\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)

Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)

SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden

Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)

Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)

Spelling Check Dictionary From OpenOffice.org (HKLM\...\IE7ProSpellCheckDictionary_is1) (Version: - IE7Pro.com)

swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )

System Requirements Lab for Intel (HKLM\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)

The Lord of the Rings FREE Trial (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

TuneUp Utilities 2014 (en-US) (Version: 14.0.1000.340 - TuneUp Software) Hidden

TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)

TuneUp Utilities 2014 (Version: 14.0.1000.340 - TuneUp Software) Hidden

TuneUp Utilities Language Pack (en-GB) (Version: 9.0.6020.7 - TuneUp Software) Hidden

VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden

ViewNX 2 (HKLM\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.8.3 - Nikon)

WinDirStat 1.1.2 (HKU\S-1-5-21-2785784116-2001642337-1380054423-1000\...\WinDirStat) (Version: - )

Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)

WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

WinZip Driver Updater (HKLM\...\{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1) (Version: 1.0.648.15141 - WinZip Computing, S.L. (WinZip Computing))

 

 

==================== Custom CLSID (selected items): ==========================

 

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

CustomCLSID: HKU\S-1-5-21-2785784116-2001642337-1380054423-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {18A72FAE-9468-D082-F8BF-D6E985889A47} No File

CustomCLSID: HKU\S-1-5-21-2785784116-2001642337-1380054423-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\BF2010\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2785784116-2001642337-1380054423-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\BF2010\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2785784116-2001642337-1380054423-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\BF2010\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2785784116-2001642337-1380054423-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\BF2010\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2785784116-2001642337-1380054423-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\BF2010\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)

CustomCLSID: HKU\S-1-5-21-2785784116-2001642337-1380054423-1000_Classes\CLSID\{3A2B370C-BA0A-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\Windows\System32\MSChrt20.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2785784116-2001642337-1380054423-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)

CustomCLSID: HKU\S-1-5-21-2785784116-2001642337-1380054423-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\BF2010\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2785784116-2001642337-1380054423-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\BF2010\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)

CustomCLSID: HKU\S-1-5-21-2785784116-2001642337-1380054423-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\BF2010\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2785784116-2001642337-1380054423-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\BF2010\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2785784116-2001642337-1380054423-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\BF2010\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2785784116-2001642337-1380054423-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {436EE116-9468-D082-4071-1FB285889A47} No File

CustomCLSID: HKU\S-1-5-21-2785784116-2001642337-1380054423-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\BF2010\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2785784116-2001642337-1380054423-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\BF2010\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2785784116-2001642337-1380054423-1000_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\System32\ComDlg32.ocx (Microsoft Corporation)

 

 

==================== Restore Points =========================

 

 

08-02-2015 19:12:32 Windows Update

09-02-2015 11:15:19 Windows Update

09-02-2015 22:03:17 Windows Update

10-02-2015 12:04:42 Windows Update

10-02-2015 12:56:39 Windows Update

10-02-2015 15:18:40 Windows Update

10-02-2015 16:31:12 Windows 7 Service Pack 1

12-02-2015 12:28:39 Windows 7 Service Pack 1

12-02-2015 17:23:20 Windows 7 Service Pack 1

13-02-2015 13:23:22 Windows Update

13-02-2015 14:51:39 Windows Update

14-02-2015 18:15:06 Windows Update

15-02-2015 10:18:54 Windows Update

18-02-2015 14:59:32 Windows Update

18-02-2015 16:02:50 Windows Update

18-02-2015 16:53:55 Windows Update

18-02-2015 17:46:22 Windows Update

18-02-2015 17:56:23 Windows 7 Service Pack 1

22-02-2015 09:26:21 Windows Update

24-02-2015 10:56:08 Installed QuickTime 7

01-03-2015 17:55:03 Installed Evernote v. 5.8.3

03-03-2015 06:59:59 Windows Update

04-03-2015 16:48:05 Revo Uninstaller Pro's restore point - Google Desktop

06-03-2015 10:52:55 Installed NVIDIA 3D Vision Controller Driver

06-03-2015 11:34:28 Device Driver Package Install: NVIDIA Display adapters

06-03-2015 11:38:55 Device Driver Package Install: NVIDIA Universal Serial Bus controllers

10-03-2015 08:37:06 Restore Operation

10-03-2015 13:11:24 Installed Evernote v. 5.8.4

12-03-2015 09:02:34 Revo Uninstaller Pro's restore point - Bing Bar

12-03-2015 12:23:54 Revo Uninstaller Pro's restore point - OpenOffice 4.1.1

12-03-2015 12:30:58 Revo Uninstaller Pro's restore point - OpenOffice 4.1.1

23-03-2015 09:41:36 Scheduled Checkpoint

24-03-2015 10:29:55 Revo Uninstaller Pro's restore point - Google Chrome

24-03-2015 10:54:20 Revo Uninstaller Pro's restore point - Google Chrome

24-03-2015 11:27:40 Revo Uninstaller Pro's restore point - Google Chrome

24-03-2015 11:37:40 Revo Uninstaller Pro's restore point - FileHippo App Manager

26-03-2015 13:00:12 Windows Update

27-03-2015 12:04:56 Restore Operation

 

 

==================== Hosts content: ==========================

 

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

 

2012-01-02 18:49 - 2014-11-12 18:11 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

 

 

==================== Scheduled Tasks (whitelisted) =============

 

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

 

Task: {01B0317C-9CAB-41F9-A0CE-1C04AF35FC4B} - System32\Tasks\{9344D798-3E54-4CCE-8A86-5CEBE6975F72} => C:\Program Files\OpenOffice.org 3\program\soffice.exe

Task: {0251EE7E-7220-47CD-B8AB-C695311F1A3C} - System32\Tasks\{41335245-26B6-47B7-90D9-3CF17F05DBF3} => pcalua.exe -a "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall ENTERPRISE /dll OSETUP.DLL

Task: {07AC61EB-4C9D-4F36-94B0-7CCE73B3F6E2} - System32\Tasks\{5556D11D-E43B-401E-A433-8F05EDB3B061} => C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe

Task: {0F0E2306-3C14-4165-8C2C-265152E122B4} - System32\Tasks\{FBC9DBED-56BA-418F-ADB2-433CB51523C6} => P:\Corel\Suite8\Programs\QPW.EXE

Task: {12D083B6-A9BB-46BE-AA68-F850AFADADCA} - System32\Tasks\{48DB1C6C-E5BE-4C0E-A719-123C5A319D9E} => pcalua.exe -a C:\Users\BF2010\Downloads\262.99_desktop_win7_winvista_32bit_international_whql.exe -d "C:\Program Files\Siber Systems\AI RoboForm"

Task: {1307ABFE-C408-4594-A0A0-8A416ADCB3ED} - System32\Tasks\AdobeAAMUpdater-1.0-BF2010-PC-BF2010 => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)

Task: {1737D2CC-6EA5-45CE-9B8A-68E6317BC59B} - System32\Tasks\{FE0E1F2F-ADA4-45A2-8E87-32CC72C6D24D} => C:\Program Files\Nikon\ViewNX 2\ViewNX 2\ViewNX2.exe [2013-10-28] (Nikon Corporation)

Task: {1761766C-6DC8-41BC-A442-39519F1FC738} - System32\Tasks\GoogleUpdateTaskMachineUA1d042ab34e17a14 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-25] (Google Inc.)

Task: {1DBBDEA5-C11F-47E3-A6A5-C6C3F17A0DE3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {1EA8882B-65DE-40E3-8C9B-F4D4A33A8C24} - System32\Tasks\{619F0BF5-B5EF-4C4C-BF5A-5B393B837779} => pcalua.exe -a C:\Users\BF2010\Downloads\slideshow_maker_45mb_d_en.exe -d C:\Windows\system32

Task: {2B6C157B-8111-439A-AB85-7563D390DE43} - System32\Tasks\{37403A8C-53CE-44C6-9450-AF2A5F2DF1E0} => C:\Program Files\DivX\DivX Control Panel\DivXControlPanelLauncher.exe [2014-05-16] (DivX, LLC)

Task: {2D757B91-D245-4BBA-A1E1-1512D1178E6C} - System32\Tasks\{6FF85DCC-0C80-408B-B051-BF34FEF0CB54} => Chrome.exe

Task: {2DE828C4-F519-4420-8338-4422DE8EE0EF} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {2FBAD68D-8356-4FB7-8C08-C10A6FD6CDED} - System32\Tasks\{3806D91D-72E8-4090-82B4-0791E3DEF11E} => pcalua.exe -a "C:\Users\BF2010\Downloads\RapportSetup (1).exe" -d C:\Users\BF2010\Downloads

Task: {376BD28D-C816-48EA-8589-0FBE247E9ECC} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-03-04] (Siber Systems)

Task: {382F6045-9DE5-48E8-A031-929C6CA1AC2D} - System32\Tasks\{2D028456-F4E0-458E-9007-74A8D11996C6} => pcalua.exe -a C:\ProgramData\Installations\{AB6F6C80-1C35-4672-BDEF-F26FF214C409}\Samsung_PC_Studio_7.2.24.9.exe

Task: {3843B79C-BF6B-4AD6-8416-D3373FF4871F} - System32\Tasks\Run RoboForm Process => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-03-04] (Siber Systems)

Task: {39F83244-08D1-405D-9057-4DC3103B71D5} - System32\Tasks\DivX online update program => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2014-01-10] ()

Task: {3A203D79-1103-4E78-800D-12FAA3C718DA} - System32\Tasks\{C945E00E-755C-4ADD-873C-DA1C884EB2E0} => Chrome.exe http://ui.skype.com/ui/0/5.8.0.154/en/abandoninstall?source=lightinstaller&page=tsProgressBar

Task: {3CD1DF7B-3262-49EC-BE73-C61645794198} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMIMKJIMIMMJMMOJJMCNMJNMKJNJCNLMKJNJMMCNGMOJGMKJCNMMJMLJOJGMOJNMNJOJMMKJHMJNJICMJMCNOMPMCNOMFMHMCNPMCNIMJMPMPMFMJMCNOMCNIMJMPMPMCNNMJNPICMOMFMMJBJKJLIMJFMNMNMGMJNHICMEKMICNJJCKJNBJCMNLJLNMPMOMPMJNKJCMJNNICMJNDJCMKJBJ"

Task: {3D2129CA-3F27-49CC-BF6E-A91977D3BD67} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)

Task: {44647509-3F83-4E91-8386-E07ED0CF8390} - System32\Tasks\{3D4FEB0F-D28B-499B-A202-9EF0949AA814} => pcalua.exe -a C:\Users\BF2010\Desktop\NeroCleanTool5.0.0.18.exe -d C:\Users\BF2010\Desktop

Task: {44C1AE96-B49A-42EF-B2BD-BF3330A40ECF} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {468F1218-103C-47CB-8AA0-C8E1E8C05FC1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-25] (Google Inc.)

Task: {47C7636F-9466-4BA8-B9B0-EC262A77E0E5} - System32\Tasks\{99F6C9AD-25DF-4AD9-A039-5DD5ADA98D36} => pcalua.exe -a "O:\Working Folder\sdminste.exe" -d "O:\Working Folder"

Task: {48FF7E9D-3D8C-44DB-8C19-AE27632596DD} - System32\Tasks\{A7C9738B-B63E-4E93-BCB4-2245794F8DA5} => pcalua.exe -a "C:\Users\BF2010\Downloads\iview438_setup (1).exe" -d C:\Users\BF2010\Downloads

Task: {4AED51D8-33CA-4E84-959E-3502F96E7E55} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)

Task: {50170CCD-C003-46DE-B98C-01521A968803} - System32\Tasks\{2CD98D03-9FF3-4A34-8C3E-3B261E4A7371} => C:\Program Files\E.ON Energy\E.ON Energy Fit Software\EON_Project.exe

Task: {517BFE00-90F8-4D1A-BC55-7CD00FFCD816} - System32\Tasks\{063E3BA6-AD82-4C10-8114-F8C2815D0B26} => pcalua.exe -a "C:\Users\BF2010\Downloads\dixmlsetup (1).exe" -d C:\Users\BF2010\Downloads

Task: {53F84ECA-7EBC-418F-BBE0-0A8F19D28368} - System32\Tasks\{5CD6103D-17F6-423F-95A5-14BB926EAE1C} => C:\Program Files\OpenOffice.org 3\program\soffice.exe

Task: {54E4745D-64EB-4E86-83C4-68BEEB2B43AA} - System32\Tasks\{164B9D8D-DB94-41BF-8D07-2C718BB612D7} => C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe

Task: {56A102E4-D78B-4D58-BE8E-1054BE05EC30} - System32\Tasks\{0AA3F68C-94DC-4D75-853C-01B5AA3865A4} => C:\Program Files\FileHippo.com\UpdateChecker.exe [2012-11-23] (FileHippo.com)

Task: {5B3AD0CF-FEAD-4D5A-8353-7C8951DF37CF} - System32\Tasks\{2FF5130A-6142-48EB-B7FD-E72EE0CF9BE6} => C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe

Task: {5BD3776F-84CD-41DF-BDB6-5B7BC545FC09} - System32\Tasks\{8A0C86A0-F8A8-4E18-BBE3-2000DFBECBF5} => pcalua.exe -a C:\Users\BF2010\Desktop\WINRAR_3.93_PRO_Fully_Activated\Winrar3.93.exe -d C:\Users\BF2010\Desktop\WINRAR_3.93_PRO_Fully_Activated

Task: {645C603C-CB78-47D2-873F-D9E88B12073E} - System32\Tasks\{723F388C-3EF3-4481-8D05-9F27E04D0397} => P:\Corel\Suite8\Programs\QPW.EXE

Task: {684BA9DC-3C47-4731-8EBB-83C1D1F1CC11} - System32\Tasks\{1BFC491C-227C-4B8A-8201-2B22FD9C9C0A} => C:\Program Files\Real\RealPlayer\realplay.exe

Task: {6973203B-E23A-4E9C-BFF4-F6045AD04AFA} - System32\Tasks\{0CF38EFC-F21E-47D0-89F3-D6FC67A89DF3} => C:\Program Files\Real\RealPlayer\realplay.exe

Task: {69E73ACA-928A-41A8-95D2-C8C22C773F38} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2785784116-2001642337-1380054423-1000Core => C:\Users\BF2010\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-18] (Google Inc.)

Task: {69EEA597-EB0A-4F2A-8B6C-03270B35D304} - System32\Tasks\{51A7F9A9-E462-4E04-AE71-43C378AA8671} => pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller Pro"

Task: {6C55CD72-BBBA-4827-AD96-F9210807A7DD} - System32\Tasks\{9D7DDFA4-800E-484A-B153-3D1B5F029A2A} => C:\Program Files\Creative\MediaSource\CTCMS.exe

Task: {6FF00185-0DDC-4C28-B1B1-790645E2D8CD} - System32\Tasks\{E6A1D3EE-ED59-46F6-89AD-CC284659B050} => Chrome.exe http://ui.skype.com/ui/0/5.8.0.154/en/abandoninstall?source=lightinstaller&page=tsProgressBar

Task: {72D4FC15-16FB-47D2-8419-00CD38DD8450} - System32\Tasks\{B77A4E72-2250-4F64-95B2-427ADD2F89A1} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.16.0.105&LastError=12007

Task: {7639154A-5A19-4C7D-9447-BCC747B06D99} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2785784116-2001642337-1380054423-1000Core1d042a91e5b5bc2 => C:\Users\BF2010\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-18] (Google Inc.)

Task: {76EC60B8-1621-4881-8EC1-5DE78C460BE6} - System32\Tasks\{2A5C6679-B8BF-4F11-BEF7-CC947CE5CD59} => pcalua.exe -a "C:\Users\BF2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6AT4MG4V\dixmlsetup.exe" -d C:\Users\BF2010\Desktop

Task: {78DE988A-4DD9-4685-A7DA-B2001F8D19D3} - System32\Tasks\{0C382486-D9A9-4E1A-B6C3-EDEF98375EE4} => pcalua.exe -a C:\Users\BF2010\Downloads\flashget3.3.0.1092en(2).exe -d C:\Windows\system32

Task: {7FCF147B-5D00-4CFB-850A-BBB169F7CD66} - System32\Tasks\{094AF705-F172-4FDA-9262-9EA5CE9B1487} => pcalua.exe -a "C:\Program Files\Corel\CorelDRAW Essentials 4\Setup\SetupARP.exe" -c /arp

Task: {81AB9684-5FC1-440C-82F9-30F7DB07148A} - System32\Tasks\{DC552027-7335-4930-B6E1-8EC4884AFB98} => pcalua.exe -a C:\Users\BF2010\Downloads\appcrashview\AppCrashView.exe -d C:\Users\BF2010\Downloads\appcrashview

Task: {845C463E-EE32-4B48-B239-CCFA5BEAB83B} - System32\Tasks\{B1C4A9DC-EB80-44F8-B53F-B7DA6F952854} => pcalua.exe -a "C:\Program Files\DivX\DivX Connected\Uninstall.exe"

Task: {860E649A-DEE8-4B30-85FD-E0425A8E3546} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {873A4BC3-30A9-4DE0-B273-2DA181BD335B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)

Task: {87DD3925-083C-46C3-A505-120161770B40} - System32\Tasks\{8950036A-A131-469A-8C83-3D185567D0E1} => C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe [2008-12-06] ()

Task: {88105230-E6E2-43F5-A624-B474AAC82C0F} - System32\Tasks\{68B31FE9-6614-40D8-943B-4687281B9D50} => Chrome.exe

Task: {8A7B60AC-98AB-4C15-80D6-C2CBEAE97F70} - System32\Tasks\{A1B47068-BDD8-4A56-B216-D89C11681551} => pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoAppBar.exe" -d C:\Windows\system32 -c /in "C:\Users\BF2010\Desktop\windows6.1-KB976932-X86.exe"

Task: {8ADDC7D6-3927-4068-AC90-E7FB11471BEB} - System32\Tasks\{F174C2F6-3986-431A-9952-94B733E3C8CD} => C:\Program Files\VideoLAN\VLC\vlc.exe

Task: {90D2BDC2-1687-456E-B1AB-D147B1B0D014} - System32\Tasks\{4002E1E5-C0A8-49E0-A959-1BB107B18913} => pcalua.exe -a C:\Users\BF2010\Downloads\F-D5100-V101W.exe -d C:\Users\BF2010\Downloads

Task: {9A9BC414-6A7B-4A05-8798-01D1C24840AD} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {9B0EF095-48FE-4D76-ADD3-AEFC83BF45D7} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2785784116-2001642337-1380054423-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)

Task: {9DB1A5DC-B83E-455A-90B2-8C66A486F066} - System32\Tasks\{F9B08630-3461-4AC0-9362-B40D3682D0F5} => pcalua.exe -a "C:\Users\BF2010\Desktop\D5100 FIRMWARE\F-D5100-V101W.exe" -d "C:\Users\BF2010\Desktop\D5100 FIRMWARE"

Task: {A2AAF78B-7973-4F20-92E5-78823B1668FF} - System32\Tasks\{040897A2-6147-4EC5-AFD5-F5B6DF4DF19F} => pcalua.exe -a "P:\Program Files\Common Files\Acronis\Drivers\setupapp9x.exe" -d C:\Windows\system32

Task: {A703378E-4FBD-4D69-B83E-D0681ED300B7} - System32\Tasks\{7622F57B-C1AD-49FF-9CB8-6B956AC2BC6E} => C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe

Task: {ABEEFD60-00D7-459A-9562-69386D709815} - System32\Tasks\{013EFAD8-350A-4079-B6BF-5524DEABBC22} => C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe

Task: {ACE3D2FE-FC15-432F-8DFF-AA1E6E271B05} - System32\Tasks\GoogleUpdateTaskMachineCore1d042ab334f8992 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-25] (Google Inc.)

Task: {AFCA3905-C4E7-429F-91F6-B3B2DDD82DB9} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)

Task: {B849453B-52A2-4586-9F0C-1430575EFD02} - System32\Tasks\FileHippo.com online update program => C:\Program Files\FileHippo.com\UpdateChecker.exe [2012-11-23] (FileHippo.com)

Task: {C2687EFC-BB95-425A-8BD7-B767EA59B96D} - System32\Tasks\{32B79122-74AA-4180-8C22-A283BC9F0C01} => C:\Program Files\Skype\Phone\Skype.exe [2015-02-26] (Skype Technologies S.A.)

Task: {C2B3CB8D-F4FB-48EC-9E1B-798E04055313} - System32\Tasks\{1A09E0E1-D461-4F90-8E0D-5D5F02B1DD52} => pcalua.exe -a "C:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe" -c /s

Task: {C3D6ADB2-8C5D-41BC-BA09-9728E288489D} - System32\Tasks\{49557A96-2237-452C-8558-A8DD38B8AF45} => C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe

Task: {C741486C-7054-4186-8AA2-7CFB628AD84D} - System32\Tasks\{2539E750-E5A7-4CD1-9913-E221295A01AD} => pcalua.exe -a C:\Users\BF2010\Downloads\260.99_desktop_win7_winvista_32bit_international_whql.exe -d C:\Windows\system32

Task: {C9D902A4-D9E0-48C4-B818-D87582FB7499} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)

Task: {CAF81450-C8C4-4149-9408-6805BDFDFA23} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-05] (Adobe Systems Incorporated)

Task: {CD01A877-4445-4828-9A9F-AF6BED0B2B1E} - System32\Tasks\{6C354368-C2F7-43F7-8AB0-1984BE8199B4} => N:\Adobe Photoshop CS5_Master Of Puppets\Adobe Photoshop CS5.exe

Task: {CD095095-AD96-467F-87FD-BA7381FF2A48} - System32\Tasks\{8DF4AB1C-EB44-4CDC-A7C3-7D52A60231B0} => pcalua.exe -a "C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" -d "C:\Program Files\TuneUp Utilities 2014" -c "C:\Program Files\Canon\RAW Image Task\Uninst.ini"

Task: {CF684F6A-FC95-4C22-82CB-FCEC76510549} - System32\Tasks\Google Updater and Installer => C:\Users\BF2010\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-18] (Google Inc.)

Task: {D18C804E-D128-43A0-8B18-833BCFA06B8A} - System32\Tasks\{C8FED7F0-62E5-45A0-B298-8AA9B37B483F} => C:\Program Files\E.ON Energy\E.ON Energy Fit Software\EON_Project.exe

Task: {D22D67DD-BC0D-4C34-82BF-59D805AE366D} - System32\Tasks\{9755B82A-1DC4-4B70-8DA2-29EA5B1609CB} => C:\Program Files\E.ON Energy\E.ON Energy Fit Software\EON_Project.exe

Task: {D548AA28-BE6A-4344-A8C3-6C50EDD07E4B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-25] (Google Inc.)

Task: {D5EAF1D9-A64B-4AE1-87A8-906E63599A67} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-02-10] (Oracle Corporation)

Task: {D756061C-ECB8-4C65-B87F-AF5F0E245B01} - System32\Tasks\{087C10EC-F81F-463A-8331-EE0627A85F4C} => pcalua.exe -a C:\Users\BF2010\Downloads\S-VNX2__-020600WF-EUREN-32BIT_.exe -d C:\Users\BF2010\Downloads

Task: {DE9D17CB-7827-47D8-B462-C9FBC46D4433} - System32\Tasks\{EB7F64D8-AECE-4C74-849D-5084BF20751A} => P:\Corel\Suite8\Programs\QPW.EXE

Task: {E0D0B1CF-9BD4-4BB8-BC70-834A7716C1FE} - System32\Tasks\{C2F7E650-FD7A-4AB7-B83E-15CDD7714D2C} => Chrome.exe http://ui.skype.com/ui/0/5.8.0.154/en/abandoninstall?source=lightinstaller&page=tsProgressBar

Task: {E5A7E96A-0F67-4631-8F11-889684D015A8} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2785784116-2001642337-1380054423-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)

Task: {E901A375-F612-4B80-9DDD-A8A2F9D2C5F4} - System32\Tasks\{83C131FE-37EE-47ED-9568-7CF59AB6DFFE} => C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe

Task: {EBBA19AF-54E7-4DD0-809F-9AD8C5F2788C} - System32\Tasks\{EF8C5CC9-4EF0-47BB-8F60-1780517F6E39} => pcalua.exe -a "O:\Adobe Photoshop CS5_Master Of Puppets\Adobe Photoshop CS5.exe" -d "O:\Adobe Photoshop CS5_Master Of Puppets"

Task: {EDA1710D-F4E6-4DDC-8D1B-6ED597EC3C82} - System32\Tasks\{05F314D6-737D-4DBC-ACA8-E58E7FD4D864} => C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe

Task: {F0D27099-56C8-4F96-B09F-845DB90C4F42} - System32\Tasks\BF2010 NBAgent => C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe

Task: {F2440F2F-09AE-4A4D-B21F-E1BAC8C9D138} - System32\Tasks\{A0577271-C258-48DF-96C7-C98DAEDCBADF} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/en/abandoninstall?source=lightinstaller&page=tsBing

Task: {F303CA36-F0D4-48D2-A4AA-E6686B08E182} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMIMKJIMIMMJMMOJJMCNMJNMKJNJCNLMKJNJMMCNGMOJGMKJCNMMJMLJOJGMOJNMNJOJMMKJHMJNJICMIMCNGMCNOMNMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMPMCNNMJNPICMOMFMEKMICNJJCKFMOMOMPMJMJNHICMMJBJKJLIMJJNBJCMNLJLNMPMOMPMJNKJCMJNNICMJNDJCMKJBJJNMJCMNMNMIMFMNMHMNMFMKMIMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"

Task: {F3471D90-D087-4677-899C-704185CA5328} - System32\Tasks\{22F612A4-57B8-429C-BCAF-B4F5911B9111} => Chrome.exe

Task: {F4E2A677-EAC4-4439-8CF9-BD520E4A5DEB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2785784116-2001642337-1380054423-1000UA => C:\Users\BF2010\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-18] (Google Inc.)

Task: {FE4B0E81-7EC4-4CBB-8B31-464E875A4406} - System32\Tasks\{387AD4C5-09B4-47D3-B4EF-3B218ED91989} => pcalua.exe -a C:\Users\BF2010\AppData\Local\Evernote\Evernote\AutoUpdate\Evernote_5.8.4.6870.exe -d "C:\Program Files\Evernote\Evernote" -c /qb

 

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d042ab334f8992.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d042ab34e17a14.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2785784116-2001642337-1380054423-1000Core.job => C:\Users\BF2010\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2785784116-2001642337-1380054423-1000Core1d042a91e5b5bc2.job => C:\Users\BF2010\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2785784116-2001642337-1380054423-1000UA.job => C:\Users\BF2010\AppData\Local\Google\Update\GoogleUpdate.exe

 

 

==================== Loaded Modules (whitelisted) ==============

 

 

2014-09-18 12:55 - 2014-09-10 18:51 - 00106824 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll

2008-12-06 01:41 - 2008-12-06 01:41 - 00619008 _____ () C:\Program Files\Samsung\Samsung PC Studio 7\phonebrowser.dll

2009-05-16 00:22 - 2009-05-16 00:22 - 00716800 _____ () C:\Program Files\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll

2012-04-27 19:09 - 2012-04-27 19:09 - 00018784 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

2015-02-13 12:15 - 2015-02-13 12:15 - 03219456 _____ () C:\Users\BF2010\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll

2010-03-26 08:27 - 2010-06-10 11:12 - 00034816 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll

2015-02-17 03:00 - 2015-02-17 03:00 - 00061952 _____ () C:\Program Files\FireTrust\MailWasher\MWPBridgeDLL.dll

2015-02-17 03:00 - 2015-02-17 03:00 - 04647424 _____ () C:\Program Files\FireTrust\MailWasher\MWPappDLL.dll

2015-02-17 03:02 - 2015-02-17 03:02 - 00069624 _____ () C:\Program Files\FireTrust\MailWasher\FTBridge.dll

2015-02-17 03:02 - 2015-02-17 03:02 - 00280056 _____ () C:\Program Files\FireTrust\MailWasher\FTClientNode.dll

2014-07-16 11:24 - 2014-07-16 11:24 - 00585528 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll

 

 

==================== Alternate Data Streams (whitelisted) =========

 

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

AlternateDataStreams: C:\Users\BF2010\AppData\Roaming\default.rss:OECustomProperty

 

 

==================== Safe Mode (whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

 

 

==================== EXE Association (whitelisted) ===============

 

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

 

 

==================== Other Areas ============================

 

 

(Currently there is no automatic fix for this section.)

 

 

HKU\S-1-5-21-2785784116-2001642337-1380054423-1000\Control Panel\Desktop\\Wallpaper ->

DNS Servers: 192.168.1.1

 

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

 

(Currently there is no automatic fix for this section.)

 

 

MSCONFIG\Services: AcrSch2Svc => 2

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: AMD External Events Utility => 2

MSCONFIG\Services: AMD FUEL Service => 2

MSCONFIG\Services: GfExperienceService => 2

MSCONFIG\Services: GoogleDesktopManager-051210-111108 => 3

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: gusvc => 3

MSCONFIG\Services: IDriverT => 3

MSCONFIG\Services: NvNetworkService => 2

MSCONFIG\Services: NvStreamSvc => 2

MSCONFIG\Services: nvsvc => 2

MSCONFIG\Services: PSI_SVC_2 => 2

MSCONFIG\Services: ReimageRealTimeProtector => 2

MSCONFIG\Services: ServiceLayer => 3

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: Stereo Service => 2

MSCONFIG\Services: SwitchBoard => 3

MSCONFIG\Services: syncagentsrv => 2

MSCONFIG\Services: TuneUp.UtilitiesSvc => 2

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^BF2010^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup

MSCONFIG\startupfolder: C:^Users^BF2010^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup

MSCONFIG\startupfolder: C:^Users^BF2010^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk => C:\Windows\pss\OpenOffice.org 3.4.lnk.Startup

MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\BF2010\AppData\Local\Akamai\netsession_win.exe"

MSCONFIG\startupreg: Application Restart #0 => C:\Program Files\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session -- "http://www.kaspersky-help.com/?hl=en&link=password_manager&syst=Microsoft Windows 7 Home (build 7600)&pid=pure&version=13.0.2.558&hotfix=a.b.c.d.e.f&installid={FBFF9B16-0A8C-43D0-B5B7-8111566516E5}&serial=0000-000000-00000000&ktype=2&kcount=1&kcreat=03/10/2014&kexp=02/11/2014&kinst=03/10/2014"

MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: C36F3A6CBF7B9420DF043E4C6981D47900681572._service_run => "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR

MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe

MSCONFIG\startupreg: FileHippo.com => "C:\Program Files\FileHippo.com\FileHippo.AppManager.exe" /background

MSCONFIG\startupreg: Gadwin PrintScreen => "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash

MSCONFIG\startupreg: GoogleChromeAutoLaunch_145946EBB52EFDB4F4FFC43E89A9AFCC => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window

MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart

MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s

MSCONFIG\startupreg: NvBackend => "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"

MSCONFIG\startupreg: Obrona Block Ads => "C:\Users\BF2010\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe" --hidden

MSCONFIG\startupreg: RoboForm => "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s

MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"

 

 

==================== Accounts: =============================

 

 

Administrator (S-1-5-21-2785784116-2001642337-1380054423-500 - Administrator - Disabled)

BF2010 (S-1-5-21-2785784116-2001642337-1380054423-1000 - Administrator - Enabled) => C:\Users\BF2010

bob02 (S-1-5-21-2785784116-2001642337-1380054423-1008 - Administrator - Enabled) => C:\Users\bob02

Guest (S-1-5-21-2785784116-2001642337-1380054423-501 - Limited - Disabled)

 

 

==================== Faulty Device Manager Devices =============

 

 

Name: G:\

Description: SD MS Reader

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Generic

Service: WUDFRd

Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)

Resolution: A registry problem was detected.

This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

 

 

Name: H:\

Description: SMC xD Reader

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Generic

Service: WUDFRd

Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)

Resolution: A registry problem was detected.

This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

 

 

Name: F:\

Description: CF Card Reader

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Generic

Service: WUDFRd

Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)

Resolution: A registry problem was detected.

This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

 

 

 

 

==================== Event log errors: =========================

 

 

Application errors:

==================

Error: (03/31/2015 07:40:30 AM) (Source: PerfNet) (EventID: 2005) (User: )

Description:

 

 

 

 

System errors:

=============

Error: (03/31/2015 07:36:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Print Spooler service failed to start due to the following error:

%%1069

 

 

Error: (03/31/2015 07:36:56 AM) (Source: Service Control Manager) (EventID: 7038) (User: )

Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:

%%50

 

 

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

 

 

Error: (03/31/2015 07:36:33 AM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:

%%1056

 

 

Error: (03/31/2015 07:36:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

 

Error: (03/31/2015 07:35:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

 

Error: (03/31/2015 07:35:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

 

Error: (03/31/2015 07:35:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

 

 

Error: (03/31/2015 07:35:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).

 

 

Error: (03/31/2015 07:35:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).

 

 

Error: (03/31/2015 07:35:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Macrium Reflect Image Mounting Service service terminated unexpectedly. It has done this 1 time(s).

 

 

 

 

Microsoft Office Sessions:

=========================

Error: (03/31/2015 07:40:30 AM) (Source: PerfNet) (EventID: 2005) (User: )

Description:

 

 

 

 

==================== Memory info ===========================

 

 

Processor: AMD Phenom II X4 820 Processor

Percentage of memory in use: 51%

Total physical RAM: 3198.3 MB

Available physical RAM: 1551.27 MB

Total Pagefile: 6394.89 MB

Available Pagefile: 4815.36 MB

Total Virtual: 2047.88 MB

Available Virtual: 1909.88 MB

 

 

==================== Drives ================================

 

 

Drive c: (Boot) (Fixed) (Total:910.41 GB) (Free:511.32 GB) NTFS

Drive d: (Recover) (Fixed) (Total:20 GB) (Free:8.79 GB) NTFS

Drive p: (black hdd) (Fixed) (Total:931.51 GB) (Free:93.26 GB) NTFS

 

 

==================== MBR & Partition Table ==================

 

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0E0722E0)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=910.4 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

 

 

========================================================

Disk: 1 (Size: 931.5 GB) (Disk ID: 0717E05F)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

 

 

==================== End Of Log ============================

Bob

(bob12a)

My 3D pictures need red cyan glasses to view

medion MD8855,Win 7 IE8, Firefox/3, Avast,MS security essentials, NERO 9,malware bytes.Mailwasher pro ,6.54,Roboform,spybot S&D 1.6, Canon ixus 860 X 2,PS CS5

Starbuck Newbie

Starbuck

Posted
Posted

Hi Bob,

 

Ok, a little work for you now :)

 

Step 1

Please uninstall the following:

 

FileHippo App Manager

TuneUp Utilities 2014

Neither are very good programs to have on your system.

 

Be careful with these App Managers.... they will add loads of Adware to your system.

Take a look at my thread here:

Mind the PUP: Top download portals to avoid

 

 

Step 2

Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\BF2010\Desktop\unwanted for now\pete.

NOTE.

It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on that particular machine.

Running this on another machine may cause damage to your operating system

 

Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

 

http://img.photobucket.com/albums/v708/starbuck50/frstfix_zps7db0c905.png

 

The tool will make a log in the same folder FRST is run from (Fixlog.txt). Please post this in your next reply.

 

 

Step 3

Please reset Google Chrome.

  • Click the Menu option button at the top right of the Google Chrome screen
  • Select Settings.
  • Click Show advanced settings and find the "Reset browser settings” section.
  • Click Reset browser settings.
  • In the dialogue that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" tick box is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyse trends and work to prevent future unwanted settings changes.

 

Resetting your browser settings will impact the settings below:

 

Default search engine and saved search engines will be reset and to their original defaults.

Homepage button will be hidden and the URL that you previously set will be removed.

Default startup tabs will be cleared. The browser will show a new tab when you startup or continue where you left off if you're on a Chromebook.

New Tab page will be empty unless you have a version of Chrome with an extension that controls it. In that case your page may be preserved.

Pinned tabs will be unpinned.

Content settings will be cleared and reset to their installation defaults.

Cookies and site data will be cleared.

Extensions and themes will be disabled.

 

 

In your next reply, please submit:

fixlog.txt

 

also let me know if there were any problems removing the 2 programs and any problems with resetting Chrome.

 

 

Thanks.

fixlist.txt

fixlist.txt

Member of:

UNITE

bob12a Newbie

bob12a

Posted
  • Author
Posted (edited)

Cant attach fixlist.txt / log/ pmed it to you

 

Followed all your instructions

Will study your

Take a look at my thread here:

Mind the PUP: Top download portals to avoid

Used my Revo uninstaller Pro

No problems removing the 2 programs and no problems with resetting Chrome.Lost all my passwords in roboform though(ithink) I do have Have BU's so not to worry.

One question I do use a programm for some of my 3d work and the only way I can use it is ti use FireFox

 

MESSAGE TO MYSELF

STOP DOWNLOADING THINGS YOU ONLY WANT TO LOOK AT

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015

Ran by BF2010 at 2015-04-01 09:20:20 Run:4

Running from C:\Users\BF2010\Desktop\unwanted for now\pete

Loaded Profiles: BF2010 (Available profiles: BF2010 & bob02)

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

CHR Extension: (eSpeedCheck Start) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ehchcmpfdjpoofcbkgaocnaogefilpci [2015-03-29]

CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value

S3 BTWAMPFL; system32\DRIVERS\btwampfl.sys [X]

S3 btwaudio; system32\drivers\btwaudio.sys [X]

S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]

S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]

S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]

S3 DrvAgent32; \??\C:\Windows\system32\Drivers\DrvAgent32.sys [X]

C:\Users\BF2010\AppData\Local\Temp\APNSetup.exe

C:\Users\BF2010\AppData\Local\Temp\C-Users-BF2010-Downloads-stphmkre506.zip-stphmkre.exe

C:\Users\BF2010\AppData\Local\Temp\dropbox_sqlite_ ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpforaoy.dll

C:\Users\BF2010\AppData\Local\Temp\nvStInst.exe

C:\Users\BF2010\AppData\Local\Temp\Quarantine.exe

C:\Users\BF2010\AppData\Local\Temp\sqlite3.dll

CustomCLSID: HKU\S-1-5-21-2785784116-2001642337-1380054423-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {18A72FAE-9468-D082-F8BF-D6E985889A47} No File

CustomCLSID: HKU\S-1-5-21-2785784116-2001642337-1380054423-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {436EE116-9468-D082-4071-1FB285889A47} No File

Hosts:

CMD: ipconfig /flushdns

EmptyTemp:

 

 

 

 

 

 

*****************

 

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ehchcmpfdjpoofcbkgaocnaogefilpci directory not found.

"HKLM\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => Key deleted successfully.

BTWAMPFL => Service deleted successfully.

btwaudio => Service deleted successfully.

btwavdt => Service deleted successfully.

btwl2cap => Service deleted successfully.

btwrchid => Service deleted successfully.

DrvAgent32 => Service deleted successfully.

C:\Users\BF2010\AppData\Local\Temp\APNSetup.exe => Moved successfully.

C:\Users\BF2010\AppData\Local\Temp\C-Users-BF2010-Downloads-stphmkre506.zip-stphmkre.exe => Moved successfully.

"C:\Users\BF2010\AppData\Local\Temp\dropbox_sqlite_ ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpforaoy.dll" => File/Directory not found.

C:\Users\BF2010\AppData\Local\Temp\nvStInst.exe => Moved successfully.

C:\Users\BF2010\AppData\Local\Temp\Quarantine.exe => Moved successfully.

C:\Users\BF2010\AppData\Local\Temp\sqlite3.dll => Moved successfully.

"HKU\S-1-5-21-2785784116-2001642337-1380054423-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}" => Key deleted successfully.

"HKU\S-1-5-21-2785784116-2001642337-1380054423-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}" => Key deleted successfully.

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

 

========= ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= End of CMD: =========

 

EmptyTemp: => Removed 1.5 GB temporary data.

 

 

The system needed a reboot.

 

==== End of Fixlog 09:22:05 ====

Edited by Starbuck

Bob

(bob12a)

My 3D pictures need red cyan glasses to view

medion MD8855,Win 7 IE8, Firefox/3, Avast,MS security essentials, NERO 9,malware bytes.Mailwasher pro ,6.54,Roboform,spybot S&D 1.6, Canon ixus 860 X 2,PS CS5

Starbuck Newbie

Starbuck

Posted
Posted

Hi Bob,

 

I've added the fixlog.txt to your previous post.

Thanks for emailing it to me

 

MESSAGE TO MYSELF

STOP DOWNLOADING THINGS YOU ONLY WANT TO LOOK AT

Sounds like a very good idea. ;)

 

You said at the beginning that you also had a PC that was acting strangely as well.

Have you run MBAM on that system?

If so, was anything found?

Member of:

UNITE

bob12a Newbie

bob12a

Posted
  • Author
Posted

It is not a PC but my best friends laptop have not done anything to it yet. I will run MBAM on it tomorrow and let you know.

I expect all i need to do is follow the earlier instructions on this thread.

 

My own laptop was playing up will spend time on it in near future I only use it for tinkering around.

Bob

(bob12a)

My 3D pictures need red cyan glasses to view

medion MD8855,Win 7 IE8, Firefox/3, Avast,MS security essentials, NERO 9,malware bytes.Mailwasher pro ,6.54,Roboform,spybot S&D 1.6, Canon ixus 860 X 2,PS CS5

Starbuck Newbie

Starbuck

Posted
Posted

Hi Bob,

Yes just run MBAM on your friends laptop for now.

Best to post the results in a separate thread to avoid any confusion.

 

How is your system running now?

Member of:

UNITE

bob12a Newbie

bob12a

Posted
  • Author
Posted
Hi Bob,

Yes just run MBAM on your friends laptop for now.

Best to post the results in a separate thread to avoid any confusion.

 

How is your system running now?

 

Will do thanks. My system seems to be working fine now. your post on pups was a real eye opener and a strong message to me. Did all the logs I sent you turn up anything.

Bob

(bob12a)

My 3D pictures need red cyan glasses to view

medion MD8855,Win 7 IE8, Firefox/3, Avast,MS security essentials, NERO 9,malware bytes.Mailwasher pro ,6.54,Roboform,spybot S&D 1.6, Canon ixus 860 X 2,PS CS5

Starbuck Newbie

Starbuck

Posted
Posted

Hi Bob,

 

your post on pups was a real eye opener and a strong message to me.

That's good then.... being careful with your downloads will save you a lot of hassle in the long run :)

 

Did all the logs I sent you turn up anything

Basically Adware and orphan entries... nothing really serious.

 

There are some entries I'd like to deal with, but we need to run a different tool to accomplish that.

 

  • Download OTL to your desktop.
  • Double click on the icon to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check

.

 

.

http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png

 

Now copy the lines in bold below.

 

netsvcs

msconfig

%SYSTEMDRIVE%\*.*

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\*.exe /lockedfiles

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\*

%USERPROFILE%\..|smtmp;true;true;true /FP

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

 

  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
     
    http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
    .
  • Click the Run Scan button.
     
    http://img.photobucket.com/albums/v708/starbuck50/runscan.png
     
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

 

Please post both reports in your next reply.

 

Thanks

Member of:

UNITE

Starbuck Newbie

Starbuck

Posted
Posted

Otl report posted for Bob:

 

OTL logfile created on: 06/04/2015 15:08:42 - Run 7

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BF2010\Downloads

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

3.12 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 47.16% Memory free

6.25 Gb Paging File | 4.22 Gb Available in Paging File | 67.61% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 910.41 Gb Total Space | 505.53 Gb Free Space | 55.53% Space Free | Partition Type: NTFS

Drive D: | 20.00 Gb Total Space | 8.84 Gb Free Space | 44.19% Space Free | Partition Type: NTFS

Drive P: | 931.51 Gb Total Space | 93.32 Gb Free Space | 10.02% Space Free | Partition Type: NTFS

 

Computer Name: BF2010-PC | User Name: BF2010 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\BF2010\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)

PRC - C:\Program Files\FireTrust\MailWasher\MailWasherPro.exe (Firetrust)

PRC - C:\Users\BF2010\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe (Google Inc.)

PRC - C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)

PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

PRC - C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)

PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)

PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)

PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files\Macrium\Reflect\ReflectService.exe (Paramount Software UK Ltd)

PRC - C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)

PRC - C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)

PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)

PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\Google\Chrome\Application\43.0.2351.3\libglesv2.dll ()

MOD - C:\Program Files\Google\Chrome\Application\43.0.2351.3\libegl.dll ()

MOD - C:\Program Files\FireTrust\MailWasher\FTClientNode.dll ()

MOD - C:\Program Files\FireTrust\MailWasher\FTBridge.dll ()

MOD - C:\Program Files\FireTrust\MailWasher\MWPBridgeDLL.dll ()

MOD - C:\Program Files\FireTrust\MailWasher\MWPappDLL.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\c4ee98b1ad06c91a314e123d15c3e465\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\dd4eb90aa4e61467748f81bc7a6d3db7\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\fafeec27dd6523ae334881103a9fb756\System.Windows.Forms.ni.dll ()

MOD - C:\Users\BF2010\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\97a817500b079afb58dac49c020189e9\WindowsFormsIntegration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\8dde7a2cdd3a0b53cfe9822ec6fca93b\System.Data.Entity.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data7706cdc8#\95e9f5d0c802f0ac811d5433f89a057f\System.Data.DataSetExtensions.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\f42968b08833685d3e890315c7b8a38b\UIAutomationTypes.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\d68a6fa071c63e71c43cc7a458d0d3ac\UIAutomationProvider.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\bb0b0b4d35145be881bf40c6bed80ee5\PresentationFramework-SystemXml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\163224e8a734538f515a6dd443865b31\PresentationFramework-SystemData.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatiod51afaa5#\e3688a59e201de3a62a34504065b41c5\PresentationFramework.classic.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\7c083d16d432e0753dece18c1eda8990\System.Xaml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\7504e2b9f513329a38fccf608f7d0850\System.Data.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\ae7db2041d11e6424eef130cd549140a\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d00f2c1556f0174bad87e9abff92c9f8\System.Core.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\026d9706605c6b128fd2b891df798aea\System.Numerics.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e0ee937b40a4514248ae7300d8a614dc\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\0c0ec2c386ad3c0a9178a5c10590ab86\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\793956e311209202afde01a97e38a67b\Accessibility.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a53fe456707375d371c4ed346b147b79\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\42344e6b092f914d590e7d077b234f98\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\8e5ff00488a7f954b78b0ce3d704ef3c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16803be877dd488290f25011e83d3cc3\mscorlib.ni.dll ()

MOD - C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ()

MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()

MOD - C:\Program Files\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll ()

MOD - C:\Program Files\Samsung\Samsung PC Studio 7\PhoneBrowser.dll ()

 

 

========== Services (SafeList) ==========

 

SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)

SRV - (NvNetworkService) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)

SRV - (GfExperienceService) -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation)

SRV - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (ReflectService.exe) -- C:\Program Files\Macrium\Reflect\ReflectService.exe (Paramount Software UK Ltd)

SRV - (c2cautoupdatesvc) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)

SRV - (c2cpnrsvc) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)

SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)

SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)

SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)

SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)

SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)

SRV - (syncagentsrv) -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)

SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (MBAMWebAccessControl) -- C:\Windows\System32\drivers\mwac.sys (Malwarebytes Corporation)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (epfwwfpr) -- C:\Windows\System32\drivers\epfwwfpr.sys (ESET)

DRV - (NvStreamKms) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys (NVIDIA Corporation)

DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (nvvad_WaveExtensible) -- C:\Windows\System32\drivers\nvvad32v.sys (NVIDIA Corporation)

DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)

DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)

DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)

DRV - (amd_sata) -- C:\Windows\System32\drivers\amd_sata.sys (Advanced Micro Devices)

DRV - (amd_xata) -- C:\Windows\System32\drivers\amd_xata.sys (Advanced Micro Devices)

DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)

DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV - (AODDriver4.3) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices)

DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(http://www.devguru.co.kr))

DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(http://www.devguru.co.kr))

DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)

DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf_x86.sys (Secunia)

DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)

DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)

DRV - (tdrpman) -- C:\Windows\System32\drivers\tdrpman.sys (Acronis)

DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)

DRV - (vididr) -- C:\Windows\System32\drivers\vididr.sys (Acronis)

DRV - (vidsflt67) -- C:\Windows\System32\drivers\vsflt67.sys (Acronis)

DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)

DRV - (fltsrv) -- C:\Windows\System32\drivers\fltsrv.sys (Acronis)

DRV - (pssnap) -- C:\Windows\System32\drivers\pssnap.sys (Macrium Software)

DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (iBtFltCoex) -- C:\Windows\System32\drivers\iBtFltCoex.sys (Intel Corporation)

DRV - (btmhsf) -- C:\Windows\System32\drivers\btmhsf.sys (Intel Corporation)

DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()

DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )

DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)

DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)

DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)

DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)

DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)

DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys (Advanced Micro Devices Inc.)

DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)

DRV - (USBPNPA) -- C:\Windows\System32\drivers\CM108.sys (C-Media Inc)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.roboform.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 BE 58 71 72 52 D0 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7AMSA_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\..\SearchScopes\{A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7AMSA_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\Windows\ [2015/03/31 07:23:24 | 000,000,000 | ---D | M]

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\BF2010\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\BF2010\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\BF2010\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\BF2010\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2015/03/10 08:55:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2015/03/10 08:55:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2015/03/10 08:55:12 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2015/03/10 08:55:08 | 000,000,000 | ---D | M]

 

[2014/06/08 08:17:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BF2010\AppData\Roaming\Mozilla\Extensions

[2010/07/24 10:37:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BF2010\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com

[2015/03/10 18:25:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\n0cs74ko.default\extensions

[2015/02/09 02:55:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\n0cs74ko.default\extensions\staged

[2015/03/10 18:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\smtw6sxf.default-1424709629288\extensions

[2015/02/24 13:07:42 | 000,014,171 | ---- | M] () (No name found) -- C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Profiles\smtw6sxf.default-1424709629288\extensions\anaglyph3d@internauta1024a.pl.xpi

[2015/03/24 15:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

[2015/03/11 16:44:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll

 

========== Chrome ==========

 

CHR - default_search_provider: ()

CHR - default_search_provider: search_url =

CHR - default_search_provider: suggest_url =

 

O1 HOSTS File: ([2015/04/01 09:20:21 | 000,000,035 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKCU..\Run: [Google+ Auto Backup] C:\Users\BF2010\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe (Google Inc.)

O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)

O4 - Startup: C:\Users\BF2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher\MailWasherPro.exe (Firetrust)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Clip Image - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found

O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found

O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found

O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found

O8 - Extra context menu item: Customize Menu - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found

O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()

O8 - Extra context menu item: Save Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found

O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found

O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra Button: &Sync RoboForm - {320AF880-6646-11D3-ABEE-C5DBF3571F4D} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra 'Tools' menuitem : Sync RoboForm Data - {320AF880-6646-11D3-ABEE-C5DBF3571F4D} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()

O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1417862258607 (MUCatalogWebControl Class)

O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 11.40.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19606678-7F15-453E-8592-43D1CF3ADE34}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB30CD2B-150C-4391-9125-F421E94225E0}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2013/03/05 13:29:37 | 000,000,197 | ---- | M] () - P:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - - File not found

MsConfig - StartUpFolder: C:^Users^BF2010^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\BF2010\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)

MsConfig - StartUpFolder: C:^Users^BF2010^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe - (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

MsConfig - StartUpFolder: C:^Users^BF2010^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk - - File not found

MsConfig - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

MsConfig - StartUpReg: AcronisTimounterMonitor - hkey= - key= - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Akamai NetSession Interface - hkey= - key= - C:\Users\BF2010\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

MsConfig - StartUpReg: Application Restart #0 - hkey= - key= - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

MsConfig - StartUpReg: C36F3A6CBF7B9420DF043E4C6981D47900681572._service_run - hkey= - key= - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

MsConfig - StartUpReg: CCleaner Monitoring - hkey= - key= - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)

MsConfig - StartUpReg: DivXMediaServer - hkey= - key= - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)

MsConfig - StartUpReg: Gadwin PrintScreen - hkey= - key= - C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)

MsConfig - StartUpReg: GoogleChromeAutoLaunch_145946EBB52EFDB4F4FFC43E89A9AFCC - hkey= - key= - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

MsConfig - StartUpReg: GoogleDriveSync - hkey= - key= - C:\Program Files\Google\Drive\googledrivesync.exe (Google)

MsConfig - StartUpReg: Nikon Message Center 2 - hkey= - key= - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)

MsConfig - StartUpReg: NvBackend - hkey= - key= - C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)

MsConfig - StartUpReg: Obrona Block Ads - hkey= - key= - File not found

MsConfig - StartUpReg: RoboForm - hkey= - key= - C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)

MsConfig - StartUpReg: RTHDVCPL - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)

MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe (Advanced Micro Devices, Inc.)

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)

MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

MsConfig - State: "startup" - 2

MsConfig - State: "services" - 2

MsConfig - State: "bootini" - 2

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2015/03/30 08:03:02 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys

[2015/03/30 08:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2015/03/30 08:01:25 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys

[2015/03/30 08:01:25 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys

[2015/03/30 08:01:25 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2015/03/30 08:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware

[2015/03/30 08:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2015/03/26 13:04:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview

[2015/03/26 12:59:45 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll

[2015/03/26 12:59:45 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll

[2015/03/26 12:59:44 | 000,892,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll

[2015/03/26 12:59:44 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll

[2015/03/26 12:59:44 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll

[2015/03/26 12:59:44 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll

[2015/03/26 12:59:44 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acmigration.dll

[2015/03/24 12:33:23 | 000,000,000 | ---D | C] -- C:\Users\BF2010\Desktop\01 RIGHT 2015

[2015/03/24 12:32:38 | 000,000,000 | ---D | C] -- C:\Users\BF2010\Desktop\01 LEFT 2015

[2015/03/10 13:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote

[2015/03/10 08:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2015/03/08 10:15:15 | 003,223,552 | ---- | C] (Masuji SUTO & David Sykes) -- C:\Users\BF2010\Desktop\stphmkre.exe

[2015/03/08 10:14:59 | 003,223,552 | ---- | C] (Masuji SUTO & David Sykes) -- C:\Program Files\stphmkre.exe

[2014/10/13 15:58:54 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr100.dll

[2014/10/13 15:58:54 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp100.dll

[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2015/04/06 14:58:58 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2015/04/06 14:58:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1d042ab34e17a14.job

[2015/04/06 14:54:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1d042ab334f8992.job

[2015/04/06 14:54:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2015/04/06 14:49:10 | 000,015,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2015/04/06 14:49:10 | 000,015,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2015/04/06 14:43:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2785784116-2001642337-1380054423-1000UA.job

[2015/04/06 14:42:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2015/04/06 07:57:28 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2785784116-2001642337-1380054423-1000Core.job

[2015/04/06 07:43:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2785784116-2001642337-1380054423-1000Core1d042a91e5b5bc2.job

[2015/04/04 16:44:52 | 000,002,731 | ---- | M] () -- C:\Users\BF2010\Desktop\Gmail.lnk

[2015/04/01 09:20:21 | 000,000,035 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2015/03/30 08:03:08 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys

[2015/03/29 08:13:49 | 000,089,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2015/03/29 08:13:49 | 000,030,556 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2015/03/17 06:15:36 | 000,051,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys

[2015/03/17 06:15:26 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys

[2015/03/17 06:15:22 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2015/03/11 16:44:39 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2015/03/11 02:55:31 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll

[2015/03/11 02:55:20 | 000,623,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll

[2015/03/11 02:55:16 | 000,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll

[2015/03/11 02:55:13 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll

[2015/03/11 02:55:13 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll

[2015/03/11 02:55:12 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\acmigration.dll

[2015/03/11 02:52:08 | 000,892,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll

[2015/03/10 18:25:48 | 010,392,120 | ---- | M] () -- C:\Program Files\Common Files\lpuninstall.exe

[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/11/12 13:16:03 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-BF2010-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat

[2014/10/21 16:43:59 | 000,000,067 | ---- | C] () -- C:\Users\BF2010\AppData\Roaming\WB.CFG

[2014/10/20 10:20:14 | 000,000,528 | ---- | C] () -- C:\Users\BF2010\AppData\Roaming\NMM-MetaData.db

[2014/10/19 15:56:36 | 000,000,001 | ---- | C] () -- C:\Users\BF2010\AppData\Local\DSI.DAT

[2014/10/16 06:57:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Strings

[2014/10/16 06:57:53 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Textures

[2014/09/18 12:55:09 | 003,958,634 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin

[2014/07/16 07:19:40 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2014/07/15 08:37:27 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl

[2014/07/15 08:34:44 | 002,140,976 | ---- | C] () -- C:\Windows\System32\SStudio.dll

[2014/07/15 08:34:38 | 005,804,772 | ---- | C] () -- C:\Windows\System32\drivers\rtvienna.dat

[2014/07/15 08:34:32 | 001,099,203 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT

[2014/07/15 08:34:17 | 000,188,696 | ---- | C] () -- C:\Windows\System32\AcpiServiceVnA.dll

[2014/07/15 08:34:17 | 000,029,496 | ---- | C] () -- C:\Windows\System32\audioLibVc.dll

[2014/07/15 08:06:10 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe

[2014/05/16 08:14:36 | 000,000,218 | ---- | C] () -- C:\Users\BF2010\.recently-used.xbel

[2014/04/18 03:23:02 | 000,200,704 | ---- | C] () -- C:\Windows\System32\clinfo.exe

[2014/04/17 22:28:30 | 000,038,912 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll

[2014/04/10 18:58:46 | 000,082,128 | ---- | C] () -- C:\Windows\System32\ativce02.dat

[2014/03/31 23:06:22 | 000,234,804 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat

[2014/03/31 23:04:42 | 000,233,008 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat

[2014/02/06 16:45:58 | 000,134,192 | ---- | C] () -- C:\Windows\System32\ativce03.dat

[2014/01/16 18:00:46 | 000,273,712 | ---- | C] () -- C:\Windows\System32\ativvaxy_vi_nd.dat

[2014/01/16 17:59:20 | 000,275,124 | ---- | C] () -- C:\Windows\System32\ativvaxy_vi.dat

[2014/01/16 09:34:52 | 000,723,841 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2013/12/19 12:05:33 | 010,392,120 | ---- | C] () -- C:\Program Files\Common Files\lpuninstall.exe

[2013/12/06 22:38:38 | 000,995,342 | ---- | C] () -- C:\Windows\System32\amdocl_as32.exe

[2013/12/06 22:38:38 | 000,798,734 | ---- | C] () -- C:\Windows\System32\amdocl_ld32.exe

[2013/12/06 21:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat

[2013/12/06 21:28:32 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat

[2013/11/02 10:03:54 | 000,000,043 | ---- | C] () -- C:\Users\BF2010\autorun.inf

[2012/08/12 10:30:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Super Strings

[2012/08/12 10:30:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\String Ensemble

[2012/08/12 10:30:32 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Track Settings

[2012/08/12 08:45:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\StatusSheet

[2012/08/12 08:45:57 | 000,000,000 | ---- | C] () -- C:\ProgramData\StartupItems

[2012/08/12 07:03:00 | 000,000,000 | ---- | C] () -- C:\Users\BF2010\AppData\Roaming\Synth Textures

[2012/08/12 07:02:59 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT

[2012/05/02 10:45:24 | 000,282,624 | ---- | C] () -- C:\Users\BF2010\AppData\Roaming\SettingsDB.sdf

[2011/12/22 16:27:54 | 000,000,268 | RH-- | C] () -- C:\Users\BF2010\AppData\Roaming\StatusSheet

[2011/08/13 16:24:01 | 000,000,000 | ---- | C] () -- C:\Users\BF2010\AppData\Local\{CB311B15-645B-467F-AB72-A373C4B2F9EB}

[2011/07/27 09:54:42 | 000,000,268 | RH-- | C] () -- C:\Users\BF2010\AppData\Roaming\Stingers

[2011/07/27 09:54:42 | 000,000,268 | RH-- | C] () -- C:\Users\BF2010\AppData\Roaming\Static Library

[2011/07/27 09:54:42 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT

[2011/07/27 09:54:42 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT

[2011/07/27 09:54:41 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT

[2011/04/17 08:09:43 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2011/04/17 08:09:43 | 000,000,088 | RHS- | C] () -- C:\ProgramData\DE100F8271.sys

[2011/01/19 16:31:44 | 000,754,336 | -H-- | C] () -- C:\Users\BF2010\ZbThumbnail.info

[2010/12/04 19:06:58 | 000,000,355 | ---- | C] () -- C:\Users\BF2010\Computer - Shortcut (2).lnk

[2010/12/04 19:06:15 | 000,000,355 | ---- | C] () -- C:\Users\BF2010\Computer - Shortcut.lnk

[2010/10/30 15:27:25 | 000,007,648 | ---- | C] () -- C:\Users\BF2010\AppData\Local\resmon.resmoncfg

[2010/10/22 15:45:42 | 000,000,132 | ---- | C] () -- C:\Users\BF2010\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2010/10/09 09:39:05 | 000,000,132 | ---- | C] () -- C:\Users\BF2010\AppData\Roaming\Adobe BMP Format CS5 Prefs

[2010/09/14 11:52:58 | 1026,293,791 | ---- | C] () -- C:\Users\BF2010\Photoshop_12_LS1.7z

[2010/09/13 12:54:49 | 000,001,456 | ---- | C] () -- C:\Users\BF2010\AppData\Local\Adobe Save for Web 12.0 Prefs

[2010/08/12 12:50:14 | 000,038,429 | ---- | C] () -- C:\Users\BF2010\AppData\Roaming\Comma Separated Values (DOS).ADR

[2010/07/12 10:32:02 | 000,219,136 | -H-- | C] () -- C:\Users\BF2010\photothumb.db

[2010/07/10 09:44:47 | 000,064,436 | ---- | C] () -- C:\Users\BF2010\test collage 02.jpg

[2010/07/10 09:43:16 | 000,004,292 | ---- | C] () -- C:\Users\BF2010\shape.png

[2010/07/10 09:41:44 | 000,055,094 | ---- | C] () -- C:\Users\BF2010\test collage 01.jpg

[2010/07/02 10:12:04 | 001,055,517 | ---- | C] () -- C:\Users\BF2010\Photo0141.jpg

[2010/06/30 15:28:50 | 000,038,131 | ---- | C] () -- C:\Users\BF2010\AppData\Roaming\mdbu.bin

[2010/06/25 06:54:54 | 000,000,195 | ---- | C] () -- C:\Users\BF2010\AppData\Roaming\ltbpr.dat

[2010/06/02 12:31:12 | 000,000,411 | -H-- | C] () -- C:\Users\BF2010\.picasa.ini

[2010/06/02 11:16:22 | 001,704,589 | ---- | C] () -- C:\Users\BF2010\Photo0135.jpg

[2010/06/02 11:15:56 | 002,030,181 | ---- | C] () -- C:\Users\BF2010\Photo0134.jpg

[2010/06/02 11:15:34 | 001,652,703 | ---- | C] () -- C:\Users\BF2010\Photo0133.jpg

[2010/06/02 11:15:17 | 001,288,593 | ---- | C] () -- C:\Users\BF2010\Photo0132.jpg

[2010/06/02 11:15:00 | 001,312,322 | ---- | C] () -- C:\Users\BF2010\Photo0131.jpg

[2010/06/02 11:14:44 | 001,188,292 | ---- | C] () -- C:\Users\BF2010\Photo0130.jpg

[2010/06/02 11:14:17 | 002,006,521 | ---- | C] () -- C:\Users\BF2010\Photo0129.jpg

[2010/06/02 11:13:50 | 001,927,623 | ---- | C] () -- C:\Users\BF2010\Photo0128.jpg

[2010/06/02 11:13:23 | 001,981,211 | ---- | C] () -- C:\Users\BF2010\Photo0127.jpg

[2010/06/02 11:13:00 | 001,676,213 | ---- | C] () -- C:\Users\BF2010\Photo0126.jpg

[2010/06/02 11:12:33 | 001,927,138 | ---- | C] () -- C:\Users\BF2010\Photo0125.jpg

[2010/06/02 11:12:07 | 001,909,721 | ---- | C] () -- C:\Users\BF2010\Photo0124.jpg

[2010/06/02 11:11:58 | 000,509,343 | ---- | C] () -- C:\Users\BF2010\Photo0123.jpg

[2010/06/02 11:11:46 | 000,724,996 | ---- | C] () -- C:\Users\BF2010\Photo0122.jpg

[2010/06/02 11:11:30 | 001,192,184 | ---- | C] () -- C:\Users\BF2010\Photo0121.jpg

[2010/06/02 11:11:12 | 001,230,100 | ---- | C] () -- C:\Users\BF2010\Photo0120.jpg

[2010/06/02 11:10:58 | 000,970,908 | ---- | C] () -- C:\Users\BF2010\Photo0119.jpg

[2010/06/02 11:10:36 | 001,611,770 | ---- | C] () -- C:\Users\BF2010\Photo0118.jpg

[2010/06/02 11:10:13 | 001,569,601 | ---- | C] () -- C:\Users\BF2010\Photo0117.jpg

[2010/06/02 11:09:48 | 001,807,765 | ---- | C] () -- C:\Users\BF2010\Photo0116.jpg

[2010/06/02 11:09:25 | 001,734,815 | ---- | C] () -- C:\Users\BF2010\Photo0115.jpg

[2010/06/02 11:09:08 | 001,448,280 | ---- | C] () -- C:\Users\BF2010\Photo0114.jpg

[2010/06/02 11:08:49 | 001,722,095 | ---- | C] () -- C:\Users\BF2010\Photo0113.jpg

[2010/06/02 11:08:26 | 002,034,193 | ---- | C] () -- C:\Users\BF2010\Photo0112.jpg

[2010/06/02 11:08:11 | 001,189,584 | ---- | C] () -- C:\Users\BF2010\Photo0111.jpg

[2010/06/02 11:07:58 | 001,097,668 | ---- | C] () -- C:\Users\BF2010\Photo0110.jpg

[2010/06/02 11:07:44 | 001,067,443 | ---- | C] () -- C:\Users\BF2010\Photo0109.jpg

[2010/06/02 11:07:29 | 001,342,976 | ---- | C] () -- C:\Users\BF2010\Photo0108.jpg

[2010/06/02 11:07:07 | 001,895,596 | ---- | C] () -- C:\Users\BF2010\Photo0105.jpg

[2010/06/02 11:06:46 | 001,861,416 | ---- | C] () -- C:\Users\BF2010\Photo0104.jpg

[2010/06/02 11:06:29 | 001,531,174 | ---- | C] () -- C:\Users\BF2010\Photo0103.jpg

[2010/06/02 11:06:15 | 001,094,851 | ---- | C] () -- C:\Users\BF2010\Photo0102.jpg

[2010/06/02 11:05:59 | 001,440,348 | ---- | C] () -- C:\Users\BF2010\Photo0101.jpg

[2010/06/02 11:05:41 | 001,590,601 | ---- | C] () -- C:\Users\BF2010\Photo0100.jpg

[2010/06/02 11:05:26 | 001,357,186 | ---- | C] () -- C:\Users\BF2010\Photo0099.jpg

[2010/06/02 11:05:11 | 001,266,922 | ---- | C] () -- C:\Users\BF2010\Photo0098.jpg

[2010/06/02 11:04:46 | 002,217,187 | ---- | C] () -- C:\Users\BF2010\Photo0082.jpg

[2010/06/02 11:04:32 | 001,156,070 | ---- | C] () -- C:\Users\BF2010\Photo0057.jpg

[2010/06/02 11:04:19 | 000,811,359 | ---- | C] () -- C:\Users\BF2010\Photo0012.jpg

[2010/06/01 15:31:10 | 000,000,000 | ---- | C] () -- C:\Users\BF2010\AppData\Roaming\downloads.m3u

[2010/05/18 15:26:43 | 000,000,359 | ---- | C] () -- C:\Users\BF2010\Recycle Bin - Shortcut.lnk

[2010/05/14 12:23:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/03/31 16:42:06 | 000,000,141 | ---- | C] () -- C:\Users\BF2010\AppData\Roaming\default.rss

[2010/03/26 18:52:37 | 000,033,280 | ---- | C] () -- C:\Users\BF2010\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

========== ZeroAccess Check ==========

 

[2011/03/01 13:13:37 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = c:\windows\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = c:\windows\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== Custom Scans ==========

 

< %SYSTEMDRIVE%\*.* >

[2015/02/08 12:35:42 | 000,000,002 | ---- | M] () -- C:\$UpgDrv$

[2010/11/20 17:05:14 | 000,001,584 | ---- | M] () -- C:\01_Refine-Edge - Shortcut.lnkhs908

[2014/08/11 07:07:56 | 000,000,399 | ---- | M] () -- C:\356CANON.lnk5z416

[2013/06/27 15:30:53 | 000,017,252 | ---- | M] () -- C:\AdwCleaner[s1].txt

[2014/07/14 14:36:28 | 001,486,848 | ---- | M] () -- C:\BlueSoleil.msi

[2011/11/21 15:21:34 | 000,000,406 | ---- | M] () -- C:\CD Drive - Shortcut (2).lnk2l686

[2011/11/21 15:32:57 | 000,000,406 | ---- | M] () -- C:\CD Drive - Shortcut.lnk5z804

[2011/11/21 15:19:33 | 000,000,406 | ---- | M] () -- C:\CD Drive - Shortcut.lnkxk702

[2013/05/14 11:37:09 | 000,025,290 | ---- | M] () -- C:\DB1.rar

[2014/11/13 08:40:49 | 000,016,256 | ---- | M] () -- C:\FixitRegBackup.reg

[2010/04/02 16:30:05 | 000,000,989 | -H-- | M] () -- C:\hstr_0002.lnkui124

[2011/10/23 16:13:01 | 000,000,783 | -H-- | M] () -- C:\hstr_0004.lnkhs882

[2010/06/28 09:05:05 | 000,000,989 | -H-- | M] () -- C:\hstr_0004.lnkyk185

[2011/03/02 17:30:56 | 000,000,826 | -H-- | M] () -- C:\hstr_0007.lnk30350

[2011/03/02 17:13:44 | 000,000,974 | -H-- | M] () -- C:\hstr_0007.lnkht200

[2011/03/02 17:22:26 | 000,001,005 | -H-- | M] () -- C:\hstr_0008.lnkpf215

[2011/03/02 17:33:15 | 000,000,989 | -H-- | M] () -- C:\hstr_0009.lnkpn232

[2011/05/23 13:15:28 | 000,001,005 | -H-- | M] () -- C:\hstr_0010.lnk7q333

[2011/04/25 17:43:03 | 000,001,227 | ---- | M] () -- C:\I'm-behind-you - Shortcut.lnky4767

[2014/08/11 07:07:56 | 000,000,544 | ---- | M] () -- C:\IMG_2892.lnky4676

[2010/02/17 17:11:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2012/01/13 15:47:09 | 000,000,361 | -H-- | M] () -- C:\IPH.PH

[2015/03/27 16:32:54 | 000,118,195 | ---- | M] () -- C:\mal test 02 27th feb.txt

[2015/03/27 16:30:44 | 000,117,922 | ---- | M] () -- C:\mal test 27th feb.txt

[2011/02/10 11:36:12 | 000,003,067 | ---- | M] () -- C:\Mobipocket Reader.lnkqn16

[2010/07/10 15:33:42 | 000,001,898 | ---- | M] () -- C:\MovieShow music.lnkbf261

[2010/02/17 17:11:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010/11/26 10:47:16 | 000,003,067 | ---- | M] () -- C:\Nero BackItUp.lnkbi31

[2014/07/14 17:36:59 | 000,000,229 | ---- | M] () -- C:\NEW VOLUME (Q).lnk5z594

[2015/04/06 14:42:11 | 3353,665,536 | -HS- | M] () -- C:\pagefile.sys

[2014/04/16 10:05:59 | 000,000,368 | ---- | M] () -- C:\PHOTOS (J) - Shortcut.lnkro365

[2010/06/01 15:11:01 | 000,002,157 | ---- | M] () -- C:\Product Registration.lnky4843

[2015/01/20 10:38:22 | 000,346,562 | ---- | M] () -- C:\Reflect_Install.log

[2011/01/17 18:12:29 | 000,000,328 | ---- | M] () -- C:\Removable Disk (H) - Shortcut (2).lnkl7718

[2011/01/17 18:12:19 | 000,000,328 | ---- | M] () -- C:\Removable Disk (H) - Shortcut.lnkts734

[2013/09/10 11:22:54 | 000,002,479 | ---- | M] () -- C:\Safari.lnk4y985

[2011/06/01 16:26:57 | 000,002,479 | ---- | M] () -- C:\Safari.lnkzj230

[2010/08/08 06:57:25 | 000,002,503 | ---- | M] () -- C:\Skype.lnk7u245

[2013/03/22 16:07:32 | 000,003,199 | ---- | M] () -- C:\Sophos Virus Removal Tool.lnke9379

[2013/03/19 10:33:46 | 000,000,385 | ---- | M] () -- C:\STICK FOXIE (I) - Shortcut.lnkui1000

[2014/11/23 11:11:57 | 000,212,244 | ---- | M] () -- C:\TDSSKiller.3.0.0.41_23.11.2014_09.55.02_log.txt

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2009/07/14 02:15:05 | 000,071,168 | ---- | M] (CANON INC.) -- C:\Windows\system32\Spool\prtprocs\w32x86\CNBPP4.DLL

[2009/07/14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll

[2006/10/26 20:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\mdippr.dll

[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

[2009/07/14 02:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\winprint.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\*.exe /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

 

< %PROGRAMFILES%\* >

[2014/09/26 07:46:49 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

[2011/02/20 00:03:12 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\msvcp100.dll

[2011/02/19 01:40:50 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\msvcr100.dll

[2014/09/30 18:37:22 | 003,223,552 | ---- | M] (Masuji SUTO & David Sykes) -- C:\Program Files\stphmkre.exe

[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

 

< %USERPROFILE%\..|smtmp;true;true;true /FP >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

"NoAutoUpdate" = 0

 

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2015/03/05 14:07:15 | 000,922,152 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2015/03/05 14:07:15 | 000,922,152 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2015/03/05 14:07:15 | 000,922,152 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2015/03/05 14:06:10 | 000,376,944 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2015/03/05 14:06:10 | 000,376,944 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2015/03/05 14:06:10 | 000,376,944 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2015/03/30 23:17:08 | 000,807,752 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2015/03/30 23:17:08 | 000,807,752 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2015/03/30 23:17:08 | 000,807,752 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2015/03/30 23:17:08 | 000,807,752 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.N2ICUKWKFWPSFH7B7D3TDFNR2Y\InstallInfo\\ShowIconsCommand: "C:\Users\BF2010\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/24 02:30:07 | 001,250,840 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.N2ICUKWKFWPSFH7B7D3TDFNR2Y\InstallInfo\\HideIconsCommand: "C:\Users\BF2010\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/24 02:30:07 | 001,250,840 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.N2ICUKWKFWPSFH7B7D3TDFNR2Y\InstallInfo\\ReinstallCommand: "C:\Users\BF2010\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/24 02:30:07 | 001,250,840 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.N2ICUKWKFWPSFH7B7D3TDFNR2Y\shell\open\command\\: "C:\Users\BF2010\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/10/24 02:30:07 | 001,250,840 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2015/01/08 19:05:36 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2015/01/08 19:05:36 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2015/01/08 19:05:36 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2015/01/08 19:05:39 | 000,757,968 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2015/01/08 19:05:39 | 000,757,968 | ---- | M] (Microsoft Corporation)

 

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2015/03/05 14:07:15 | 000,922,152 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2015/03/05 14:07:15 | 000,922,152 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2015/03/05 14:07:15 | 000,922,152 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2015/03/05 14:06:10 | 000,376,944 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2015/03/05 14:06:10 | 000,376,944 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2015/03/05 14:06:10 | 000,376,944 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2015/03/30 23:17:08 | 000,807,752 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2015/03/30 23:17:08 | 000,807,752 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2015/03/30 23:17:08 | 000,807,752 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2015/03/30 23:17:08 | 000,807,752 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.N2ICUKWKFWPSFH7B7D3TDFNR2Y\InstallInfo\\ShowIconsCommand: "C:\Users\BF2010\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/24 02:30:07 | 001,250,840 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.N2ICUKWKFWPSFH7B7D3TDFNR2Y\InstallInfo\\HideIconsCommand: "C:\Users\BF2010\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/24 02:30:07 | 001,250,840 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.N2ICUKWKFWPSFH7B7D3TDFNR2Y\InstallInfo\\ReinstallCommand: "C:\Users\BF2010\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/24 02:30:07 | 001,250,840 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.N2ICUKWKFWPSFH7B7D3TDFNR2Y\shell\open\command\\: "C:\Users\BF2010\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/10/24 02:30:07 | 001,250,840 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2015/01/08 19:05:36 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2015/01/08 19:05:36 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2015/01/08 19:05:36 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2015/01/08 19:05:39 | 000,757,968 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2015/01/08 19:05:39 | 000,757,968 | ---- | M] (Microsoft Corporation)

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 143 bytes -> C:\Users\BF2010\AppData\Roaming\default.rss:OECustomProperty

Member of:

UNITE

Starbuck Newbie

Starbuck

Posted
Posted

Otl extras.txt for Bob:

 

OTL Extras logfile created on: 06/04/2015 15:08:42 - Run 7

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BF2010\Downloads

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

3.12 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 47.16% Memory free

6.25 Gb Paging File | 4.22 Gb Available in Paging File | 67.61% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 910.41 Gb Total Space | 505.53 Gb Free Space | 55.53% Space Free | Partition Type: NTFS

Drive D: | 20.00 Gb Total Space | 8.84 Gb Free Space | 44.19% Space Free | Partition Type: NTFS

Drive P: | 931.51 Gb Total Space | 93.32 Gb Free Space | 10.02% Space Free | Partition Type: NTFS

 

Computer Name: BF2010-PC | User Name: BF2010 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{5E221B92-3A89-44CD-A2B0-8E90941AFF51}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{73147DD5-0271-408A-B706-88D17DA78482}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{E081B5EC-561B-4C2D-B440-5895BA6CB13E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{11593E44-D82F-4864-B87B-77242EE89BAE}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{1EDAEEC2-B07B-4172-9224-1CEF91CF14AD}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"{41A75473-DE0E-46AA-866F-372BD14798C9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{70651531-4C4A-4EFF-B402-19422F71563C}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |

"{92ADA522-B7A8-4CA0-94A0-D4822345A1BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{DEF27321-110E-4739-AA3C-61675EFEF827}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{FE3E130A-1E77-466D-AC54-CC88A9BF825E}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{3337CB2A-ACBC-4C7B-92EB-B95E29CA5275}C:\users\bf2010\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\bf2010\appdata\roaming\dropbox\bin\dropbox.exe |

"TCP Query User{CD246E7A-BAB8-4B2F-BEB7-7CAE25E75620}C:\users\bf2010\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\bf2010\appdata\roaming\dropbox\bin\dropbox.exe |

"TCP Query User{F84DF255-3F8E-4D24-95C8-8202C983ACB1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{3D2AD1FD-3BDC-4969-A05F-60E549602643}C:\users\bf2010\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\bf2010\appdata\roaming\dropbox\bin\dropbox.exe |

"UDP Query User{72F12063-505C-4848-853C-38160D621A57}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{B5C19E04-DE07-4B8E-98D0-32CB9538704F}C:\users\bf2010\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\bf2010\appdata\roaming\dropbox\bin\dropbox.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{031F80EB-1FE5-45EF-9DE2-E2F5AF01259F}" = CCC Help Spanish

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}" = System Requirements Lab for Intel

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0B15A8C3-3B8A-F229-A880-82EA62908425}" = CCC Help Dutch

"{0C41D003-E38E-4C8A-BA67-AFF061E27F3F}" = Microsoft Mouse and Keyboard Center

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805" = CanoScan 8800F

"{121C477C-5B7B-44E3-B621-BDDB542AE8FD}" = TuneUp Utilities Language Pack (en-GB)

"{12E80513-E131-EEB9-56E1-AAB7850B7151}" = ATI Stream SDK v2 Developer

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 P****r

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1A6752E1-966B-9D1F-F6B7-DDBCA6FC87ED}" = CCC Help Russian

"{1D55DE93-486D-40F7-88F3-CF08578F82AA}" = Adobe Flash Player 16 NPAPI

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1F752D02-F576-4DD6-8DA7-E478283F455A}" = OpenOffice Beta 4.1.0

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2058DA53-D5F2-D8D9-7325-39B0E367D1E1}" = CCC Help Swedish

"{2090B6D0-E025-5A67-9838-8F1D5768E643}" = CCC Help Chinese Standard

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety

"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.2

"{25A3B953-1423-3F15-640E-B620DD0F419A}" = Catalyst Control Center - Branding

"{26A24AE4-039D-4CA4-87B4-2F83218040F0}" = Java 8 Update 40

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2AD4FF67-43E9-77AD-D90C-584F950E2D12}" = CCC Help French

"{2C3289CB-6AA8-42CC-808E-8BB671644CEF}}_is1" = Phereoshop version 2.0.3

"{2CC34925-D47D-BD10-AA1E-FAA76F3B5D82}" = AMD Wireless Display v3.0

"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety

"{31A65C5A-73BF-AEE0-082D-1B6C0B9ACF31}" = AMD Drag and Drop Transcoding

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030

"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3911CF56-9EF2-39BA-846A-C27BD3CD0685}" = Microsoft .NET Framework 4.5.2

"{3A577334-7C90-55BC-1878-F5862FA268B2}" = CCC Help Korean

"{3BF289E3-933B-F421-3B59-F6BB0D285B09}" = CCC Help Hungarian

"{3CB6BA0C-6BC5-E543-221A-AA4DEBB6F4B5}" = CCC Help Polish

"{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7

"{3F914D52-8A29-4E37-9BF7-7FD7A303D0D5}" = MailWasherPro

"{41B7A6BC-468F-4599-8729-F309809FB381}" = Macrium Reflect Free Edition

"{430E2D32-6EA9-E6E4-80A1-84047694A45B}" = CCC Help Czech

"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources

"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A6A8D33-09CD-FD44-4BF0-999E8A6E93C8}" = CCC Help Italian

"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth

"{4D66F66A-D5FA-15A2-F6E5-5589BD7E29AA}" = Catalyst Control Center InstallProxy

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{59DB38EB-F864-4E10-841D-38CFBCF864B0}" = Intel® Driver Update Utility 2.0

"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{64491CEE-3E23-AD3B-F8A5-CCDF2F8B7846}" = Application Profiles

"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.1.2

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6B594A3F-FDF9-74A0-B3F6-C2E7B6AA339F}" = AMD Media Foundation Decoders

"{6C36881B-0E51-4231-9D02-BF2149664D34}" = Google Drive

"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call

"{6EBDE2A2-0CFB-9134-A859-68A0002B3FA6}" = CCC Help Thai

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{769E98DC-2BB0-83A7-51C9-306F30232345}" = Catalyst Control Center Graphics Previews Common

"{77D28FF5-242F-488A-8215-937D6A4D69E0}" = Adobe AIR

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver

"{80F52BC0-7AC5-17C3-F34B-8613E213D44D}" = AMD Accelerated Video Transcoding

"{8181B50E-0E33-DE07-AAB2-E71BBBDBF288}" = CCC Help Portuguese

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{83FB054C-7DA5-1C76-BFB2-423426DC35BB}" = AMD Catalyst Control Center

"{8409c4f7-2340-4933-a304-5d37db4fb48b}" = Intel® Driver Update Utility

"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A640069-9784-701E-AC8E-84F62C42D1A3}" = CCC Help English

"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8DD62FB6-083D-40B9-9D7D-48449FDDDED5}" = Microsoft Windows Debugging Symbols

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2

"{93098E43-2743-1551-447F-2699E9591E9C}" = CCC Help Danish

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1" = WinZip Driver Updater

"{99415B03-525E-3FEA-2A60-359FD6BCD368}" = ccc-utility

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A1A01D26-AF53-42C0-9DAE-1BC2FCC68812}" = ESET NOD32 Antivirus

"{A3703A3B-FDCF-4349-4B2E-A189A2B90B51}" = CCC Help Chinese Traditional

"{A619A488-A4BA-F2A0-72FA-4C484B93DC0F}" = CCC Help Greek

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A9111573-EF12-4D80-A5B9-55F620D5BCA1}" = PL-2303 USB-to-Serial

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor

"{AB6F6C80-1C35-4672-BDEF-F26FF214C409}" = Samsung PC Studio 7

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2

"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 340.82

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 340.82

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 340.82

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.2

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 340.82

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.14.0702

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 16.13.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.30.1

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 16.13.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.25

"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX

"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030

"{BE0CD30D-69A6-4B3A-857D-218C2C32E912}" = Acronis True Image Home 2012

"{BE0CD30D-69A6-4B3A-857D-218C2C32E912}Visible" = Acronis True Image Home 2012

"{C15841A6-C20A-11E4-977D-00163E98E7D6}" = Evernote v. 5.8.4

"{C4799AAA-CE52-D2F1-63C8-E6D5106C78E0}" = CCC Help Norwegian

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{C6182116-5F2D-9949-B42B-06073E86A98A}" = CCC Help German

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C6DB958A-50CC-481B-9ED8-3BAD236F7B49}" = Microsoft Windows Debugging Symbols

"{C77CC230-7417-3F01-B70D-52583DC9FEC9}" = Google Talk Plugin

"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps

"{CC6C7F05-AF23-65BD-702D-705EAB723578}" = CCC Help Japanese

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005

"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D5B7F1A3-2CA6-4C5C-EFB6-4AA5772F5310}" = CCC Help Turkish

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DBA6B3EF-A8C0-4EB2-9554-3A7879838580}" = Catalyst Control Center Localization All

"{DC7723BE-A2BB-58A0-4820-5630F9B82198}" = AMD Catalyst Install Manager

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F4A6308C-55E6-57DF-95BB-AEEF374B469A}" = CCC Help Finnish

"{F543B0F9-D1F9-25D1-993C-8430BEC9D889}" = Catalyst Control Center InstallProxy

"{FC41E924-9AF0-8BD3-2DB0-A688628AF474}" = AMD Fuel

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"AI RoboForm" = RoboForm 7-9-12-2 (All Users)

"Belarc Advisor" = Belarc Advisor 8.1

"CameraWindowDC" = Canon Utilities CameraWindow DC

"CameraWindowDC8" = Canon Utilities CameraWindow DC 8

"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder

"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX

"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX

"Canon MOV Decoder" = Canon MOV Decoder

"Canon MOV Encoder" = Canon MOV Encoder

"CCleaner" = CCleaner

"DivX Setup" = DivX Setup

"Flickr Uploadr" = Flickr Uploadr 3.2.1

"Gadwin PrintScreen" = Gadwin PrintScreen

"Google Chrome" = Google Chrome

"Google Desktop" = Google Desktop

"IE7ProSpellCheckDictionary_is1" = Spelling Check Dictionary From OpenOffice.org

"IrfanView" = IrfanView (remove only)

"MacriumReflect" = Macrium Reflect Free Edition

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.1.4.1018

"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"Mozilla Firefox 36.0.1 (x86 en-US)" = Mozilla Firefox 36.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1

"MyCamera" = Canon Utilities MyCamera

"MyCameraDC" = Canon Utilities MyCamera DC

"NVIDIA 3D Vision PowerPack - Santa Cruz Beach Bo~0CE22E54_is1" = NVIDIA 3D Vision PowerPack - Santa Cruz Beach Boardwalk (MPO)

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Opanda IExif_is1" = Opanda IExif 2.3

"PhotoStitch" = Canon Utilities PhotoStitch

"Picasa 3" = Picasa 3

"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX

"Revo Uninstaller" = Revo Uninstaller 1.95

"Samsung PC Studio 7" = Samsung PC Studio 7

"Secunia PSI" = Secunia PSI (3.0.0.9016)

"sp6" = Logitech SetPoint 6.51

"Speccy" = Speccy

"SystemRequirementsLab" = System Requirements Lab

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 5.10 (32-bit)

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1" = ChromecastApp

"Akamai" = Akamai NetSession Interface

"AOL Messaging Toolbar" = AOL Messaging Toolbar

"Dropbox" = Dropbox

"Google+ Auto Backup" = Google+ Auto Backup

"OpenOffice.org Packages" = OpenOffice.org Packages

"WinDirStat" = WinDirStat 1.1.2

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 04/04/2015 06:01:59 | Computer Name = BF2010-PC | Source = PerfNet | ID = 2005

Description =

 

Error - 04/04/2015 09:44:56 | Computer Name = BF2010-PC | Source = Application Error | ID = 1000

Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16768,

time stamp: 0x4d6878c3 Faulting module name: tquery.dll, version: 7.0.7600.16808,

time stamp: 0x4dc0db11 Exception code: 0xc0000005 Fault offset: 0x000a4da0 Faulting

process id: 0x5fc Faulting application start time: 0x01d06ebe204a3003 Faulting application

path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\tquery.dll

Report

Id: c6bcbcee-dad0-11e4-a976-40618695167e

 

Error - 05/04/2015 02:11:42 | Computer Name = BF2010-PC | Source = PerfNet | ID = 2005

Description =

 

Error - 05/04/2015 03:28:20 | Computer Name = BF2010-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\ati technologies\ATI.ACE\core-static\SLSTaskbar64.exe".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

 

Error - 05/04/2015 03:28:40 | Computer Name = BF2010-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\common

files\Logishrd\sp6_uninstall\tools\64\AddBrowsers.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

 

Error - 05/04/2015 03:28:54 | Computer Name = BF2010-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\Samsung\samsung

pc studio 7\TIS_VistaPIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

 

Error - 05/04/2015 12:59:38 | Computer Name = BF2010-PC | Source = Windows Search Service | ID = 7040

Description = The search service has detected corrupted data files in the index

{id=2350}. The service will attempt to automatically correct this problem by rebuilding

the index. Details: The content index catalog is corrupt. 0xc0041801 (0xc0041801)

 

 

Error - 05/04/2015 12:59:38 | Computer Name = BF2010-PC | Source = Windows Search Service | ID = 7042

Description = The Windows Search Service is being stopped because there is a problem

with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt.

0xc0041801 (0xc0041801)

 

Error - 05/04/2015 16:08:47 | Computer Name = BF2010-PC | Source = EventSystem | ID = 4621

Description =

 

Error - 06/04/2015 07:15:11 | Computer Name = BF2010-PC | Source = EventSystem | ID = 4621

Description =

 

[ System Events ]

Error - 31/03/2015 02:35:57 | Computer Name = BF2010-PC | Source = Service Control Manager | ID = 7031

Description = The Windows Media Player Network Sharing Service service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 30000 milliseconds: Restart the service.

 

Error - 31/03/2015 02:36:03 | Computer Name = BF2010-PC | Source = Service Control Manager | ID = 7031

Description = The Windows Search service terminated unexpectedly. It has done this

2 time(s). The following corrective action will be taken in 30000 milliseconds:

Restart the service.

 

Error - 31/03/2015 02:36:33 | Computer Name = BF2010-PC | Source = Service Control Manager | ID = 7032

Description = The Service Control Manager tried to take a corrective action (Restart

the service) after the unexpected termination of the Windows Search service, but

this action failed with the following error: %%1056

 

Error - 31/03/2015 02:36:56 | Computer Name = BF2010-PC | Source = Service Control Manager | ID = 7038

Description = The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with

the currently configured password due to the following error: %%50 To ensure that

the service is configured properly, use the Services snap-in in Microsoft Management

Console (MMC).

 

Error - 31/03/2015 02:36:56 | Computer Name = BF2010-PC | Source = Service Control Manager | ID = 7000

Description = The Print Spooler service failed to start due to the following error:

%%1069

 

Error - 01/04/2015 02:11:03 | Computer Name = BF2010-PC | Source = Service Control Manager | ID = 7022

Description = The Windows Search service hung on starting.

 

Error - 01/04/2015 04:22:47 | Computer Name = BF2010-PC | Source = DCOM | ID = 10010

Description =

 

Error - 01/04/2015 04:44:47 | Computer Name = BF2010-PC | Source = Service Control Manager | ID = 7022

Description = The Windows Search service hung on starting.

 

Error - 03/04/2015 02:10:22 | Computer Name = BF2010-PC | Source = Service Control Manager | ID = 7022

Description = The Windows Search service hung on starting.

 

Error - 03/04/2015 02:10:56 | Computer Name = BF2010-PC | Source = DCOM | ID = 10010

Description =

Member of:

UNITE

Starbuck Newbie

Starbuck

Posted
Posted

Hi Bob,

 

Only a few orphan entries to remove.

 

Double click on OTL to run it.

Vista/Windows 7 users right-click and select Run As Administrator.

Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include all of the Commands section )

:otl
O8 - Extra context menu item: Clip Image - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?c lipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?c lipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?c lipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?c lipAction=0 File not found
O8 - Extra context menu item: Customize Menu - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found
O8 - Extra context menu item: Save Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^BF2010^AppData^Roaming^Microsoft^Windows^ Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk - - File not found
MsConfig - StartUpReg: Obrona Block Ads - hkey= - key= - File not found

:commands
[emptytemp]
[purity]

  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
     
    http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
     
  • Click the red Run Fix button.
     
    http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
     
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

 

Thanks

Member of:

UNITE

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...