Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop malware infected and needs help


  • This topic is locked This topic is locked
23 replies to this topic

#1 purrpurrppurr3

purrpurrppurr3

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:st petersburg florida
  • Local time:02:45 AM

Posted 16 March 2014 - 05:37 AM

toolbars and add-ons that won't go away. Lists of programs I don't know if i need or not.  Slow puter, constant disconnects. Those things that bug you



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,351 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:45 AM

Posted 16 March 2014 - 08:52 AM





Hello purrpurrppurr3

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 purrpurrppurr3

purrpurrppurr3
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:st petersburg florida
  • Local time:02:45 AM

Posted 17 March 2014 - 12:10 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by rac at 2014-03-17 00:47:53
Running from C:\Users\rac\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG Internet Security 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

ATI Catalyst Install Manager (HKLM\...\{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4335 - AVG Technologies)
AVG 2014 (Version: 14.0.3722 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4335 - AVG Technologies) Hidden
ccc-utility64 (Version: 2009.0804.2223.38385 - ATI) Hidden
Java™ 6 Update 15 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416015FF}) (Version: 6.0.150 - Sun Microsystems, Inc.)
Java™ SE Development Kit 6 Update 15 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160150}) (Version: 1.6.0.150 - Sun Microsystems, Inc.)
LK Maintenance (HKLM-x32\...\{4ACD145C-665E-40CC-89A0-A3213D761571}) (Version: 1.0 - LK Maintenance)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.11.11.7 - Conduit) <==== ATTENTION
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version:  - )
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - )
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

07-03-2014 08:00:19 Windows Update
09-03-2014 08:00:20 Windows Update
11-03-2014 09:11:52 Windows Update
12-03-2014 07:00:32 Windows Update
13-03-2014 16:40:53 Windows Defender Checkpoint
14-03-2014 16:24:30 Windows Update
15-03-2014 21:10:16 Removed Facebook Video Calling 2.0.0.447
15-03-2014 21:14:55 Configured LabelPrint
15-03-2014 21:31:16 Configured SlingPlayer
15-03-2014 23:08:10 Configured SlingPlayer
16-03-2014 06:05:46 Removed Acrobat.com
16-03-2014 08:39:39 Removed Visual Studio 2010 x64 Redistributables

==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-03-14 15:38 - 00008953 ____A C:\Windows\system32\Drivers\etc\hosts
216.239.32.20 google.com www.google.com
216.239.32.20 google.com www.google.ad
216.239.32.20 google.com www.google.ae
216.239.32.20 google.com www.google.com.af
216.239.32.20 google.com www.google.com.ag
216.239.32.20 google.com www.google.com.ai
216.239.32.20 google.com www.google.al
216.239.32.20 google.com www.google.am
216.239.32.20 google.com www.google.co.ao
216.239.32.20 google.com www.google.com.ar
216.239.32.20 google.com www.google.as
216.239.32.20 google.com www.google.at
216.239.32.20 google.com www.google.com.au
216.239.32.20 google.com www.google.az
216.239.32.20 google.com www.google.ba
216.239.32.20 google.com www.google.com.bd
216.239.32.20 google.com www.google.be
216.239.32.20 google.com www.google.bf
216.239.32.20 google.com www.google.bg
216.239.32.20 google.com www.google.com.bh
216.239.32.20 google.com www.google.bi
216.239.32.20 google.com www.google.bj
216.239.32.20 google.com www.google.com.bn
216.239.32.20 google.com www.google.com.bo
216.239.32.20 google.com www.google.com.br
216.239.32.20 google.com www.google.bs
216.239.32.20 google.com www.google.bt
216.239.32.20 google.com www.google.co.bw
216.239.32.20 google.com www.google.by

There are 162 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {07933784-EB5C-4D30-A371-426512076F64} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1050774876-1090009769-560395148-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {0B16131D-2E87-4E2A-BE47-A8C0E1DDF780} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1050774876-1090009769-560395148-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {15483BC5-643A-4F6B-8B45-FEBFCE068448} - System32\Tasks\media enhance-codedownloader => C:\Program Files (x86)\media enhance\media enhance-codedownloader.exe [2014-03-14] (freeven)
Task: {1AFC7C12-BB52-4757-ACB7-628B27904836} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2012-09-05] (Systweak Inc) <==== ATTENTION
Task: {236A3DCF-5AB2-41D2-86CB-925CFDF713F8} - System32\Tasks\AmiUpdXp => C:\Users\rac\AppData\Local\5656\a17911.exe [2014-03-16] () <==== ATTENTION
Task: {237470C4-7F28-46C9-B19C-66DD7F29B63F} - System32\Tasks\media enhance-enabler => C:\Program Files (x86)\media enhance\media enhance-enabler.exe [2014-03-14] (freeven) <==== ATTENTION
Task: {25C9AB7A-A964-4834-BA2D-656B8B7101B7} - System32\Tasks\{4E842F74-69E7-4AB7-B4EC-CE94E6AAD446} => Firefox.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {26E1959D-F0B6-48D3-ACA3-B3DE21DAB463} - System32\Tasks\RPCReminder => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RPCReminder.exe [2012-02-08] (Winferno Software)
Task: {30AFFE3D-0876-478A-9DB0-22C6FD1E6AE2} - System32\Tasks\PCSB_rac_PCSpeedBoost_LogonTask => C:\Program Files (x86)\PC SpeedBoost\PCSpeedBoost.exe [2014-03-05] ()
Task: {32C8E359-EBB3-4EA8-9F6B-F04B1B142AAB} - System32\Tasks\Driver Support-RTMScanRunOnce => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-03-13] (PC Drivers Headquarters)
Task: {4CFCDE59-B4E6-41C2-B44E-8AE7016F1B97} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-03-14] (SaveSense) <==== ATTENTION
Task: {5047D0FD-610B-4426-830D-1135E99E68F3} - System32\Tasks\{6F53C8F8-971B-40BD-837E-C3E567188CF8} => Firefox.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {522E5F20-B056-4796-8F2D-9D35AC892BEA} - System32\Tasks\Norton Security Scan for rac => C:\Program Files (x86)\Norton Security Scan\Engine\4.0.1.16\Nss.exe [2013-05-07] (Symantec Corporation)
Task: {5F9DC12D-7743-4426-9F9B-A779070F7239} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-03-14] (SaveSense) <==== ATTENTION
Task: {643AC9FC-34E7-492E-8275-5A7026CFFACA} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe [2012-07-20] (Systweak Inc                                                ) <==== ATTENTION
Task: {64E2533E-B665-43D2-ABC4-01EBCF70233E} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2012-09-05] (Systweak Inc) <==== ATTENTION
Task: {657E092D-04A8-43A0-9280-4C2555C5DF9E} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1050774876-1090009769-560395148-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {68AC0493-BA60-40E4-B9E3-2D9ACDC944FB} - System32\Tasks\media enhance-updater => C:\Program Files (x86)\media enhance\media enhance-updater.exe [2014-03-14] (freeven)
Task: {6B822348-FCD2-49F4-ABA5-A1444574C3E8} - System32\Tasks\PCSB_rac_PCSpeedBoost_RS_DailyTask => C:\Program Files (x86)\PC SpeedBoost\PCSpeedBoost.exe [2014-03-05] ()
Task: {6B8C2E5B-38FE-49FA-A9AC-CDF77222B5E4} - System32\Tasks\PC Optimizer Pro Updates => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {74CE516B-89BD-4558-A0E8-6952AE9A9C47} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1050774876-1090009769-560395148-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {753DB9F6-81C0-474C-8651-64DB850A814A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {7A35E2E8-A38C-4FDF-A7A2-00F048242258} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {7E27EE74-1C3B-4629-B002-4048CD5F712F} - System32\Tasks\PCHelpers_period => C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe [2014-01-03] (Viracure Limited)
Task: {9081B060-6C1F-4342-8F83-3F9B5981B62D} - System32\Tasks\media enhance-firefoxinstaller => C:\Program Files (x86)\media enhance\media enhance-firefoxinstaller.exe [2014-03-14] (freeven)
Task: {965D2B2C-3371-479D-A123-F7404ECEF363} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {975D3631-B635-41AB-A3EE-E9EAC22FF6F6} - System32\Tasks\PCSB_rac_PCSpeedBoost_LG_DailyTask => C:\Program Files (x86)\PC SpeedBoost\PCSpeedBoost.exe [2014-03-05] ()
Task: {9A212980-8973-4FF4-959A-D19F072B2217} - System32\Tasks\RegPowerClean => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2012-02-08] (Capital Intellect Inc)
Task: {9DB3A6BC-B2C3-42AB-A16D-CD1B4604F285} - System32\Tasks\SaveSense => C:\Users\rac\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {A7B94868-9C5D-4DFC-8457-3782D2DFBFFB} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-03-13] (PC Drivers Headquarters)
Task: {AAB87745-D95D-491B-925F-A2BA99AA5C4C} - System32\Tasks\PCHelpers1st => C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe [2014-01-03] (Viracure Limited)
Task: {AC47BDC9-AC7B-4187-993D-A02FAF430484} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2013-05-24] (Systweak) <==== ATTENTION
Task: {AD1B109A-71F8-4844-88A4-B54F11886B9F} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {B2D0DE20-A62B-4A5E-A6FC-1699EB7D045A} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-03-13] (PC Drivers Headquarters)
Task: {B579AA19-55C2-4F91-93B4-B60950462BB8} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-11] (Bitberry Software)
Task: {BDDE2443-E55D-4B41-986A-B2B5C492075D} - System32\Tasks\PCSB_rac_PCSpeedBoost_RS_WeeklyTask => C:\Program Files (x86)\PC SpeedBoost\PCSpeedBoost.exe [2014-03-05] ()
Task: {C8CCE008-2776-4747-B8D9-78C3068433F4} - System32\Tasks\{EFAE00DD-42DE-4D04-88FB-A0C2592C84E2} => Firefox.exe http://ui.skype.com/ui/0/6.3.73.105.456/en/abandoninstall?page=tsWLM
Task: {CA1B226C-B8CD-4ACB-B6DD-C6C78FFDBA35} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1050774876-1090009769-560395148-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CA9E0708-E17A-4778-9058-44D82B5D4112} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-03-13] (PC Drivers Headquarters)
Task: {DAE4A4D5-9C98-47DF-BAFA-71C89104F982} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2012-09-05] (Systweak Inc) <==== ATTENTION
Task: {DBBC6EDE-34AA-4D6E-A83E-A24C92B364A4} - System32\Tasks\media enhance-chromeinstaller => C:\Program Files (x86)\media enhance\media enhance-chromeinstaller.exe [2014-03-14] (freeven)
Task: {E3D552DF-4EAA-4A11-B2B9-DC8EDAF38F96} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2012-02-29] (Trusted Software ApS) <==== ATTENTION
Task: {E4C54893-59B5-43F0-9F1E-77EEA9BADFD8} - System32\Tasks\Video-Saver_wd => C:\Program Files (x86)\Video-Saver-soft\video-saver_wd.exe [2014-03-14] ()
Task: {F8BB600F-B2BC-4276-974C-4A094011F5BB} - System32\Tasks\Video-Saver Update => C:\Program Files (x86)\Video-Saver-soft\Video.exe [2014-03-14] ()
Task: {F8FA0AEE-278C-4632-AD3D-D3C9CA129452} - System32\Tasks\FF Watcher {A607C5A1-0C6E-42E0-89AB-3735F99C8659} => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\rac\AppData\Local\5656\a17911.exe <==== ATTENTION
Task: C:\Windows\Tasks\FF Watcher {A607C5A1-0C6E-42E0-89AB-3735F99C8659}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
Task: C:\Windows\Tasks\media enhance-chromeinstaller.job => C:\Program Files (x86)\media enhance\media enhance-chromeinstaller.exe
Task: C:\Windows\Tasks\media enhance-codedownloader.job => C:\Program Files (x86)\media enhance\media enhance-codedownloader.exe
Task: C:\Windows\Tasks\media enhance-enabler.job => C:\Program Files (x86)\media enhance\media enhance-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\media enhance-firefoxinstaller.job => C:\Program Files (x86)\media enhance\media enhance-firefoxinstaller.exe
Task: C:\Windows\Tasks\media enhance-updater.job => C:\Program Files (x86)\media enhance\media enhance-updater.exe
Task: C:\Windows\Tasks\Norton Security Scan for rac.job => C:\PROGRA~2\NORTON~2\Engine\401~1.16\Nss.exe
Task: C:\Windows\Tasks\PC Optimizer Pro Updates.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\PCHelpers1st.job => C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe
Task: C:\Windows\Tasks\PCHelpers_period.job => C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegPowerClean.job => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RegPowerClean.exe
Task: C:\Windows\Tasks\RPCReminder.job => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RPCReminder.exe
Task: C:\Windows\Tasks\SaveSense.job => C:\Users\rac\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\Video-Saver Update.job => C:\Program Files (x86)\Video-Saver-soft\Video.exe
Task: C:\Windows\Tasks\Video-Saver_wd.job => C:\Program Files (x86)\Video-Saver-soft\video-saver_wd.exe

==================== Loaded Modules (whitelisted) =============

2014-03-14 14:42 - 2014-03-14 14:42 - 02681648 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll
2014-03-14 14:56 - 2014-03-14 14:56 - 00093696 _____ () C:\Program Files (x86)\Video-Saver-soft\video-saver_wd.exe
2014-01-28 06:21 - 2014-01-28 06:21 - 00252928 _____ () C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
2014-03-10 10:39 - 2014-03-10 10:39 - 00011776 _____ () C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
2014-03-14 15:38 - 2014-02-20 15:33 - 00052568 _____ () C:\Users\rac\AppData\Local\PirritSuggestor\PirritService.exe
2013-08-14 18:19 - 2013-08-14 18:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2009-10-31 06:15 - 2009-07-06 15:20 - 00247152 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-03-14 15:38 - 2014-02-26 17:42 - 00059904 _____ () C:\Program Files (x86)\WinRST\WinRST.exe
2014-03-14 15:38 - 2014-02-20 15:33 - 00191320 _____ () C:\Users\rac\AppData\Local\PirritSuggestor\PirritDesktop.exe
2014-03-14 14:41 - 2014-03-10 12:18 - 03234256 _____ () C:\Users\rac\AppData\Local\fst_us_11\upfst_us_11.exe
2014-03-13 12:37 - 2014-03-13 12:37 - 00428416 _____ () C:\Program Files (x86)\Driver Support\Driver Support\Agent.Communication.XmlSerializers.dll
2014-02-27 13:41 - 2014-02-27 13:41 - 00442816 _____ () C:\Program Files (x86)\SmartMediaConverter\SmartMediaConverterApp.exe
2014-02-14 10:37 - 2014-02-14 10:37 - 00076560 _____ () C:\Users\rac\AppData\Roaming\LVMaintenance\LVMaintenance.exe
2014-02-27 13:41 - 2014-02-27 13:41 - 00165824 _____ () C:\Program Files (x86)\SmartMediaConverter\SmartMediaConverterBrowser.exe
2014-03-05 12:15 - 2014-03-05 12:15 - 07457136 _____ () C:\Program Files (x86)\PC SpeedBoost\PCSpeedBoost.exe
2014-03-14 14:56 - 2014-03-14 14:56 - 00195072 _____ () C:\Program Files (x86)\Video-Saver-soft\video-saver157.exe
2014-03-14 14:42 - 2014-03-14 14:42 - 02961368 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
2014-03-14 14:42 - 2014-03-14 14:42 - 00186496 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll
2013-10-15 06:46 - 2012-07-25 15:03 - 00886272 _____ () C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll
2013-10-15 06:46 - 2013-05-24 16:13 - 01730928 _____ () C:\Program Files (x86)\Advanced System Protector\aspsys.dll
2014-01-22 04:34 - 2014-01-22 04:34 - 00732160 _____ () C:\Program Files (x86)\PC SpeedBoost\libGLESv2.dll
2013-12-18 08:15 - 2013-12-18 08:15 - 00854016 _____ () C:\Program Files (x86)\PC SpeedBoost\platforms\qwindows.dll
2014-01-22 04:35 - 2014-01-22 04:35 - 00047104 _____ () C:\Program Files (x86)\PC SpeedBoost\libEGL.dll
2013-06-15 12:34 - 2013-06-15 12:34 - 00022016 _____ () C:\Program Files (x86)\PC SpeedBoost\imageformats\qgif.dll
2013-06-15 12:34 - 2013-06-15 12:34 - 00021504 _____ () C:\Program Files (x86)\PC SpeedBoost\imageformats\qico.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\rac\Downloads\RESUME S. DANIELLE WILSON.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Astrology Home Page Guard 64 bit => "C:\PROGRA~2\ASTROL~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: Astrology Search Scope Monitor => "C:\PROGRA~2\ASTROL~2\bar\1.bin\4asrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: Astrology_4a Browser Plugin Loader => C:\PROGRA~2\ASTROL~2\bar\1.bin\4abrmon.exe
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: Exetender => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
MSCONFIG\startupreg: Facebook Update => "C:\Users\rac\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Iminent => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
MSCONFIG\startupreg: IminentMessenger => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: VideoDownloadConverter Home Page Guard 64 bit => "C:\PROGRA~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: VideoDownloadConverter Search Scope Monitor => "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: VideoDownloadConverter_4z Browser Plugin Loader => C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbrmon.exe
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
MSCONFIG\startupreg: WirelessAssistant => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/17/2014 00:48:44 AM) (Source: ConvertFilesforFree) (User: )
Description: Can't parse JSON update object

Error: (03/17/2014 00:32:58 AM) (Source: ConvertFilesforFree) (User: )
Description: Can't parse JSON update object

Error: (03/17/2014 00:17:07 AM) (Source: ConvertFilesforFree) (User: )
Description: Can't parse JSON update object

Error: (03/17/2014 00:01:10 AM) (Source: ConvertFilesforFree) (User: )
Description: Can't parse JSON update object

Error: (03/16/2014 11:55:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 6.14.0.104, time stamp: 0x52f90e3e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x05f2951e
Faulting process id: 0x1438
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (03/16/2014 11:53:33 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b10

Start Time: 01cf418c8a442c0f

Termination Time: 741

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (03/16/2014 11:46:50 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 154c

Start Time: 01cf415b58057980

Termination Time: 10221

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (03/16/2014 11:45:16 PM) (Source: ConvertFilesforFree) (User: )
Description: Can't parse JSON update object

Error: (03/16/2014 11:29:44 PM) (Source: ConvertFilesforFree) (User: )
Description: Can't parse JSON update object

Error: (03/16/2014 11:14:11 PM) (Source: ConvertFilesforFree) (User: )
Description: Can't parse JSON update object

System errors:
=============
Error: (03/16/2014 10:48:57 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (03/16/2014 03:37:01 PM) (Source: Service Control Manager) (User: )
Description: The PirritUpdater service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/16/2014 03:23:02 PM) (Source: Service Control Manager) (User: )
Description: The WinRST service hung on starting.

Error: (03/16/2014 03:23:02 PM) (Source: Service Control Manager) (User: )
Description: The PirritUpdater service hung on starting.

Error: (03/16/2014 03:23:02 PM) (Source: Service Control Manager) (User: )
Description: The PirritDesktop service hung on starting.

Error: (03/16/2014 03:21:33 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgfws service.

Error: (03/16/2014 03:21:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%1053

Error: (03/16/2014 03:21:07 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

Error: (03/16/2014 03:20:44 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.

Error: (03/16/2014 03:20:19 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 87%
Total physical RAM: 1788.2 MB
Available physical RAM: 222.63 MB
Total Pagefile: 5024.37 MB
Available Pagefile: 464.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:135.29 GB) (Free:88.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:13.47 GB) (Free:2.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 7C072C8A)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=135 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by rac (administrator) on RAC-PC on 17-03-2014 00:23:24
Running from C:\Users\rac\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
() C:\Program Files (x86)\Video-Saver-soft\video-saver_wd.exe
(Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
() C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
() C:\Users\rac\AppData\Local\PirritSuggestor\PirritService.exe
(Quiknowledge) C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe
() C:\Program Files (x86)\WinRST\WinRST.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Users\rac\AppData\Local\PirritSuggestor\PirritDesktop.exe
() C:\Users\rac\AppData\Local\fst_us_11\upfst_us_11.exe
(ContentExplorer) C:\Users\rac\AppData\Roaming\ContentExplorer\ContentExplorer.exe
(PC Utilities Software Limited) C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\SmartMediaConverter\SmartMediaConverterApp.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(freeven) C:\program files (x86)\media enhance\media enhance-bg.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Conduit) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
() C:\Users\rac\AppData\Roaming\LVMaintenance\LVMaintenance.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(mIRC Co. Ltd.) C:\Program Files (x86)\mIRC\mirc.exe
() C:\Program Files (x86)\SmartMediaConverter\SmartMediaConverterBrowser.exe
() C:\Program Files (x86)\PC SpeedBoost\PCSpeedBoost.exe
() C:\Program Files (x86)\SmartMediaConverter\SmartMediaConverterBrowser.exe
() C:\Program Files (x86)\SmartMediaConverter\SmartMediaConverterBrowser.exe
() C:\Program Files (x86)\Video-Saver-soft\video-saver157.exe
(Microsoft Corporation) C:\Windows\SysWOW64\tasklist.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [fst_us_11] - "C:\Program Files (x86)\fst_us_11\fst_us_11.exe"
HKLM-x32\...\RunOnce: [upfst_us_11.exe] - C:\Users\rac\AppData\Local\fst_us_11\upfst_us_11.exe -runonce [3234256 2014-03-10] ()
HKU\S-1-5-21-1050774876-1090009769-560395148-1000\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135160 2014-01-28] (PC Utilities Software Limited)
HKU\S-1-5-21-1050774876-1090009769-560395148-1000\...\Run: [ContentExplorer] - C:\Users\rac\AppData\Roaming\ContentExplorer\ContentExplorer.exe [443152 2014-03-11] (ContentExplorer)
HKU\S-1-5-21-1050774876-1090009769-560395148-1000\...\Run: [Driver Support] - C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [4746584 2014-03-13] (PC Drivers Headquarters)
HKU\S-1-5-21-1050774876-1090009769-560395148-1000\...\Run: [LVMaintenance] - C:\Users\rac\AppData\Roaming\LVMaintenance\LVMaintenance.exe [76560 2014-02-14] ()
HKU\S-1-5-21-1050774876-1090009769-560395148-1000\...\MountPoints2: {e826105d-6709-11e1-a4c0-c80aa90a1268} - G:\Autorun.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355040 2014-03-03] (Conduit)
AppInit_DLLs:  C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2681648 2014-03-14] ()
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050912 2014-03-03] (Conduit)
AppInit_DLLs-x32:  c:\progra~2\optimi~1\optpro~1.dll => C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [2961368 2014-03-14] ()

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=http://127.0.0.1:9880
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3324769&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP7E3EBCD3-0BC7-419E-B33B-E2B56441AECD&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0JrupRRw_L0an8WWOhxj4TPSZWOrcj6yjQYHweVT8dHwpu4njqsd9CETQlFPDvRiFAiej8qufuDID148LSrtFZyhhoDvcg4RWJFXMEd6Sh0hOYIgPtu01s95Qa3HYB7A,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0JrupRRw_L0an8WWOhxj4TPSZWOrcj6yjQYHweVT8dHwpu4njqsd9CETQlFPDvRiFAiej8qufuDID148LSrtFZyhhoDvcg4RWJFXMEd6Sh0hOYIgPtu01s95Qa3HYB7A,,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=cmi_14_11_ff&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0AzytD0AtCtByCzzyDzz0B0DtN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyEtCyCyDyCzzyBtG0FtBzytBtG0EtByDzytGtAtA0FyCtGyEzzyE0DtDyDtC0CyC0AtBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0E0Fzy0D0D0EyEtGyCzz0D0DtGzyyEyBzytGtA0D0FzytGtC0DtBtAtD0FtB0A0EyD0Azy2Q&cr=435117385&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=cmi_14_11_ff&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0AzytD0AtCtByCzzyDzz0B0DtN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyEtCyCyDyCzzyBtG0FtBzytBtG0EtByDzytGtAtA0FyCtGyEzzyE0DtDyDtC0CyC0AtBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0E0Fzy0D0D0EyEtGyCzz0D0DtGzyyEyBzytGtA0D0FzytGtC0DtBtAtD0FtB0A0EyD0Azy2Q&cr=435117385&ir=
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=404&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=404&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {CB17CBB5-1E01-4645-BA4A-F52B45955619} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0JrupRRw_L0an8WWOhxj4TPSZWOrcj6yjQYHweVT8dHwpu4njqsd9CETQlFPDvRiFAiej8qufuDID148LSrtFZyhhoDvcg4RWJFXMEd6Sh0hOYIgPtu01s95Qa3HYB6w,,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0JrupRRw_L0an8WWOhxj4TPSZWOrcj6yjQYHweVT8dHwpu4njqsd9CETQlFPDvRiFAiej8qufuDID148LSrtFZyhhoDvcg4RWJFXMEd6Sh0hOYIgPtu01s95Qa3HYB6w,,&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3324769&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP7E3EBCD3-0BC7-419E-B33B-E2B56441AECD&q={searchTerms}&SSPV=
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3324769&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP7E3EBCD3-0BC7-419E-B33B-E2B56441AECD&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0JrupRRw_L0an8WWOhxj4TPSZWOrcj6yjQYHweVT8dHwpu4njqsd9CETQlFPDvRiFAiej8qufuDID148LSrtFZyhhoDvcg4RWJFXMEd6Sh0hOYIgPtu01s95Qa3HYB7A,,&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3324769&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP7E3EBCD3-0BC7-419E-B33B-E2B56441AECD&q={searchTerms}&SSPV=
BHO: media enhance - {11111111-1111-1111-1111-110411411150} - C:\Program Files (x86)\media enhance\media enhance-bho64.dll (freeven)
BHO: Quiknowledge - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: ConvertFilesforFree - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll (Convert Files for Free)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: media enhance - {11111111-1111-1111-1111-110411411150} - C:\Program Files (x86)\media enhance\media enhance-bho.dll (freeven)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Quiknowledge - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files (x86)\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: ConvertFilesforFree - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll (Convert Files for Free)
BHO-x32: SaveSense - {71e129ff-6c2a-4984-818c-7e2c998b8d99} - C:\Users\rac\AppData\Local\SaveSense\SaveSenseIE.dll (SaveSense)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: No Name - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -  No File
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: IEExtension.Extension - {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - !{8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
Toolbar: HKLM - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - !{8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
Toolbar: HKLM-x32 - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  No File
DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=3 - C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense)
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=9 - C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense)
FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: Quiknowledge - C:\Program Files (x86)\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com [2014-03-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-02-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-02-18]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-10-31]
FF HKLM-x32\...\Firefox\Extensions: [webbooster@iminent.com] - C:\Program Files (x86)\Iminent\webbooster@iminent.com
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-15]
FF HKLM-x32\...\Firefox\Extensions: [quiknowledge@quiknowledge.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com
FF Extension: Quiknowledge - C:\Program Files (x86)\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com [2014-03-14]
FF HKLM-x32\...\Firefox\Extensions: [extension@Convert_Files_for_Free.com] - C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com
FF Extension: ConvertFilesforFree - C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com [2014-03-14]
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF Extension: Wajam - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013-12-19]
FF HKCU\...\Firefox\Extensions: [{04b6d429-1271-4278-9b7e-7de402ce8a7a}] - C:\Program Files (x86)\Video-Saver-soft\157.xpi
FF Extension: Video-Saver - C:\Program Files (x86)\Video-Saver-soft\157.xpi [2014-03-14]

Chrome:
=======
CHR HomePage:
CHR Extension: (Social Privacy) - C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn [2013-11-11]
CHR Extension: (media enhance) - C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo [2014-03-14]
CHR Extension: (Scorpion Saver) - C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [igdhbblpcellaljokkpfhcjlagemhgjl] - C:\Program Files (x86)\Iminent\Iminent.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\rac\AppData\Local\Wajam\Chrome\wajam.crx [2014-03-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 70e6ca8c; C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [186496 2014-03-14] ()
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-02-18] (Just Develop It)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2454816 2014-03-03] (Conduit)
R2 ConvertFilesforFreeUpdt; C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe [252928 2014-01-28] ()
R2 NewPlayerUpdaterService; C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe [11776 2014-03-10] ()
U2 PirritDesktop; C:\Users\rac\AppData\Local\PirritSuggestor\PirritService.exe [52568 2014-02-20] ()
S2 PirritUpdater; C:\Program Files (x86)\Pirrit\AutoUpdater.exe [59904 2014-02-20] ()
R2 qksvc; C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe [273000 2014-02-05] (Quiknowledge)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
S2 savesenselive; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-03-14] (SaveSense)
S3 savesenselivem; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-03-14] (SaveSense)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
R2 video-saver; C:\Program Files (x86)\Video-Saver-soft\video-saver157.exe [195072 2014-03-14] ()
R2 WajamUpdaterV3; C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe [114176 2013-10-25] (Wajam)
R2 WinRST; C:\Program Files (x86)\WinRST\WinRST.exe [59904 2014-02-26] ()

==================== Drivers (Whitelisted) ====================

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29696 2011-06-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2011-06-03] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [90624 2011-06-03] (LG Electronics Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 qknfd; C:\Windows\System32\drivers\qknfd.sys [58256 2014-02-05] (Quiknowledge)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-17 00:23 - 2014-03-17 00:30 - 00025845 _____ () C:\Users\rac\Desktop\FRST.txt
2014-03-17 00:20 - 2014-03-17 00:23 - 00000000 ____D () C:\FRST
2014-03-17 00:18 - 2014-03-17 00:19 - 02157056 _____ (Farbar) C:\Users\rac\Desktop\FRST64.exe
2014-03-16 23:14 - 2014-03-16 23:14 - 00003238 _____ () C:\Windows\System32\Tasks\{B2BC67B3-1024-4EBE-BA60-1EB1983D2979}
2014-03-16 15:40 - 2014-03-16 15:40 - 00000000 ____D () C:\Users\rac\AppData\Roaming\LVMaintenance
2014-03-16 15:37 - 2014-03-16 23:44 - 00000334 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-03-16 15:37 - 2014-03-16 15:37 - 00003350 _____ () C:\Windows\System32\Tasks\AmiUpdXp
2014-03-16 15:37 - 2014-03-16 15:37 - 00001493 _____ () C:\Windows\IE11_main.log
2014-03-16 15:37 - 2014-03-16 15:37 - 00000000 ____D () C:\Users\rac\AppData\Local\5656
2014-03-16 15:36 - 2014-03-16 15:36 - 00000000 ____D () C:\Users\rac\AppData\Local\Hyper Browser
2014-03-16 15:35 - 2014-03-16 15:35 - 00000000 ____D () C:\Users\rac\AppData\Roaming\VOPackage
2014-03-16 15:35 - 2014-03-16 15:35 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-03-16 15:34 - 2014-03-16 15:35 - 00000000 ____D () C:\Users\rac\AppData\Local\SearchProtect
2014-03-16 15:34 - 2014-03-16 15:35 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-16 03:52 - 2014-03-16 03:52 - 00000000 ___RD () C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-16 00:15 - 2014-03-16 00:15 - 00000000 ____D () C:\Users\rac\AppData\Local\Tuguu_SL
2014-03-16 00:11 - 2014-03-16 00:11 - 00004186 _____ () C:\Windows\System32\Tasks\PCSB_rac_PCSpeedBoost_RS_WeeklyTask
2014-03-16 00:11 - 2014-03-16 00:11 - 00004018 _____ () C:\Windows\System32\Tasks\PCSB_rac_PCSpeedBoost_RS_DailyTask
2014-03-16 00:11 - 2014-03-16 00:11 - 00003764 _____ () C:\Windows\System32\Tasks\PCSB_rac_PCSpeedBoost_LG_DailyTask
2014-03-16 00:11 - 2014-03-16 00:11 - 00003628 _____ () C:\Windows\System32\Tasks\PCSB_rac_PCSpeedBoost_LogonTask
2014-03-16 00:10 - 2014-03-16 00:10 - 00001978 _____ () C:\Users\Public\Desktop\PC SpeedBoost.lnk
2014-03-16 00:10 - 2014-03-16 00:10 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-03-16 00:10 - 2014-03-16 00:10 - 00000000 ____D () C:\Program Files (x86)\PC SpeedBoost
2014-03-16 00:06 - 2014-03-16 00:06 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Optimizer Elite Max
2014-03-16 00:04 - 2014-03-16 00:04 - 00000000 ____D () C:\Users\rac\AppData\Local\newplayer
2014-03-16 00:03 - 2014-03-16 00:03 - 00001073 _____ () C:\Users\Public\Desktop\NewPlayer.lnk
2014-03-16 00:02 - 2014-03-16 02:11 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Activeris
2014-03-16 00:01 - 2014-03-16 00:32 - 00000296 _____ () C:\Windows\Tasks\PCHelpers_period.job
2014-03-16 00:01 - 2014-03-16 00:28 - 00000296 _____ () C:\Windows\Tasks\PCHelpers1st.job
2014-03-16 00:01 - 2014-03-16 00:06 - 00002868 _____ () C:\Windows\System32\Tasks\PCHelpers_period
2014-03-16 00:01 - 2014-03-16 00:03 - 00000000 ____D () C:\Program Files (x86)\NewPlayer
2014-03-16 00:01 - 2014-03-16 00:01 - 00002678 _____ () C:\Windows\System32\Tasks\PCHelpers1st
2014-03-16 00:01 - 2014-03-16 00:01 - 00001099 _____ () C:\Users\Public\Desktop\Optimizer Elite Max.lnk
2014-03-16 00:01 - 2014-03-16 00:01 - 00000000 ____D () C:\Program Files (x86)\Optimizer Elite Max
2014-03-15 23:55 - 2014-03-15 23:55 - 00000000 ____D () C:\Users\rac\Downloads\Driver Support
2014-03-15 23:54 - 2014-03-15 23:55 - 00000000 ____D () C:\ProgramData\UAB
2014-03-15 23:54 - 2014-03-15 23:54 - 00003774 _____ () C:\Windows\System32\Tasks\Driver Support-RTMScan
2014-03-15 23:54 - 2014-03-15 23:54 - 00003768 _____ () C:\Windows\System32\Tasks\Driver Support-RTMUpdater
2014-03-15 23:54 - 2014-03-15 23:54 - 00003758 _____ () C:\Windows\System32\Tasks\Driver Support-RTMRules
2014-03-15 23:54 - 2014-03-15 23:54 - 00003458 _____ () C:\Windows\System32\Tasks\Driver Support-RTMScanRunOnce
2014-03-15 23:54 - 2014-03-15 23:54 - 00000000 ____D () C:\Users\rac\AppData\Local\PC_Drivers_Headquarters
2014-03-15 23:54 - 2014-03-15 23:54 - 00000000 ____D () C:\ProgramData\Driver Support
2014-03-15 23:53 - 2014-03-15 23:53 - 00002261 _____ () C:\Users\Public\Desktop\Driver Support.lnk
2014-03-15 23:53 - 2014-03-15 23:53 - 00000000 ____D () C:\Program Files (x86)\Driver Support
2014-03-15 05:07 - 2014-03-16 15:24 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-03-15 05:05 - 2014-03-15 05:05 - 00001043 _____ () C:\Users\rac\Desktop\Continue VuuPC Installation.lnk
2014-03-14 15:38 - 2014-03-14 16:03 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Pirrit
2014-03-14 15:38 - 2014-03-14 15:38 - 00000000 ____D () C:\Users\rac\AppData\Local\WinRST
2014-03-14 15:38 - 2014-03-14 15:38 - 00000000 ____D () C:\Users\rac\AppData\Local\PirritSuggestor
2014-03-14 15:38 - 2014-03-14 15:38 - 00000000 ____D () C:\Program Files (x86)\WinRST
2014-03-14 15:38 - 2014-03-14 15:38 - 00000000 ____D () C:\Program Files (x86)\Pirrit
2014-03-14 15:37 - 2014-03-14 15:37 - 00000000 ____D () C:\Users\rac\AppData\Roaming\ContentExplorer
2014-03-14 15:36 - 2014-03-17 00:41 - 00000926 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
2014-03-14 15:36 - 2014-03-16 15:41 - 00000922 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
2014-03-14 15:36 - 2014-03-16 03:36 - 00000284 _____ () C:\Windows\Tasks\SaveSense.job
2014-03-14 15:36 - 2014-03-16 00:36 - 00003216 _____ () C:\Windows\System32\Tasks\SaveSense
2014-03-14 15:36 - 2014-03-14 15:36 - 00003922 _____ () C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA
2014-03-14 15:36 - 2014-03-14 15:36 - 00003670 _____ () C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore
2014-03-14 15:36 - 2014-03-14 15:36 - 00000000 ____D () C:\Users\rac\AppData\Roaming\SaveSense
2014-03-14 15:36 - 2014-03-14 15:36 - 00000000 ____D () C:\Users\rac\AppData\Local\SaveSenseLive
2014-03-14 15:36 - 2014-03-14 15:36 - 00000000 ____D () C:\Users\rac\AppData\Local\SaveSense
2014-03-14 15:36 - 2014-03-14 15:36 - 00000000 ____D () C:\ProgramData\SaveSenseLive
2014-03-14 15:36 - 2014-03-14 15:36 - 00000000 ____D () C:\Program Files (x86)\SaveSenseLive
2014-03-14 15:19 - 2014-03-17 00:19 - 00000278 _____ () C:\Windows\Tasks\FF Watcher {A607C5A1-0C6E-42E0-89AB-3735F99C8659}.job
2014-03-14 15:19 - 2014-03-17 00:19 - 00000000 ____D () C:\Program Files (x86)\SmartMediaConverter
2014-03-14 15:19 - 2014-03-14 15:19 - 00003246 _____ () C:\Windows\System32\Tasks\FF Watcher {A607C5A1-0C6E-42E0-89AB-3735F99C8659}
2014-03-14 15:19 - 2014-03-14 15:19 - 00001109 _____ () C:\Users\Public\Desktop\Smart Media Converter.lnk
2014-03-14 15:19 - 2014-03-14 15:19 - 00000000 ____D () C:\Users\rac\AppData\Roaming\SmartMediaConverter
2014-03-14 15:18 - 2014-03-16 23:23 - 00000000 _____ () C:\END
2014-03-14 15:18 - 2014-03-14 15:18 - 00000000 ____D () C:\Program Files (x86)\File Type Helper
2014-03-14 15:18 - 2014-03-14 15:18 - 00000000 ____D () C:\Program Files (x86)\Convert Files for Free
2014-03-14 14:57 - 2014-03-16 00:36 - 00000101 _____ () C:\Users\rac\AppData\Roaming\WB.CFG
2014-03-14 14:57 - 2014-03-15 05:00 - 00000448 ____H () C:\Windows\Tasks\Norton Security Scan for rac.job
2014-03-14 14:57 - 2014-03-14 14:57 - 00003598 _____ () C:\Windows\System32\Tasks\Norton Security Scan for rac
2014-03-14 14:57 - 2014-03-14 14:57 - 00000000 ____D () C:\Users\rac\AppData\Local\IsolatedStorage
2014-03-14 14:57 - 2014-03-14 14:57 - 00000000 ____D () C:\ProgramData\Symantec
2014-03-14 14:56 - 2014-03-16 15:23 - 00000396 _____ () C:\Windows\Tasks\Video-Saver Update.job
2014-03-14 14:56 - 2014-03-16 15:20 - 00000398 _____ () C:\Windows\Tasks\Video-Saver_wd.job
2014-03-14 14:56 - 2014-03-14 14:56 - 00003040 _____ () C:\Windows\System32\Tasks\Video-Saver Update
2014-03-14 14:56 - 2014-03-14 14:56 - 00002982 _____ () C:\Windows\System32\Tasks\Video-Saver_wd
2014-03-14 14:56 - 2014-03-14 14:56 - 00001413 _____ () C:\Users\Public\Desktop\Norton Security Scan.LNK
2014-03-14 14:56 - 2014-03-14 14:56 - 00000000 ____D () C:\Windows\system32\Drivers\NSSx64
2014-03-14 14:56 - 2014-03-14 14:56 - 00000000 ____D () C:\Program Files\Quiknowledge
2014-03-14 14:56 - 2014-03-14 14:56 - 00000000 ____D () C:\Program Files (x86)\Video-Saver-soft
2014-03-14 14:56 - 2014-03-14 14:56 - 00000000 ____D () C:\Program Files (x86)\Quiknowledge
2014-03-14 14:56 - 2014-03-14 14:56 - 00000000 ____D () C:\Program Files (x86)\Norton Security Scan
2014-03-14 14:55 - 2014-03-13 16:24 - 00954784 _____ (AnyProtect.com) C:\Users\rac\AppData\Local\AnyProtectScannerSetup.exe
2014-03-14 14:47 - 2014-03-14 14:47 - 00001929 _____ () C:\Users\rac\Desktop\Sync Folder.lnk
2014-03-14 14:46 - 2014-03-16 20:46 - 00001584 _____ () C:\Windows\Tasks\media enhance-updater.job
2014-03-14 14:46 - 2014-03-14 14:46 - 00004614 _____ () C:\Windows\System32\Tasks\media enhance-updater
2014-03-14 14:46 - 2014-03-14 14:46 - 00004468 _____ () C:\Windows\System32\Tasks\media enhance-enabler
2014-03-14 14:45 - 2014-03-16 20:46 - 00001438 _____ () C:\Windows\Tasks\media enhance-enabler.job
2014-03-14 14:45 - 2014-03-16 20:45 - 00001538 _____ () C:\Windows\Tasks\media enhance-codedownloader.job
2014-03-14 14:45 - 2014-03-14 14:48 - 00000161 _____ () C:\Users\rac\AppData\Roaming\aps.uninstall.scan.results
2014-03-14 14:45 - 2014-03-14 14:45 - 00004568 _____ () C:\Windows\System32\Tasks\media enhance-codedownloader
2014-03-14 14:44 - 2014-03-16 20:44 - 00002366 _____ () C:\Windows\Tasks\media enhance-firefoxinstaller.job
2014-03-14 14:44 - 2014-03-14 14:44 - 00954784 _____ (AnyProtect.com) C:\Users\rac\AppData\Local\nsfD702.tmp
2014-03-14 14:43 - 2014-03-16 20:44 - 00003096 _____ () C:\Windows\Tasks\media enhance-chromeinstaller.job
2014-03-14 14:43 - 2014-03-14 14:46 - 00000000 ____D () C:\Program Files (x86)\media enhance
2014-03-14 14:43 - 2014-03-14 14:43 - 00001047 _____ () C:\Users\rac\Desktop\MyPC Backup.lnk
2014-03-14 14:41 - 2014-03-16 21:31 - 00000000 ____D () C:\Users\rac\AppData\Local\fst_us_11
2014-03-14 14:41 - 2014-03-14 14:41 - 00001022 _____ () C:\Users\rac\Desktop\Optimizer Pro.lnk
2014-03-14 14:41 - 2014-03-14 14:41 - 00000000 ____D () C:\Users\rac\AppData\Local\Wajam
2014-03-14 14:41 - 2014-03-14 14:41 - 00000000 ____D () C:\Program Files (x86)\fst_us_11
2014-03-14 14:40 - 2014-03-14 14:43 - 00000000 ____D () C:\Program Files (x86)\Wajam
2014-03-06 22:53 - 2014-03-16 06:43 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-06 22:53 - 2014-03-06 22:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 22:53 - 2014-03-06 22:53 - 00000000 ____D () C:\Users\rac\AppData\Local\Skype
2014-03-04 23:26 - 2014-03-04 23:26 - 00000000 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-04 23:24 - 2014-03-04 23:24 - 00001136 _____ () C:\Users\Public\Desktop\HiDef Media Player.lnk
2014-03-04 23:23 - 2014-03-04 23:23 - 00000000 ____D () C:\Program Files (x86)\HiDefMedia
2014-02-18 23:53 - 2014-03-15 17:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-03-17 00:41 - 2014-03-14 15:36 - 00000926 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
2014-03-17 00:30 - 2014-03-17 00:23 - 00025845 _____ () C:\Users\rac\Desktop\FRST.txt
2014-03-17 00:23 - 2014-03-17 00:20 - 00000000 ____D () C:\FRST
2014-03-17 00:22 - 2012-04-28 06:04 - 00000000 ____D () C:\Users\rac\AppData\Roaming\mIRC
2014-03-17 00:20 - 2012-04-30 13:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-17 00:19 - 2014-03-17 00:18 - 02157056 _____ (Farbar) C:\Users\rac\Desktop\FRST64.exe
2014-03-17 00:19 - 2014-03-14 15:19 - 00000278 _____ () C:\Windows\Tasks\FF Watcher {A607C5A1-0C6E-42E0-89AB-3735F99C8659}.job
2014-03-17 00:19 - 2014-03-14 15:19 - 00000000 ____D () C:\Program Files (x86)\SmartMediaConverter
2014-03-16 23:56 - 2012-05-11 04:05 - 00000000 ____D () C:\Users\rac\AppData\Local\CrashDumps
2014-03-16 23:49 - 2009-07-14 00:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-16 23:49 - 2009-07-14 00:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-16 23:44 - 2014-03-16 15:37 - 00000334 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-03-16 23:44 - 2010-05-25 18:54 - 01137164 _____ () C:\Windows\WindowsUpdate.log
2014-03-16 23:39 - 2012-06-03 03:08 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Skype
2014-03-16 23:23 - 2014-03-14 15:18 - 00000000 _____ () C:\END
2014-03-16 23:14 - 2014-03-16 23:14 - 00003238 _____ () C:\Windows\System32\Tasks\{B2BC67B3-1024-4EBE-BA60-1EB1983D2979}
2014-03-16 21:47 - 2012-03-05 00:57 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{446804D8-324D-4E2F-823D-D8FDE34A93D6}
2014-03-16 21:31 - 2014-03-14 14:41 - 00000000 ____D () C:\Users\rac\AppData\Local\fst_us_11
2014-03-16 20:46 - 2014-03-14 14:46 - 00001584 _____ () C:\Windows\Tasks\media enhance-updater.job
2014-03-16 20:46 - 2014-03-14 14:45 - 00001438 _____ () C:\Windows\Tasks\media enhance-enabler.job
2014-03-16 20:45 - 2014-03-14 14:45 - 00001538 _____ () C:\Windows\Tasks\media enhance-codedownloader.job
2014-03-16 20:44 - 2014-03-14 14:44 - 00002366 _____ () C:\Windows\Tasks\media enhance-firefoxinstaller.job
2014-03-16 20:44 - 2014-03-14 14:43 - 00003096 _____ () C:\Windows\Tasks\media enhance-chromeinstaller.job
2014-03-16 15:41 - 2014-03-14 15:36 - 00000922 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
2014-03-16 15:40 - 2014-03-16 15:40 - 00000000 ____D () C:\Users\rac\AppData\Roaming\LVMaintenance
2014-03-16 15:37 - 2014-03-16 15:37 - 00003350 _____ () C:\Windows\System32\Tasks\AmiUpdXp
2014-03-16 15:37 - 2014-03-16 15:37 - 00001493 _____ () C:\Windows\IE11_main.log
2014-03-16 15:37 - 2014-03-16 15:37 - 00000000 ____D () C:\Users\rac\AppData\Local\5656
2014-03-16 15:36 - 2014-03-16 15:36 - 00000000 ____D () C:\Users\rac\AppData\Local\Hyper Browser
2014-03-16 15:35 - 2014-03-16 15:35 - 00000000 ____D () C:\Users\rac\AppData\Roaming\VOPackage
2014-03-16 15:35 - 2014-03-16 15:35 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-03-16 15:35 - 2014-03-16 15:34 - 00000000 ____D () C:\Users\rac\AppData\Local\SearchProtect
2014-03-16 15:35 - 2014-03-16 15:34 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-16 15:28 - 2012-05-06 22:39 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-16 15:24 - 2014-03-15 05:07 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-03-16 15:23 - 2014-03-14 14:56 - 00000396 _____ () C:\Windows\Tasks\Video-Saver Update.job
2014-03-16 15:20 - 2014-03-14 14:56 - 00000398 _____ () C:\Windows\Tasks\Video-Saver_wd.job
2014-03-16 15:20 - 2013-11-21 20:46 - 00000000 ____D () C:\Program Files (x86)\Swift Browse
2014-03-16 15:20 - 2012-04-28 05:54 - 00000398 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2014-03-16 15:20 - 2012-04-28 05:53 - 00000444 _____ () C:\Windows\Tasks\RPCReminder.job
2014-03-16 15:20 - 2012-04-28 05:53 - 00000410 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2014-03-16 15:20 - 2012-04-28 05:52 - 00000458 _____ () C:\Windows\Tasks\RegPowerClean.job
2014-03-16 15:20 - 2010-05-25 18:56 - 00245030 _____ () C:\Windows\PFRO.log
2014-03-16 15:20 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-16 15:20 - 2009-07-14 00:51 - 00066838 _____ () C:\Windows\setupact.log
2014-03-16 06:43 - 2014-03-06 22:53 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-16 06:43 - 2012-06-03 03:07 - 00000000 ____D () C:\ProgramData\Skype
2014-03-16 05:42 - 2012-08-15 01:22 - 00000000 ____D () C:\Users\rac\AppData\Local\Windows Live
2014-03-16 05:39 - 2012-10-29 21:31 - 00000000 ____D () C:\Users\rac\AppData\Local\Windows Live Writer
2014-03-16 04:18 - 2009-10-31 04:19 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-16 03:52 - 2014-03-16 03:52 - 00000000 ___RD () C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-16 03:36 - 2014-03-14 15:36 - 00000284 _____ () C:\Windows\Tasks\SaveSense.job
2014-03-16 02:43 - 2012-05-08 18:57 - 00000434 _____ () C:\Windows\Tasks\PC Optimizer Pro Updates.job
2014-03-16 02:11 - 2014-03-16 00:02 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Activeris
2014-03-16 02:10 - 2009-10-31 05:49 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-03-16 00:36 - 2014-03-14 15:36 - 00003216 _____ () C:\Windows\System32\Tasks\SaveSense
2014-03-16 00:36 - 2014-03-14 14:57 - 00000101 _____ () C:\Users\rac\AppData\Roaming\WB.CFG
2014-03-16 00:32 - 2014-03-16 00:01 - 00000296 _____ () C:\Windows\Tasks\PCHelpers_period.job
2014-03-16 00:28 - 2014-03-16 00:01 - 00000296 _____ () C:\Windows\Tasks\PCHelpers1st.job
2014-03-16 00:15 - 2014-03-16 00:15 - 00000000 ____D () C:\Users\rac\AppData\Local\Tuguu_SL
2014-03-16 00:11 - 2014-03-16 00:11 - 00004186 _____ () C:\Windows\System32\Tasks\PCSB_rac_PCSpeedBoost_RS_WeeklyTask
2014-03-16 00:11 - 2014-03-16 00:11 - 00004018 _____ () C:\Windows\System32\Tasks\PCSB_rac_PCSpeedBoost_RS_DailyTask
2014-03-16 00:11 - 2014-03-16 00:11 - 00003764 _____ () C:\Windows\System32\Tasks\PCSB_rac_PCSpeedBoost_LG_DailyTask
2014-03-16 00:11 - 2014-03-16 00:11 - 00003628 _____ () C:\Windows\System32\Tasks\PCSB_rac_PCSpeedBoost_LogonTask
2014-03-16 00:10 - 2014-03-16 00:10 - 00001978 _____ () C:\Users\Public\Desktop\PC SpeedBoost.lnk
2014-03-16 00:10 - 2014-03-16 00:10 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-03-16 00:10 - 2014-03-16 00:10 - 00000000 ____D () C:\Program Files (x86)\PC SpeedBoost
2014-03-16 00:06 - 2014-03-16 00:06 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Optimizer Elite Max
2014-03-16 00:06 - 2014-03-16 00:01 - 00002868 _____ () C:\Windows\System32\Tasks\PCHelpers_period
2014-03-16 00:04 - 2014-03-16 00:04 - 00000000 ____D () C:\Users\rac\AppData\Local\newplayer
2014-03-16 00:03 - 2014-03-16 00:03 - 00001073 _____ () C:\Users\Public\Desktop\NewPlayer.lnk
2014-03-16 00:03 - 2014-03-16 00:01 - 00000000 ____D () C:\Program Files (x86)\NewPlayer
2014-03-16 00:01 - 2014-03-16 00:01 - 00002678 _____ () C:\Windows\System32\Tasks\PCHelpers1st
2014-03-16 00:01 - 2014-03-16 00:01 - 00001099 _____ () C:\Users\Public\Desktop\Optimizer Elite Max.lnk
2014-03-16 00:01 - 2014-03-16 00:01 - 00000000 ____D () C:\Program Files (x86)\Optimizer Elite Max
2014-03-15 23:55 - 2014-03-15 23:55 - 00000000 ____D () C:\Users\rac\Downloads\Driver Support
2014-03-15 23:55 - 2014-03-15 23:54 - 00000000 ____D () C:\ProgramData\UAB
2014-03-15 23:54 - 2014-03-15 23:54 - 00003774 _____ () C:\Windows\System32\Tasks\Driver Support-RTMScan
2014-03-15 23:54 - 2014-03-15 23:54 - 00003768 _____ () C:\Windows\System32\Tasks\Driver Support-RTMUpdater
2014-03-15 23:54 - 2014-03-15 23:54 - 00003758 _____ () C:\Windows\System32\Tasks\Driver Support-RTMRules
2014-03-15 23:54 - 2014-03-15 23:54 - 00003458 _____ () C:\Windows\System32\Tasks\Driver Support-RTMScanRunOnce
2014-03-15 23:54 - 2014-03-15 23:54 - 00000000 ____D () C:\Users\rac\AppData\Local\PC_Drivers_Headquarters
2014-03-15 23:54 - 2014-03-15 23:54 - 00000000 ____D () C:\ProgramData\Driver Support
2014-03-15 23:53 - 2014-03-15 23:53 - 00002261 _____ () C:\Users\Public\Desktop\Driver Support.lnk
2014-03-15 23:53 - 2014-03-15 23:53 - 00000000 ____D () C:\Program Files (x86)\Driver Support
2014-03-15 23:38 - 2012-02-06 15:11 - 00094120 _____ () C:\Users\rac\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-15 23:38 - 2009-07-14 00:45 - 00389424 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-15 17:49 - 2012-04-28 05:42 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-03-15 17:49 - 2012-04-28 05:42 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-03-15 17:47 - 2012-04-28 05:42 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Yahoo!
2014-03-15 17:24 - 2014-02-18 23:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-15 17:24 - 2012-04-28 05:42 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Mozilla
2014-03-15 17:15 - 2009-10-31 06:10 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-03-15 17:14 - 2012-03-15 19:56 - 00000000 ____D () C:\Users\rac\AppData\Local\Facebook
2014-03-15 05:05 - 2014-03-15 05:05 - 00001043 _____ () C:\Users\rac\Desktop\Continue VuuPC Installation.lnk
2014-03-15 05:00 - 2014-03-14 14:57 - 00000448 ____H () C:\Windows\Tasks\Norton Security Scan for rac.job
2014-03-15 04:59 - 2012-05-06 23:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 04:59 - 2012-05-06 23:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 16:03 - 2014-03-14 15:38 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Pirrit
2014-03-14 15:38 - 2014-03-14 15:38 - 00000000 ____D () C:\Users\rac\AppData\Local\WinRST
2014-03-14 15:38 - 2014-03-14 15:38 - 00000000 ____D () C:\Users\rac\AppData\Local\PirritSuggestor
2014-03-14 15:38 - 2014-03-14 15:38 - 00000000 ____D () C:\Program Files (x86)\WinRST
2014-03-14 15:38 - 2014-03-14 15:38 - 00000000 ____D () C:\Program Files (x86)\Pirrit
2014-03-14 15:37 - 2014-03-14 15:37 - 00000000 ____D () C:\Users\rac\AppData\Roaming\ContentExplorer
2014-03-14 15:36 - 2014-03-14 15:36 - 00003922 _____ () C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA
2014-03-14 15:36 - 2014-03-14 15:36 - 00003670 _____ () C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore
2014-03-14 15:36 - 2014-03-14 15:36 - 00000000 ____D () C:\Users\rac\AppData\Roaming\SaveSense
2014-03-14 15:36 - 2014-03-14 15:36 - 00000000 ____D () C:\Users\rac\AppData\Local\SaveSenseLive
2014-03-14 15:36 - 2014-03-14 15:36 - 00000000 ____D () C:\Users\rac\AppData\Local\SaveSense
2014-03-14 15:36 - 2014-03-14 15:36 - 00000000 ____D () C:\ProgramData\SaveSenseLive
2014-03-14 15:36 - 2014-03-14 15:36 - 00000000 ____D () C:\Program Files (x86)\SaveSenseLive
2014-03-14 15:19 - 2014-03-14 15:19 - 00003246 _____ () C:\Windows\System32\Tasks\FF Watcher {A607C5A1-0C6E-42E0-89AB-3735F99C8659}
2014-03-14 15:19 - 2014-03-14 15:19 - 00001109 _____ () C:\Users\Public\Desktop\Smart Media Converter.lnk
2014-03-14 15:19 - 2014-03-14 15:19 - 00000000 ____D () C:\Users\rac\AppData\Roaming\SmartMediaConverter
2014-03-14 15:18 - 2014-03-14 15:18 - 00000000 ____D () C:\Program Files (x86)\File Type Helper
2014-03-14 15:18 - 2014-03-14 15:18 - 00000000 ____D () C:\Program Files (x86)\Convert Files for Free
2014-03-14 15:01 - 2013-11-03 19:01 - 00001350 _____ () C:\Users\rac\Desktop\Clean Registry for Free!.lnk
2014-03-14 15:01 - 2013-10-15 06:45 - 00000272 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-03-14 15:01 - 2013-10-15 06:44 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-03-14 14:57 - 2014-03-14 14:57 - 00003598 _____ () C:\Windows\System32\Tasks\Norton Security Scan for rac
2014-03-14 14:57 - 2014-03-14 14:57 - 00000000 ____D () C:\Users\rac\AppData\Local\IsolatedStorage
2014-03-14 14:57 - 2014-03-14 14:57 - 00000000 ____D () C:\ProgramData\Symantec
2014-03-14 14:56 - 2014-03-14 14:56 - 00003040 _____ () C:\Windows\System32\Tasks\Video-Saver Update
2014-03-14 14:56 - 2014-03-14 14:56 - 00002982 _____ () C:\Windows\System32\Tasks\Video-Saver_wd
2014-03-14 14:56 - 2014-03-14 14:56 - 00001413 _____ () C:\Users\Public\Desktop\Norton Security Scan.LNK
2014-03-14 14:56 - 2014-03-14 14:56 - 00000000 ____D () C:\Windows\system32\Drivers\NSSx64
2014-03-14 14:56 - 2014-03-14 14:56 - 00000000 ____D () C:\Program Files\Quiknowledge
2014-03-14 14:56 - 2014-03-14 14:56 - 00000000 ____D () C:\Program Files (x86)\Video-Saver-soft
2014-03-14 14:56 - 2014-03-14 14:56 - 00000000 ____D () C:\Program Files (x86)\Quiknowledge
2014-03-14 14:56 - 2014-03-14 14:56 - 00000000 ____D () C:\Program Files (x86)\Norton Security Scan
2014-03-14 14:56 - 2010-05-25 19:10 - 00000000 ____D () C:\ProgramData\Norton
2014-03-14 14:48 - 2014-03-14 14:45 - 00000161 _____ () C:\Users\rac\AppData\Roaming\aps.uninstall.scan.results
2014-03-14 14:47 - 2014-03-14 14:47 - 00001929 _____ () C:\Users\rac\Desktop\Sync Folder.lnk
2014-03-14 14:46 - 2014-03-14 14:46 - 00004614 _____ () C:\Windows\System32\Tasks\media enhance-updater
2014-03-14 14:46 - 2014-03-14 14:46 - 00004468 _____ () C:\Windows\System32\Tasks\media enhance-enabler
2014-03-14 14:46 - 2014-03-14 14:43 - 00000000 ____D () C:\Program Files (x86)\media enhance
2014-03-14 14:46 - 2013-10-15 06:51 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-03-14 14:45 - 2014-03-14 14:45 - 00004568 _____ () C:\Windows\System32\Tasks\media enhance-codedownloader
2014-03-14 14:44 - 2014-03-14 14:44 - 00954784 _____ (AnyProtect.com) C:\Users\rac\AppData\Local\nsfD702.tmp
2014-03-14 14:43 - 2014-03-14 14:43 - 00001047 _____ () C:\Users\rac\Desktop\MyPC Backup.lnk
2014-03-14 14:43 - 2014-03-14 14:40 - 00000000 ____D () C:\Program Files (x86)\Wajam
2014-03-14 14:42 - 2013-11-11 14:17 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-03-14 14:41 - 2014-03-14 14:41 - 00001022 _____ () C:\Users\rac\Desktop\Optimizer Pro.lnk
2014-03-14 14:41 - 2014-03-14 14:41 - 00000000 ____D () C:\Users\rac\AppData\Local\Wajam
2014-03-14 14:41 - 2014-03-14 14:41 - 00000000 ____D () C:\Program Files (x86)\fst_us_11
2014-03-13 16:24 - 2014-03-14 14:55 - 00954784 _____ (AnyProtect.com) C:\Users\rac\AppData\Local\AnyProtectScannerSetup.exe
2014-03-13 13:20 - 2012-04-30 13:25 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-13 13:20 - 2012-04-30 13:25 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-13 13:20 - 2012-03-18 08:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 20:11 - 2009-07-14 01:13 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-07 03:10 - 2012-09-02 00:05 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Winamp
2014-03-06 22:53 - 2014-03-06 22:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 22:53 - 2014-03-06 22:53 - 00000000 ____D () C:\Users\rac\AppData\Local\Skype
2014-03-04 23:26 - 2014-03-04 23:26 - 00000000 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-04 23:26 - 2013-09-20 10:06 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-04 23:24 - 2014-03-04 23:24 - 00001136 _____ () C:\Users\Public\Desktop\HiDef Media Player.lnk
2014-03-04 23:23 - 2014-03-04 23:23 - 00000000 ____D () C:\Program Files (x86)\HiDefMedia
2014-03-04 06:11 - 2012-07-13 17:09 - 00000000 ____D () C:\Windows\SysWOW64\cache
2014-02-24 02:41 - 2009-07-14 01:08 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-19 04:48 - 2013-10-15 06:45 - 00000280 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-02-16 11:16 - 2013-09-08 06:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 11:11 - 2012-05-10 09:15 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.5880.dll

Some content of TEMP:
====================
C:\Users\rac\AppData\Local\Temp\Buzz-it_2090-5300.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-15 18:39

==================== End Of Log ============================



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,351 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:45 AM

Posted 17 March 2014 - 07:44 AM



Hello purrpurrppurr3

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 purrpurrppurr3

purrpurrppurr3
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:st petersburg florida
  • Local time:02:45 AM

Posted 20 March 2014 - 11:31 PM

i am still booting slowly and am now getting a script error every time i try to do something. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows 7 Home Premium x64 Ran by rac on Thu 03/20/2014 at 23:59:01.14 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Failed to stop: [Service] qknfd Successfully stopped: [Service] qksvc Successfully deleted: [Service] qksvc ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\theseaapp Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1050774876-1090009769-560395148-1000\Software\wajam Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\boostsoftware Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\4aSkPlay_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\4aSkPlay_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\paSkPlay_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\paSkPlay_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\4aSkPlay_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\4aSkPlay_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\paSkPlay_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\paSkPlay_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323C6E6D-1621-470F-8A52-4FDEC4E75E40} ~~~ Files Successfully deleted: [File] C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job Successfully deleted: [File] C:\Windows\Tasks\regpowerclean.job Successfully deleted: [File] C:\Windows\Tasks\rpcreminder.job Successfully deleted: [File] "C:\Users\rac\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk" Successfully deleted: [File] "C:\chromehplog.txt" ~~~ Folders Successfully deleted: [Folder] "C:\Users\rac\appdata\locallow\datamngr" Successfully deleted: [Folder] "C:\Program Files (x86)\quiknowledge" Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect" Successfully deleted: [Folder] "C:\Program Files (x86)\social privacy" Successfully deleted: [Folder] "C:\Program Files (x86)\winferno\registrypowercleaner" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 03/21/2014 at 0:15:04.87 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.022 - Report created 20/03/2014 at 23:15:54 # Updated 13/03/2014 by Xplode # Operating System : Windows 7 Home Premium (64 bits) # Username : rac - RAC-PC # Running from : C:\Users\rac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MT2YO6L0\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** Service Deleted : 70e6ca8c Service Deleted : BackupStack Service Deleted : IePluginService [#] Service Deleted : PirritDesktop [#] Service Deleted : PirritUpdater [#] Service Deleted : savesenselive [#] Service Deleted : savesenselivem Service Deleted : WajamUpdaterV3 ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\IePluginService Folder Deleted : C:\ProgramData\Iminent Folder Deleted : C:\ProgramData\PC Optimizer Pro Folder Deleted : C:\ProgramData\SaveSenseLive Folder Deleted : C:\ProgramData\Systweak Folder Deleted : C:\ProgramData\TubeDimmer Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiDefMedia Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2 Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue Folder Deleted : C:\Program Files (x86)\Advanced System Protector Folder Deleted : C:\Program Files (x86)\BrowserSafeguard Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\File Type Assistant Folder Deleted : C:\Program Files (x86)\File Type Helper Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com Folder Deleted : C:\Program Files (x86)\HiDefMedia Folder Deleted : C:\Program Files (x86)\MyPC Backup Folder Deleted : C:\Program Files (x86)\NewPlayer Folder Deleted : C:\Program Files (x86)\Optimizer Pro Folder Deleted : C:\Program Files (x86)\PC Speed Maximizer Folder Deleted : C:\Program Files (x86)\Pirrit Folder Deleted : C:\Program Files (x86)\RegClean Pro Folder Deleted : C:\Program Files (x86)\SaveSenseLive Folder Deleted : C:\Program Files (x86)\SearchProtect Folder Deleted : C:\Program Files (x86)\SupTab Folder Deleted : C:\Program Files (x86)\Swift Browse Folder Deleted : C:\Program Files (x86)\uniblue Folder Deleted : C:\Program Files (x86)\Wajam Folder Deleted : C:\Program Files (x86)\HQTotalS Folder Deleted : C:\Program Files (x86)\media enhance Folder Deleted : C:\Program Files (x86)\fst_us_11 Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin Folder Deleted : C:\Users\rac\AppData\Local\Conduit Folder Deleted : C:\Users\rac\AppData\Local\FileTypeAssistant Folder Deleted : C:\Users\rac\AppData\Local\Ilivid Player Folder Deleted : C:\Users\rac\AppData\Local\NewPlayer Folder Deleted : C:\Users\rac\AppData\Local\PirritSuggestor Folder Deleted : C:\Users\rac\AppData\Local\SaveSense Folder Deleted : C:\Users\rac\AppData\Local\SaveSenseLive Folder Deleted : C:\Users\rac\AppData\Local\SearchProtect Folder Deleted : C:\Users\rac\AppData\Local\visi_coupon Folder Deleted : C:\Users\rac\AppData\Local\Wajam Folder Deleted : C:\Users\rac\AppData\Local\fst_us_11 Folder Deleted : C:\Users\rac\AppData\Local\Temp\AirInstaller Folder Deleted : C:\Users\rac\AppData\LocalLow\Conduit Folder Deleted : C:\Users\rac\AppData\LocalLow\FilmFanatic Folder Deleted : C:\Users\rac\AppData\LocalLow\iac Folder Deleted : C:\Users\rac\AppData\LocalLow\Mysearchdial Folder Deleted : C:\Users\rac\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\rac\AppData\LocalLow\Toolbar4 Folder Deleted : C:\Users\rac\AppData\LocalLow\weDownload Manager Pro Folder Deleted : C:\Users\rac\AppData\Roaming\iWin Folder Deleted : C:\Users\rac\AppData\Roaming\Optimizer Pro Folder Deleted : C:\Users\rac\AppData\Roaming\PC Speed Maximizer Folder Deleted : C:\Users\rac\AppData\Roaming\Pirrit Folder Deleted : C:\Users\rac\AppData\Roaming\SaveSense Folder Deleted : C:\Users\rac\AppData\Roaming\SearchProtect Folder Deleted : C:\Users\rac\AppData\Roaming\SupTab Folder Deleted : C:\Users\rac\AppData\Roaming\Systweak Folder Deleted : C:\Users\rac\AppData\Roaming\uniblue Folder Deleted : C:\Users\rac\AppData\Roaming\VOPackage Folder Deleted : C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup Folder Deleted : C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense Folder Deleted : C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage Folder Deleted : C:\Users\rac\Documents\Optimizer Pro Folder Deleted : C:\Users\rac\Documents\PC Speed Maximizer Folder Deleted : C:\Users\rac\AppData\Roaming\Mozilla\Firefox\Profiles\d34txzym.default\Extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Folder Deleted : C:\Users\rac\AppData\Roaming\Mozilla\Firefox\Profiles\d34txzym.default\Extensions\ScorpionSaver@jetpack Folder Deleted : C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg Folder Deleted : C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm Folder Deleted : C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo File Deleted : C:\Users\rac\AppData\Roaming\Mozilla\Firefox\Profiles\d34txzym.default\Extensions\suggestor@suggestor.pirrit.com.xpi File Deleted : C:\END File Deleted : C:\Users\Public\Desktop\Advanced System Protector.lnk File Deleted : C:\Users\Public\Desktop\NewPlayer.lnk File Deleted : C:\Users\Public\Desktop\RegClean Pro.lnk File Deleted : C:\Users\Public\Desktop\speedupmypc.lnk File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Deleted : C:\Windows\System32\roboot64.exe File Deleted : C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk File Deleted : C:\Users\rac\Desktop\MyPC Backup.lnk File Deleted : C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js File Deleted : C:\Users\rac\AppData\Roaming\Mozilla\Firefox\Profiles\d34txzym.default\searchplugins\Mysearchdial.xml File Deleted : C:\Users\rac\AppData\Roaming\Mozilla\Firefox\Profiles\d34txzym.default\user.js File Deleted : C:\Windows\System32\Tasks\Advanced System Protector File Deleted : C:\Windows\System32\Tasks\Advanced System Protector_startup File Deleted : C:\Windows\Tasks\AmiUpdXp.job File Deleted : C:\Windows\System32\Tasks\AmiUpdXp File Deleted : C:\Windows\System32\Tasks\LaunchApp File Deleted : C:\Windows\Tasks\PC Optimizer Pro Updates.job File Deleted : C:\Windows\System32\Tasks\PC Optimizer Pro Updates File Deleted : C:\Windows\System32\Tasks\RegClean Pro File Deleted : C:\Windows\Tasks\RegClean Pro_DEFAULT.job File Deleted : C:\Windows\System32\Tasks\RegClean Pro_DEFAULT File Deleted : C:\Windows\Tasks\RegClean Pro_UPDATES.job File Deleted : C:\Windows\System32\Tasks\RegClean Pro_UPDATES File Deleted : C:\Windows\Tasks\SaveSense.job File Deleted : C:\Windows\System32\Tasks\SaveSense File Deleted : C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job File Deleted : C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore File Deleted : C:\Windows\Tasks\SpeedUpMyPC Maintenance.job File Deleted : C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance File Deleted : C:\Windows\Tasks\SpeedUpMyPC Startup.job File Deleted : C:\Windows\System32\Tasks\SpeedUpMyPC Startup File Deleted : C:\Windows\Tasks\Video-Saver Update.job File Deleted : C:\Windows\System32\Tasks\Video-Saver Update File Deleted : C:\Windows\Tasks\HQTotalS-chromeinstaller.job File Deleted : C:\Windows\System32\Tasks\HQTotalS-chromeinstaller File Deleted : C:\Windows\Tasks\HQTotalS-codedownloader.job File Deleted : C:\Windows\System32\Tasks\HQTotalS-codedownloader File Deleted : C:\Windows\Tasks\HQTotalS-enabler.job File Deleted : C:\Windows\System32\Tasks\HQTotalS-enabler File Deleted : C:\Windows\Tasks\HQTotalS-firefoxinstaller.job File Deleted : C:\Windows\System32\Tasks\HQTotalS-firefoxinstaller File Deleted : C:\Windows\Tasks\HQTotalS-updater.job File Deleted : C:\Windows\System32\Tasks\HQTotalS-updater File Deleted : C:\Windows\Tasks\media enhance-chromeinstaller.job File Deleted : C:\Windows\System32\Tasks\media enhance-chromeinstaller File Deleted : C:\Windows\Tasks\media enhance-codedownloader.job File Deleted : C:\Windows\System32\Tasks\media enhance-codedownloader File Deleted : C:\Windows\Tasks\media enhance-enabler.job File Deleted : C:\Windows\System32\Tasks\media enhance-enabler File Deleted : C:\Windows\Tasks\media enhance-firefoxinstaller.job File Deleted : C:\Windows\System32\Tasks\media enhance-firefoxinstaller File Deleted : C:\Windows\Tasks\media enhance-updater.job File Deleted : C:\Windows\System32\Tasks\media enhance-updater ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro] Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1 Key Deleted : HKLM\SOFTWARE\Classes\Iminent Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1 Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1 Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1 Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1 Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1 Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1 Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1 Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\PirritSuggestor_InstallMonetizer_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\PirritSuggestor_InstallMonetizer_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Psteeyahhpsdhs_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Psteeyahhpsdhs_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wedownload manager pro-bg_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wedownload manager pro-bg_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\weDownload Manager Pro-codedownloader_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\weDownload Manager Pro-codedownloader_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3 Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9 Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [fst_us_11] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0044150.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0044150.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0044150.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0044150.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3311948 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71E129FF-6C2A-4984-818C-7E2C998B8D99} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411361128} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411411150} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422362228} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412250} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455415550} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416650} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444414450} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544314472} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71E129FF-6C2A-4984-818C-7E2C998B8D99} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411150} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4C2743F0-A2E2-41A0-9E65-798943109F42} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71E129FF-6C2A-4984-818C-7E2C998B8D99} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411361128} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411411150} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511311172} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{71E129FF-6C2A-4984-818C-7E2C998B8D99} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411411150} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511311172} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3b0410f1-831b-4eac-adea-61108e13dacf} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9950ccb-6530-4c80-acd2-79f7d025876b} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70b3bc5b-5f41-4c27-9019-0a83d25ef2c8} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b205035b-75c4-4557-86ac-2f58f2db0e00} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411411150} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412250} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1BE14FE1-3175-4324-A77B-33FE5CB7A6ED} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C990ECA-72D6-4E65-A35B-A08C1DF79E6E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC65300A-DC43-4D86-B153-E59CF6E74216} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455415550} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416650} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411150} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172} Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3b0410f1-831b-4eac-adea-61108e13dacf} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9950ccb-6530-4c80-acd2-79f7d025876b} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70b3bc5b-5f41-4c27-9019-0a83d25ef2c8} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b205035b-75c4-4557-86ac-2f58f2db0e00} Key Deleted : HKCU\Software\Alexa Internet Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\distromatic Key Deleted : HKCU\Software\FreeSoftToday Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\Iminent Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\installedbrowserextensions Key Deleted : HKCU\Software\mysearchdial.com Key Deleted : HKCU\Software\Optimizer Pro Key Deleted : HKCU\Software\pc optimizer pro Key Deleted : HKCU\Software\pc speed maximizer Key Deleted : HKCU\Software\Pirrit Key Deleted : HKCU\Software\SaveSenseLive Key Deleted : HKCU\Software\SmartBar Key Deleted : HKCU\Software\systweak Key Deleted : HKCU\Software\Tutorials Key Deleted : HKCU\Software\TutoTag Key Deleted : HKCU\Software\Wajam Key Deleted : HKCU\Software\WEDLMNGR Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\HQTotalS Key Deleted : HKCU\Software\AppDataLow\Software\media enhance Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DealPlyLive Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\Software\installedbrowserextensions Key Deleted : HKLM\Software\mysearchdial Key Deleted : HKLM\Software\Pirrit Key Deleted : HKLM\Software\SaveSenseLive Key Deleted : HKLM\Software\SearchProtect Key Deleted : HKLM\Software\supTab Key Deleted : HKLM\Software\systweak Key Deleted : HKLM\Software\Tutorials Key Deleted : HKLM\Software\Uniblue Key Deleted : HKLM\Software\Wajam Key Deleted : HKLM\Software\Wpm Key Deleted : HKLM\Software\HQTotalS Key Deleted : HKLM\Software\media enhance Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HQTotalS Key Deleted : [x64] HKLM\SOFTWARE\DataMngr Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions Key Deleted : [x64] HKLM\SOFTWARE\pc optimizer pro Key Deleted : [x64] HKLM\SOFTWARE\Pirrit Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16476 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] -\\ Mozilla Firefox v [ File : C:\Users\rac\AppData\Roaming\Mozilla\Firefox\Profiles\d34txzym.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [53871 octets] - [20/03/2014 23:14:04] AdwCleaner[S0].txt - [49750 octets] - [20/03/2014 23:15:54] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [49811 octets] ##########

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,351 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:45 AM

Posted 21 March 2014 - 04:44 PM


Hello purrpurrppurr3

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 purrpurrppurr3

purrpurrppurr3
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:st petersburg florida
  • Local time:02:45 AM

Posted 24 March 2014 - 11:44 AM

the problem i had was that after i turned off avg it opened again BUT my computer is booting faster now

 

 

 

ComboFix 14-03-24.01 - rac 03/24/2014  12:15:33.1.1 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.1788.824 [GMT -4:00]
Running from: c:\users\rac\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\AlexaNSISPlugin.5880.dll
c:\users\rac\AppData\Local\AnyProtectScannerSetup.exe
c:\users\rac\AppData\Local\nsfD702.tmp
c:\windows\SysWow64\Cache
c:\windows\SysWow64\Cache\144b21d34a9c4e8d.fb
c:\windows\SysWow64\Cache\144b9084f853df55.fb
c:\windows\SysWow64\Cache\26c630d098e22dd5.fb
c:\windows\SysWow64\Cache\272512937d9e61a4.fb
c:\windows\SysWow64\Cache\287204568329e189.fb
c:\windows\SysWow64\Cache\28bc8f716fd76a47.fb
c:\windows\SysWow64\Cache\2c53092c95605355.fb
c:\windows\SysWow64\Cache\31a0997e9a5b5eb3.fb
c:\windows\SysWow64\Cache\32c84fe32bb74d60.fb
c:\windows\SysWow64\Cache\33f4d082bc8b7178.fb
c:\windows\SysWow64\Cache\340e4e558b057ced.fb
c:\windows\SysWow64\Cache\3917078cb68ec657.fb
c:\windows\SysWow64\Cache\4b27d5ae436f077e.fb
c:\windows\SysWow64\Cache\590ba23ce359fd0c.fb
c:\windows\SysWow64\Cache\610289e025a3ee9a.fb
c:\windows\SysWow64\Cache\651c5d3cdbfb8bd1.fb
c:\windows\SysWow64\Cache\6a2413c197959536.fb
c:\windows\SysWow64\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\SysWow64\Cache\6d03dad1035885d3.fb
c:\windows\SysWow64\Cache\7fea47538b9b6c13.fb
c:\windows\SysWow64\Cache\814579a7e316b42a.fb
c:\windows\SysWow64\Cache\94cd9eae63fd45cf.fb
c:\windows\SysWow64\Cache\95f567698be8a182.fb
c:\windows\SysWow64\Cache\a8556537add6dfc5.fb
c:\windows\SysWow64\Cache\ad10a52aff5e038d.fb
c:\windows\SysWow64\Cache\af710544320e641a.fb
c:\windows\SysWow64\Cache\c1fa887b03019701.fb
c:\windows\SysWow64\Cache\c4d28dca2e7648be.fb
c:\windows\SysWow64\Cache\d1ce0ec0f9fe8098.fb
c:\windows\SysWow64\Cache\d201ef9910cd39de.fb
c:\windows\SysWow64\Cache\d2e94710a5708128.fb
c:\windows\SysWow64\Cache\d79b9dfe81484ec4.fb
c:\windows\SysWow64\Cache\dce8b54388156090.fb
c:\windows\SysWow64\Cache\e67bcb9d07d13419.fb
c:\windows\SysWow64\Cache\f998975c9cc711ee.fb
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-24 to 2014-03-24  )))))))))))))))))))))))))))))))
.
.
2014-03-24 16:30 . 2014-03-24 16:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-23 00:58 . 2014-03-23 00:58 -------- d-----w- c:\program files\Highlightly
2014-03-23 00:57 . 2014-03-23 00:58 -------- d-----w- c:\program files (x86)\Highlightly
2014-03-23 00:57 . 2014-03-23 01:00 -------- d-----w- c:\program files (x86)\LPT
2014-03-23 00:55 . 2014-03-23 00:55 -------- d-----w- c:\users\rac\AppData\Local\LPT
2014-03-23 00:55 . 2014-03-23 00:55 -------- d-----w- c:\users\rac\AppData\Local\Smartbar
2014-03-23 00:54 . 2014-03-23 00:54 -------- d-----w- c:\users\rac\AppData\Local\TidyNetwork
2014-03-23 00:54 . 2014-03-23 00:54 -------- d-----w- c:\program files (x86)\TidyNetwork
2014-03-21 03:58 . 2014-03-21 03:58 -------- d-----w- c:\windows\ERUNT
2014-03-21 03:13 . 2014-03-21 03:17 -------- d-----w- C:\AdwCleaner
2014-03-21 00:54 . 2014-03-21 00:54 -------- d-----w- c:\users\rac\AppData\Roaming\key-find
2014-03-21 00:53 . 2014-03-21 00:53 -------- d-----w- c:\users\rac\AppData\Roaming\Activeris
2014-03-21 00:52 . 2014-03-21 00:52 -------- d-----w- c:\programdata\Activeris
2014-03-21 00:52 . 2014-03-21 00:52 -------- d-----w- c:\program files (x86)\Activeris AntiMalware
2014-03-21 00:52 . 2012-09-26 23:03 20480 ----a-w- c:\windows\system32\acrisnative64.exe
2014-03-19 03:59 . 2014-03-19 03:59 -------- d-----w- c:\program files (x86)\ffdshow
2014-03-19 03:26 . 2014-03-19 03:33 -------- d-----w- c:\users\rac\AppData\Roaming\Flawless Technology
2014-03-19 02:38 . 2014-03-19 02:38 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\MFAData
2014-03-17 04:20 . 2014-03-17 05:26 -------- d-----w- C:\FRST
2014-03-16 19:37 . 2014-03-19 03:06 -------- d-----w- c:\users\rac\AppData\Local\5656
2014-03-16 19:36 . 2014-03-16 19:36 -------- d-----w- c:\users\rac\AppData\Local\Hyper Browser
2014-03-16 04:15 . 2014-03-16 04:15 -------- d-----w- c:\users\rac\AppData\Local\Tuguu_SL
2014-03-16 04:10 . 2014-03-16 04:10 -------- d-----w- c:\program files (x86)\PC SpeedBoost
2014-03-16 04:10 . 2014-03-16 04:10 -------- d-----w- c:\programdata\BoostSoftware
2014-03-16 04:06 . 2014-03-16 04:06 -------- d-----w- c:\users\rac\AppData\Roaming\Optimizer Elite Max
2014-03-16 04:01 . 2014-03-16 04:01 -------- d-----w- c:\program files (x86)\Optimizer Elite Max
2014-03-16 03:54 . 2014-03-16 03:55 -------- d-----w- c:\programdata\UAB
2014-03-16 03:54 . 2014-03-16 03:54 -------- d-----w- c:\users\rac\AppData\Local\PC_Drivers_Headquarters
2014-03-16 03:54 . 2014-03-16 03:54 -------- d-----w- c:\programdata\Driver Support
2014-03-16 03:53 . 2014-03-16 03:53 -------- d-----w- c:\program files (x86)\Driver Support
2014-03-14 19:38 . 2014-03-14 19:38 -------- d-----w- c:\users\rac\AppData\Local\WinRST
2014-03-14 19:38 . 2014-03-14 19:38 -------- d-----w- c:\program files (x86)\WinRST
2014-03-14 19:37 . 2014-03-14 19:37 -------- d-----w- c:\users\rac\AppData\Roaming\ContentExplorer
2014-03-14 19:19 . 2014-03-14 19:19 -------- d-----w- c:\users\rac\AppData\Roaming\SmartMediaConverter
2014-03-14 19:19 . 2014-03-24 16:02 -------- d-----w- c:\program files (x86)\SmartMediaConverter
2014-03-14 19:18 . 2014-03-14 19:18 -------- d-----w- c:\program files (x86)\Convert Files for Free
2014-03-14 18:57 . 2014-03-14 18:57 -------- d-----w- c:\users\rac\AppData\Local\IsolatedStorage
2014-03-14 18:57 . 2014-03-14 18:57 -------- d-----w- c:\programdata\Symantec
2014-03-14 18:56 . 2014-03-23 00:15 -------- d-----w- c:\program files (x86)\Video-Saver-soft
2014-03-14 18:56 . 2014-03-14 18:56 -------- d-----w- c:\windows\system32\drivers\NSSx64
2014-03-14 18:56 . 2014-03-14 18:56 -------- d-----w- c:\program files (x86)\Norton Security Scan
2014-03-14 18:56 . 2014-03-14 18:56 -------- d-----w- c:\program files\Quiknowledge
2014-03-14 18:56 . 2014-03-14 18:56 -------- d-----w- c:\program files (x86)\NortonInstaller
2014-03-14 18:48 . 2014-03-14 18:48 -------- d-----w- c:\program files (x86)\Uninstaller
2014-03-14 16:53 . 2014-02-17 06:32 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{922B8957-55EB-415E-8D4E-021C9BA683DD}\mpengine.dll
2014-03-07 02:53 . 2014-03-07 02:53 -------- d-----w- c:\users\rac\AppData\Local\Skype
2014-03-07 02:53 . 2014-03-07 02:53 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-03-07 02:53 . 2014-03-07 02:53 -------- d-----r- c:\program files (x86)\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-19 07:01 . 2012-05-10 13:15 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-13 17:20 . 2012-04-30 17:25 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-13 17:20 . 2012-03-18 12:06 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 23:13 . 2014-02-05 23:13 58256 ----a-w- c:\windows\system32\drivers\qknfd.sys
2014-02-05 23:10 . 2014-02-05 23:10 58256 ----a-w- c:\windows\system32\drivers\hlnfd.sys
2014-02-03 17:20 . 2012-02-09 04:18 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2009-11-25 20:47 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB}]
2014-01-28 10:22 116344 ----a-w- c:\program files (x86)\Convert Files for Free\ConvertFilesforFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{72137848-7F57-3E82-CE0D-DEF37FF510D4}]
2014-03-23 00:54 118784 ----a-w- c:\program files (x86)\TidyNetwork\petn.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}]
2014-02-05 23:10 147560 ----a-w- c:\program files (x86)\Highlightly\IE\HighlightlyClientIE.dll
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SmartMediaConverter.lnk - c:\program files (x86)\SmartMediaConverter\SmartMediaConverterApp.exe [2014-2-27 442816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
"ForceActiveDesktopOn"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ConvertFilesforFreeUpdt;ConvertFilesforFreeUpdt;c:\program files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe;c:\program files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe [x]
R2 NewPlayerUpdaterService;NewPlayer Updater Service;c:\program files (x86)\NewPlayer\NewPlayerUpdaterService.exe;c:\program files (x86)\NewPlayer\NewPlayerUpdaterService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WinRST;WinRST;c:\program files (x86)\WinRST\WinRST.exe;c:\program files (x86)\WinRST\WinRST.exe [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 hlnfd;hlnfd;c:\windows\system32\drivers\hlnfd.sys;c:\windows\SYSNATIVE\drivers\hlnfd.sys [x]
S1 qknfd;qknfd;c:\windows\system32\drivers\qknfd.sys;c:\windows\SYSNATIVE\drivers\qknfd.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 hlsvc;Highlightly Client Service;c:\program files (x86)\Highlightly\Service\hlsvc.exe;c:\program files (x86)\Highlightly\Service\hlsvc.exe [x]
S2 LPTSystemUpdater;LPT System Updater Service;c:\program files (x86)\LPT\srpts.exe;c:\program files (x86)\LPT\srpts.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 video-saver;video-saver;c:\program files (x86)\Video-Saver-soft\video-saver157.exe;c:\program files (x86)\Video-Saver-soft\video-saver157.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 20:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 17:20]
.
2014-03-24 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-04-28 21:24]
.
2014-03-15 c:\windows\Tasks\Norton Security Scan for rac.job
- c:\progra~2\NORTON~2\Engine\401~1.16\Nss.exe [2014-03-14 12:59]
.
2014-03-16 c:\windows\Tasks\PCHelpers1st.job
- c:\program files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe [2014-03-16 23:47]
.
2014-03-16 c:\windows\Tasks\PCHelpers_period.job
- c:\program files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe [2014-03-16 23:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72137848-7F57-3E82-CE0D-DEF37FF510D4}]
2014-03-23 00:54 127488 ----a-w- c:\program files (x86)\TidyNetwork\petn64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://feed.snapdo.com/?publisher=Installmetrix&dpid=Installmetrix_CH&co=US&userid=acfb68e5-d81c-5ceb-b3f9-99a69b10e025&searchtype=hp&installDate={installDate}&barcodeid={barcodeID}&um={UM}
uLocal Page = c:\windows\system32\blank.htm
uSearch Page =
mDefault_Search_URL = hxxp://www.key-find.com/web/?type=ds&ts=1395363235&from=tugs&uid=WDCXWD1600BEVT-60A23T0_WD-WX41A20L5877L5877&q={searchTerms}
mDefault_Page_URL = hxxp://www.key-find.com/?type=hp&ts=1395363235&from=tugs&uid=WDCXWD1600BEVT-60A23T0_WD-WX41A20L5877L5877
mStart Page = hxxp://www.key-find.com/?type=hp&ts=1395363235&from=tugs&uid=WDCXWD1600BEVT-60A23T0_WD-WX41A20L5877L5877
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.key-find.com/web/?type=ds&ts=1395363235&from=tugs&uid=WDCXWD1600BEVT-60A23T0_WD-WX41A20L5877L5877&q={searchTerms}
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49174;https=127.0.0.1:49174
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=Installmetrix&dpid=Installmetrix_CH&co=US&userid=acfb68e5-d81c-5ceb-b3f9-99a69b10e025&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-!{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
BHO-{323C6E6D-1621-470F-8A52-4FDEC4E75E40} - (no file)
Toolbar-10 - (no file)
AddRemove-VOPackage - c:\users\rac\AppData\Roaming\VOPackage\uninstall.exe
AddRemove-Save Sense - c:\users\rac\AppData\Local\SaveSense\uninst.exe
AddRemove-SaveSense - c:\users\rac\AppData\Roaming\SAVESE~1\UpdateProc\UpdateTask.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\1394ohci]
"ImagePath"="\SystemRoot\system32\DRIVERS\1394ohci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AcpiPmi]
"ImagePath"="\SystemRoot\system32\DRIVERS\acpipmi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AdobeFlashPlayerUpdateSvc]
"ImagePath"="c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adp94xx]
"ImagePath"="system32\DRIVERS\adp94xx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adpahci]
"ImagePath"="system32\DRIVERS\adpahci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adpu320]
"ImagePath"="system32\DRIVERS\adpu320.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adsi]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AeLookupSvc]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AESTFilters]
"ImagePath"="c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AFD]
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AgereModemAudio]
"ImagePath"="c:\program files\LSI SoftModem\agr64svc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AgereSoftModem]
"ImagePath"="system32\DRIVERS\agrsm64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\agp440]
"ImagePath"="\SystemRoot\system32\DRIVERS\agp440.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\aliide]
"ImagePath"="system32\DRIVERS\aliide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AMD External Events Utility]
"ImagePath"="%SystemRoot%\system32\atiesrxx.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdide]
"ImagePath"="system32\DRIVERS\amdide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AmdK8]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AmdPPM]
"ImagePath"="system32\DRIVERS\amdppm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdsata]
"ImagePath"="system32\drivers\amdsata.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdsbs]
"ImagePath"="system32\DRIVERS\amdsbs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdxata]
"ImagePath"="system32\drivers\amdxata.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AndNetDiag]
"ImagePath"="system32\DRIVERS\lgandnetdiag64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ANDNetModem]
"ImagePath"="system32\DRIVERS\lgandnetmodem64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\andnetndis]
"ImagePath"="system32\DRIVERS\lgandnetndis64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppID]
"ImagePath"="\SystemRoot\system32\drivers\appid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppIDSvc]
"ServiceDll"="%SystemRoot%\System32\appidsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Appinfo]
"ServiceDll"="%SystemRoot%\System32\appinfo.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\arc]
"ImagePath"="system32\DRIVERS\arc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\arcsas]
"ImagePath"="system32\DRIVERS\arcsas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\athr]
"ImagePath"="system32\DRIVERS\athrx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Atierecord]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\atikmdag]
"ImagePath"="system32\DRIVERS\atikmdag.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AtiPcie]
"ImagePath"="system32\DRIVERS\AtiPcie.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AudioEndpointBuilder]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avg]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgdiska]
"ImagePath"="system32\DRIVERS\avgdiska.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSAgent]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2014\avgidsagent.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\avgidsdrivera.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSHA]
"ImagePath"="system32\DRIVERS\avgidsha.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgldx64]
"ImagePath"="system32\DRIVERS\avgldx64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgloga]
"ImagePath"="system32\DRIVERS\avgloga.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgmfx64]
"ImagePath"="system32\DRIVERS\avgmfx64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgrkx64]
"ImagePath"="system32\DRIVERS\avgrkx64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgtdia]
"ImagePath"="system32\DRIVERS\avgtdia.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\avgwd]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AxInstSV]
"ServiceDll"="%SystemRoot%\System32\AxInstSV.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\b06bdrv]
"ImagePath"="\SystemRoot\system32\DRIVERS\bxvbda.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\b57nd60a]
"ImagePath"="system32\DRIVERS\b57nd60a.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BattC]
"MofImagePath"="system32\drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BDESVC]
"ServiceDll"="%SystemRoot%\System32\bdesvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Beep]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BFE]
"ServiceDll"="%SystemRoot%\System32\bfe.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\blbdrive]
"ImagePath"="\SystemRoot\system32\DRIVERS\blbdrive.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\bowser]
"ImagePath"="system32\DRIVERS\bowser.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrFiltLo]
"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltLo.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrFiltUp]
"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltUp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BridgeMP]
"ImagePath"="system32\DRIVERS\bridge.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Brserid]
"ImagePath"="\SystemRoot\System32\Drivers\Brserid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrSerWdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrSerWdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrUsbMdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbMdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrUsbSer]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbSer.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BTHMODEM]
"ImagePath"="\SystemRoot\system32\DRIVERS\bthmodem.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BTHPORT]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\bthserv]
"ServiceDll"="%SystemRoot%\system32\bthserv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\catchme]
"ImagePath"="\??\c:\combofix\catchme.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ccSet_Norton Security Scan]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cdfs]
"ImagePath"="system32\DRIVERS\cdfs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CertPropSvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\circlass]
"ImagePath"="\SystemRoot\system32\DRIVERS\circlass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CLFS]
"ImagePath"="System32\CLFS.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v2.0.50727_32]
"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v2.0.50727_64]
"ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v4.0.30319_64]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CmBatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\CmBatt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cmdide]
"ImagePath"="system32\DRIVERS\cmdide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CNG]
"ImagePath"="System32\Drivers\cng.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Com4QLBEx]
"ImagePath"="\"c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Compbatt]
"ImagePath"="system32\DRIVERS\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CompositeBus]
"ImagePath"="\SystemRoot\system32\DRIVERS\CompositeBus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ConvertFilesforFreeUpdt]
"ImagePath"="c:\program files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\crcdisk]
"ImagePath"="\SystemRoot\system32\DRIVERS\crcdisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\crypt32]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CryptSvc]
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DCLocator]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\defragsvc]
"ServiceDll"="%Systemroot%\System32\defragsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DfsC]
"ImagePath"="System32\Drivers\dfsc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcore.dll"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\discache]
"ImagePath"="System32\drivers\discache.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DPS]
"ServiceDll"="%SystemRoot%\system32\dps.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DXGKrnl]
"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ebdrv]
"ImagePath"="\SystemRoot\system32\DRIVERS\evbda.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EFS]
"ImagePath"="%SystemRoot%\System32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ehRecvr]
"ImagePath"="%systemroot%\ehome\ehRecvr.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ehSched]
"ImagePath"="%systemroot%\ehome\ehsched.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\elxstor]
"ImagePath"="system32\DRIVERS\elxstor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ErrDev]
"ImagePath"="\SystemRoot\system32\DRIVERS\errdev.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ESENT]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\eventlog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EventSystem]
"ServiceDll"="%systemroot%\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\exfat]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fastfat]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fdc]
"ImagePath"="\SystemRoot\system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fdPHost]
"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FDResPub]
"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FileInfo]
"ImagePath"="system32\drivers\fileinfo.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Filetrace]
"ImagePath"="system32\drivers\filetrace.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\flpydisk]
"ImagePath"="\SystemRoot\system32\DRIVERS\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FontCache]
"ServiceDll"="%SystemRoot%\system32\FntCache.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FontCache3.0.0.0]
"ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FsDepends]
"ImagePath"="System32\drivers\FsDepends.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fssfltr]
"ImagePath"="system32\DRIVERS\fssfltr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fsssvc]
"ImagePath"="\"c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fvevol]
"ImagePath"="System32\DRIVERS\fvevol.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gagp30kx]
"ImagePath"="\SystemRoot\system32\DRIVERS\gagp30kx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\GamesAppService]
"ImagePath"="\"c:\program files (x86)\WildTangent Games\App\GamesAppService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gpsvc]
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hcw85cir]
"ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HdAudAddService]
"ImagePath"="system32\drivers\HdAudio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HDAudBus]
"ImagePath"="\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidBatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\HidBatt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidBth]
"ImagePath"="\SystemRoot\system32\DRIVERS\hidbth.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidIr]
"ImagePath"="\SystemRoot\system32\DRIVERS\hidir.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hidserv]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidUsb]
"ImagePath"="\SystemRoot\system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hkmsvc]
"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hlnfd]
"ImagePath"="system32\drivers\hlnfd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hlsvc]
"ImagePath"="\"c:\program files (x86)\Highlightly\Service\hlsvc.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HomeGroupListener]
"ServiceDll"="%SystemRoot%\system32\ListSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HomeGroupProvider]
"ServiceDll"="%SystemRoot%\system32\provsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HP Health Check Service]
"ImagePath"="\"c:\program files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HpqKbFiltr]
"ImagePath"="\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hpqwmiex]
"ImagePath"="\"c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HpSAMD]
"ImagePath"="system32\DRIVERS\HpSAMD.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HTTP]
"ImagePath"="system32\drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hwpolicy]
"ImagePath"="System32\drivers\hwpolicy.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\i8042prt]
"ImagePath"="\SystemRoot\system32\DRIVERS\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iaStorV]
"ImagePath"="system32\drivers\iaStorV.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IDriverT]
"ImagePath"="\"c:\program files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\idsvc]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\igfx]
"ImagePath"="system32\DRIVERS\igdkmd64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iirsp]
"ImagePath"="system32\DRIVERS\iirsp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IKEEXT]
"ServiceDll"="%SystemRoot%\System32\ikeext.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\inetaccs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\intelide]
"ImagePath"="system32\DRIVERS\intelide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\intelppm]
"ImagePath"="\SystemRoot\system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPBusEnum]
"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iphlpsvc]
"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPMIDRV]
"ImagePath"="\SystemRoot\system32\DRIVERS\IPMIDrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPNAT]
"ImagePath"="System32\drivers\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IRENUM]
"ImagePath"="system32\drivers\irenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iScsiPrt]
"ImagePath"="\SystemRoot\system32\DRIVERS\msiscsi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\kbdclass]
"ImagePath"="\SystemRoot\system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\kbdhid]
"ImagePath"="\SystemRoot\system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KSecDD]
"ImagePath"="System32\Drivers\ksecdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KSecPkg]
"ImagePath"="System32\Drivers\ksecpkg.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ksthunk]
"ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KtmRm]
"ServiceDll"="%systemroot%\system32\msdtckrm.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LanmanWorkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ldap]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LightScribeService]
"ImagePath"="\"c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\lltdio]
"ImagePath"="system32\DRIVERS\lltdio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\lltdsvc]
"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\lmhosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LPTSystemUpdater]
"ImagePath"="\"c:\program files (x86)\LPT\srpts.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Lsa]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_FC]
"ImagePath"="system32\DRIVERS\lsi_fc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SAS]
"ImagePath"="system32\DRIVERS\lsi_sas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SAS2]
"ImagePath"="system32\DRIVERS\lsi_sas2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SCSI]
"ImagePath"="system32\DRIVERS\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\luafv]
"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Mcx2Svc]
"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\megasas]
"ImagePath"="system32\DRIVERS\megasas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MegaSR]
"ImagePath"="system32\DRIVERS\MegaSR.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MMCSS]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Modem]
"ImagePath"="system32\drivers\modem.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\monitor]
"ImagePath"="system32\DRIVERS\monitor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mouclass]
"ImagePath"="\SystemRoot\system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mouhid]
"ImagePath"="\SystemRoot\system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mountmgr]
"ImagePath"="System32\drivers\mountmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mpio]
"ImagePath"="system32\DRIVERS\mpio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mpsdrv]
"ImagePath"="System32\drivers\mpsdrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MpsSvc]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MRxDAV]
"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb10]
"ImagePath"="system32\DRIVERS\mrxsmb10.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb20]
"ImagePath"="system32\DRIVERS\mrxsmb20.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msahci]
"ImagePath"="system32\DRIVERS\msahci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msdsm]
"ImagePath"="system32\DRIVERS\msdsm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC]
"ImagePath"="%SystemRoot%\System32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Msfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mshidkmdf]
"ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msisadrv]
"ImagePath"="system32\DRIVERS\msisadrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSiSCSI]
"ServiceDll"="%systemroot%\system32\iscsiexe.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsRPC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mssmbios]
"ImagePath"="\SystemRoot\system32\DRIVERS\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MTConfig]
"ImagePath"="\SystemRoot\system32\DRIVERS\MTConfig.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Mup]
"ImagePath"="System32\Drivers\mup.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\napagent]
"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NativeWifiP]
"ImagePath"="system32\DRIVERS\nwifi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NDIS]
"ImagePath"="system32\drivers\ndis.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisCap]
"ImagePath"="system32\DRIVERS\ndiscap.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NDProxy]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetBT]
"ImagePath"="System32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\netprofm]
"ServiceDll"="%SystemRoot%\System32\netprofm.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetTcpPortSharing]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\netw5v64]
"ImagePath"="system32\DRIVERS\netw5v64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NewPlayerUpdaterService]
"ImagePath"="\"c:\program files (x86)\NewPlayer\NewPlayerUpdaterService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nfrd960]
"ImagePath"="system32\DRIVERS\nfrd960.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NlaSvc]
"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Npfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nsi]
"ServiceDll"="%systemroot%\system32\nsisvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nsiproxy]
"ImagePath"="system32\drivers\nsiproxy.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NTDS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Ntfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Null]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nvraid]
"ImagePath"="system32\drivers\nvraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nvstor]
"ImagePath"="system32\drivers\nvstor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nv_agp]
"ImagePath"="\SystemRoot\system32\DRIVERS\nv_agp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\odserv]
"ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ohci1394]
"ImagePath"="\SystemRoot\system32\DRIVERS\ohci1394.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ose]
"ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Parport]
"ImagePath"="\SystemRoot\system32\DRIVERS\parport.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\partmgr]
"ImagePath"="System32\drivers\partmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PcaSvc]
"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pci]
"ImagePath"="system32\DRIVERS\pci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pciide]
"ImagePath"="system32\DRIVERS\pciide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pcmcia]
"ImagePath"="\SystemRoot\system32\DRIVERS\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pcw]
"ImagePath"="System32\drivers\pcw.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PEAUTH]
"ImagePath"="system32\drivers\peauth.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfHost]
"ImagePath"="%SystemRoot%\SysWow64\perfhost.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfNet]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfOS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfProc]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pla]
"ServiceDll"="%systemroot%\system32\pla.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PlugPlay]
"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PNRPAutoReg]
"ServiceDll"="%SystemRoot%\system32\pnrpauto.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PNRPsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PolicyAgent]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PortProxy]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Power]
"ServiceDll"="%SystemRoot%\system32\umpo.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Processor]
"ImagePath"="\SystemRoot\system32\DRIVERS\processr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ProfSvc]
"ServiceDll"="%systemroot%\system32\profsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Psched]
"ImagePath"="system32\DRIVERS\pacer.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\qknfd]
"ImagePath"="system32\drivers\qknfd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ql2300]
"ImagePath"="system32\DRIVERS\ql2300.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ql40xx]
"ImagePath"="system32\DRIVERS\ql40xx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\QWAVE]
"ServiceDll"="%windir%\system32\qwave.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\QWAVEdrv]
"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAgileVpn]
"ImagePath"="system32\DRIVERS\AgileVpn.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasSstp]
"ImagePath"="system32\DRIVERS\rassstp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdpbus]
"ImagePath"="\SystemRoot\system32\DRIVERS\rdpbus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPDD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPENCDD]
"ImagePath"="system32\drivers\rdpencdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPNP]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPREFMP]
"ImagePath"="system32\drivers\rdprefmp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPWD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdyboost]
"ImagePath"="System32\drivers\rdyboost.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RealNetworks Downloader Resolver Service]
"ImagePath"="\"c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RemoteAccess]
"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RichVideo]
"ImagePath"="\"c:\program files (x86)\CyberLink\Shared files\RichVideo.exe\"\00\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\10\02\01\03\01\03\01\03\01\03\01\03\01\03\01\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcEptMapper]
"ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcSs]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rspndr]
"ImagePath"="system32\DRIVERS\rspndr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RSUSBSTOR]
"ImagePath"="System32\Drivers\RtsUStor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RTL8167]
"ImagePath"="system32\DRIVERS\Rt64win7.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RtsUIR]
"ImagePath"="system32\DRIVERS\Rts516xIR.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sbp2port]
"ImagePath"="system32\DRIVERS\sbp2port.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SCardSvr]
"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\scfilter]
"ImagePath"="System32\DRIVERS\scfilter.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Schedule]
"ServiceDll"="%systemroot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SCPolicySvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sdbus]
"ImagePath"="system32\DRIVERS\sdbus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SDRSVC]
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\secdrv]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\seclogon]
"ServiceDll"="%windir%\system32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SensrSvc]
"ServiceDll"="%SystemRoot%\system32\sensrsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Serenum]
"ImagePath"="\SystemRoot\system32\DRIVERS\serenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Serial]
"ImagePath"="\SystemRoot\system32\DRIVERS\serial.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sermouse]
"ImagePath"="\SystemRoot\system32\DRIVERS\sermouse.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SessionEnv]
"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffdisk]
"ImagePath"="\SystemRoot\system32\DRIVERS\sffdisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffp_mmc]
"ImagePath"="\SystemRoot\system32\DRIVERS\sffp_mmc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffp_sd]
"ImagePath"="\SystemRoot\system32\DRIVERS\sffp_sd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sfloppy]
"ImagePath"="\SystemRoot\system32\DRIVERS\sfloppy.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SiSRaid2]
"ImagePath"="system32\DRIVERS\SiSRaid2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SiSRaid4]
"ImagePath"="system32\DRIVERS\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SkypeUpdate]
"ImagePath"="\"c:\program files (x86)\Skype\Updater\Updater.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Smb]
"ImagePath"="system32\DRIVERS\smb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SMSvcHost 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\spldr]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Spooler]
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sppsvc]
"ImagePath"="%SystemRoot%\system32\sppsvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sppuinotify]
"ServiceDll"="%SystemRoot%\system32\sppuinotify.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\srv]
"ImagePath"="System32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\srv2]
"ImagePath"="System32\DRIVERS\srv2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SrvHsfHDA]
"ImagePath"="system32\DRIVERS\VSTAZL6.SYS"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SrvHsfV92]
"ImagePath"="system32\DRIVERS\VSTDPV6.SYS"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SrvHsfWinac]
"ImagePath"="system32\DRIVERS\VSTCNXT6.SYS"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\srvnet]
"ImagePath"="System32\DRIVERS\srvnet.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SstpSvc]
"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\STacSV]
"ImagePath"="c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\stexstor]
"ImagePath"="system32\DRIVERS\stexstor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\STHDA]
"ImagePath"="system32\DRIVERS\stwrt64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\stisvc]
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\swenum]
"ImagePath"="\SystemRoot\system32\DRIVERS\swenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\swprv]
"ServiceDll"="%Systemroot%\System32\swprv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SynTP]
"ImagePath"="system32\DRIVERS\SynTP.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SysMain]
"ServiceDll"="%systemroot%\system32\sysmain.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TabletInputService]
"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TBS]
"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Tcpip]
"ImagePath"="System32\drivers\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIP6]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIP6TUNNEL]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tcpipreg]
"ImagePath"="System32\drivers\tcpipreg.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIPTUNNEL]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TDPIPE]
"ImagePath"="system32\drivers\tdpipe.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TDTCP]
"ImagePath"="system32\drivers\tdtcp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tdx]
"ImagePath"="system32\DRIVERS\tdx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TermDD]
"ImagePath"="\SystemRoot\system32\DRIVERS\termdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Themes]
"ServiceDll"="%SystemRoot%\system32\themeservice.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\THREADORDER]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrkWks]
"ServiceDll"="%SystemRoot%\System32\trkwks.dll"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrustedInstaller]
"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TSDDD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tssecsrv]
"ImagePath"="System32\DRIVERS\tssecsrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tunnel]
"ImagePath"="system32\DRIVERS\tunnel.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\uagp35]
"ImagePath"="\SystemRoot\system32\DRIVERS\uagp35.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\udfs]
"ImagePath"="system32\DRIVERS\udfs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UGatherer]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UI0Detect]
"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\uliagpkx]
"ImagePath"="\SystemRoot\system32\DRIVERS\uliagpkx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\umbus]
"ImagePath"="system32\DRIVERS\umbus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UmPass]
"ImagePath"="\SystemRoot\system32\DRIVERS\umpass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\USBCCID]
"ImagePath"="system32\DRIVERS\RtsUCcid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbcir]
"ImagePath"="\SystemRoot\system32\DRIVERS\usbcir.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbfilter]
"ImagePath"="system32\DRIVERS\usbfilter.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbprint]
"ImagePath"="\SystemRoot\system32\DRIVERS\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbuhci]
"ImagePath"="\SystemRoot\system32\drivers\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbvideo]
"ImagePath"="\SystemRoot\System32\Drivers\usbvideo.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UxSms]
"ServiceDll"="%SystemRoot%\System32\uxsms.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VaultSvc]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrvroot]
"ImagePath"="system32\DRIVERS\vdrvroot.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vds]
"ImagePath"="%SystemRoot%\System32\vds.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vga]
"ImagePath"="system32\DRIVERS\vgapnp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vhdmp]
"ImagePath"="\SystemRoot\system32\DRIVERS\vhdmp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\viaide]
"ImagePath"="system32\DRIVERS\viaide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\video-saver]
"ImagePath"="c:\program files (x86)\Video-Saver-soft\video-saver157.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgr]
"ImagePath"="system32\DRIVERS\volmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgrx]
"ImagePath"="System32\drivers\volmgrx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\volsnap]
"ImagePath"="system32\drivers\volsnap.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vsmraid]
"ImagePath"="system32\DRIVERS\vsmraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VSS]
"ImagePath"="%systemroot%\system32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vwifibus]
"ImagePath"="system32\DRIVERS\vwifibus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vwififlt]
"ImagePath"="system32\DRIVERS\vwififlt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\W3SVC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WacomPen]
"ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WANARP]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wanarpv6]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WatAdminSvc]
"ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wbengine]
"ImagePath"="\"%systemroot%\system32\wbengine.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WbioSrvc]
"ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wd]
"ImagePath"="system32\DRIVERS\wd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WfpLwf]
"ImagePath"="system32\DRIVERS\wfplwf.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WIMMount]
"ImagePath"="system32\drivers\wimmount.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinDefend]
"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRST]
"ImagePath"="c:\program files (x86)\WinRST\WinRST.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winsock]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinSock2]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wlansvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wlcrasvc]
"ImagePath"="\"c:\program files\Windows Live\Mesh\wlcrasvc.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wlidsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiAcpi]
"ImagePath"="\SystemRoot\system32\DRIVERS\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wmiApSrv]
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WMPNetworkSvc]
"ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ws2ifsl]
"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WudfPf]
"ImagePath"="system32\drivers\WudfPf.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFRd]
"ImagePath"="system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WwanSvc]
"ServiceDll"="%SystemRoot%\System32\wwansvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xmlprov]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\yukonw7]
"ImagePath"="system32\DRIVERS\yk62x64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1B03210A-1CF6-402D-A725-4072EA923544}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{38F36C9D-5921-4DC8-8B86-67F7F83BC4D2}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{4AF2B93C-B30B-408B-A884-03D81CF9FDF7}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B697D13B-17B5-40BD-9C3F-3BB62915496C}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-24  12:39:15
ComboFix-quarantined-files.txt  2014-03-24 16:39
.
Pre-Run: 95,971,942,400 bytes free
Post-Run: 96,371,286,016 bytes free
.
- - End Of File - - AE294D8395CA338C314671AD134E6673
8C0A4C6524EFBD54F4DE42813DECDA6A

 



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,351 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:45 AM

Posted 24 March 2014 - 12:21 PM


Hello purrpurrppurr3

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 purrpurrppurr3

purrpurrppurr3
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:st petersburg florida
  • Local time:02:45 AM

Posted 24 March 2014 - 02:12 PM

my computer is running much better now and i ran the cfs with no problems

 

ComboFix 14-03-24.01 - rac 03/24/2014  14:51:24.2.1 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.1788.1012 [GMT -4:00]
Running from: c:\users\rac\Desktop\ComboFix.exe
Command switches used :: c:\users\rac\Desktop\cfscript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-24 to 2014-03-24  )))))))))))))))))))))))))))))))
.
.
2014-03-24 19:03 . 2014-03-24 19:03 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-03-24 19:03 . 2014-03-24 19:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-23 00:58 . 2014-03-23 00:58 -------- d-----w- c:\program files\Highlightly
2014-03-23 00:57 . 2014-03-23 00:58 -------- d-----w- c:\program files (x86)\Highlightly
2014-03-23 00:57 . 2014-03-23 01:00 -------- d-----w- c:\program files (x86)\LPT
2014-03-23 00:55 . 2014-03-24 17:07 -------- d-----w- c:\users\rac\AppData\Local\LPT
2014-03-23 00:55 . 2014-03-23 00:55 -------- d-----w- c:\users\rac\AppData\Local\Smartbar
2014-03-23 00:54 . 2014-03-23 00:54 -------- d-----w- c:\users\rac\AppData\Local\TidyNetwork
2014-03-23 00:54 . 2014-03-23 00:54 -------- d-----w- c:\program files (x86)\TidyNetwork
2014-03-21 03:58 . 2014-03-21 03:58 -------- d-----w- c:\windows\ERUNT
2014-03-21 03:13 . 2014-03-21 03:17 -------- d-----w- C:\AdwCleaner
2014-03-21 00:54 . 2014-03-21 00:54 -------- d-----w- c:\users\rac\AppData\Roaming\key-find
2014-03-21 00:53 . 2014-03-21 00:53 -------- d-----w- c:\users\rac\AppData\Roaming\Activeris
2014-03-21 00:52 . 2014-03-21 00:52 -------- d-----w- c:\programdata\Activeris
2014-03-21 00:52 . 2014-03-21 00:52 -------- d-----w- c:\program files (x86)\Activeris AntiMalware
2014-03-21 00:52 . 2012-09-26 23:03 20480 ----a-w- c:\windows\system32\acrisnative64.exe
2014-03-19 03:59 . 2014-03-19 03:59 -------- d-----w- c:\program files (x86)\ffdshow
2014-03-19 03:26 . 2014-03-19 03:33 -------- d-----w- c:\users\rac\AppData\Roaming\Flawless Technology
2014-03-19 02:38 . 2014-03-19 02:38 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\MFAData
2014-03-17 04:20 . 2014-03-17 05:26 -------- d-----w- C:\FRST
2014-03-16 19:37 . 2014-03-19 03:06 -------- d-----w- c:\users\rac\AppData\Local\5656
2014-03-16 19:36 . 2014-03-16 19:36 -------- d-----w- c:\users\rac\AppData\Local\Hyper Browser
2014-03-16 04:15 . 2014-03-16 04:15 -------- d-----w- c:\users\rac\AppData\Local\Tuguu_SL
2014-03-16 04:10 . 2014-03-16 04:10 -------- d-----w- c:\program files (x86)\PC SpeedBoost
2014-03-16 04:10 . 2014-03-16 04:10 -------- d-----w- c:\programdata\BoostSoftware
2014-03-16 04:06 . 2014-03-16 04:06 -------- d-----w- c:\users\rac\AppData\Roaming\Optimizer Elite Max
2014-03-16 04:01 . 2014-03-16 04:01 -------- d-----w- c:\program files (x86)\Optimizer Elite Max
2014-03-16 03:54 . 2014-03-16 03:55 -------- d-----w- c:\programdata\UAB
2014-03-16 03:54 . 2014-03-16 03:54 -------- d-----w- c:\users\rac\AppData\Local\PC_Drivers_Headquarters
2014-03-16 03:54 . 2014-03-16 03:54 -------- d-----w- c:\programdata\Driver Support
2014-03-16 03:53 . 2014-03-16 03:53 -------- d-----w- c:\program files (x86)\Driver Support
2014-03-14 19:38 . 2014-03-14 19:38 -------- d-----w- c:\users\rac\AppData\Local\WinRST
2014-03-14 19:38 . 2014-03-14 19:38 -------- d-----w- c:\program files (x86)\WinRST
2014-03-14 19:37 . 2014-03-14 19:37 -------- d-----w- c:\users\rac\AppData\Roaming\ContentExplorer
2014-03-14 19:19 . 2014-03-14 19:19 -------- d-----w- c:\users\rac\AppData\Roaming\SmartMediaConverter
2014-03-14 19:19 . 2014-03-24 18:28 -------- d-----w- c:\program files (x86)\SmartMediaConverter
2014-03-14 19:18 . 2014-03-14 19:18 -------- d-----w- c:\program files (x86)\Convert Files for Free
2014-03-14 18:57 . 2014-03-14 18:57 -------- d-----w- c:\users\rac\AppData\Local\IsolatedStorage
2014-03-14 18:57 . 2014-03-14 18:57 -------- d-----w- c:\programdata\Symantec
2014-03-14 18:56 . 2014-03-23 00:15 -------- d-----w- c:\program files (x86)\Video-Saver-soft
2014-03-14 18:56 . 2014-03-14 18:56 -------- d-----w- c:\windows\system32\drivers\NSSx64
2014-03-14 18:56 . 2014-03-14 18:56 -------- d-----w- c:\program files (x86)\Norton Security Scan
2014-03-14 18:56 . 2014-03-14 18:56 -------- d-----w- c:\program files\Quiknowledge
2014-03-14 18:56 . 2014-03-14 18:56 -------- d-----w- c:\program files (x86)\NortonInstaller
2014-03-14 18:48 . 2014-03-14 18:48 -------- d-----w- c:\program files (x86)\Uninstaller
2014-03-14 16:53 . 2014-02-17 06:32 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{922B8957-55EB-415E-8D4E-021C9BA683DD}\mpengine.dll
2014-03-07 02:53 . 2014-03-07 02:53 -------- d-----w- c:\users\rac\AppData\Local\Skype
2014-03-07 02:53 . 2014-03-07 02:53 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-03-07 02:53 . 2014-03-07 02:53 -------- d-----r- c:\program files (x86)\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-19 07:01 . 2012-05-10 13:15 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-13 17:20 . 2012-04-30 17:25 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-13 17:20 . 2012-03-18 12:06 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 23:13 . 2014-02-05 23:13 58256 ----a-w- c:\windows\system32\drivers\qknfd.sys
2014-02-05 23:10 . 2014-02-05 23:10 58256 ----a-w- c:\windows\system32\drivers\hlnfd.sys
2014-02-03 17:20 . 2012-02-09 04:18 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2009-11-25 20:47 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB}]
2014-01-28 10:22 116344 ----a-w- c:\program files (x86)\Convert Files for Free\ConvertFilesforFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{72137848-7F57-3E82-CE0D-DEF37FF510D4}]
2014-03-23 00:54 118784 ----a-w- c:\program files (x86)\TidyNetwork\petn.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}]
2014-02-05 23:10 147560 ----a-w- c:\program files (x86)\Highlightly\IE\HighlightlyClientIE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ContentExplorer"="c:\users\rac\AppData\Roaming\ContentExplorer\ContentExplorer.exe" [2014-03-11 443152]
"Driver Support"="c:\program files (x86)\Driver Support\Driver Support\DriverSupport.exe" [2014-03-13 4746584]
"Browser Infrastructure Helper"="c:\users\rac\AppData\Local\Smartbar\Application\SnapDo.exe" [2014-02-07 21536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-03-20 4971024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SmartMediaConverter.lnk - c:\program files (x86)\SmartMediaConverter\SmartMediaConverterApp.exe [2014-2-27 442816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ConvertFilesforFreeUpdt;ConvertFilesforFreeUpdt;c:\program files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe;c:\program files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe [x]
R2 NewPlayerUpdaterService;NewPlayer Updater Service;c:\program files (x86)\NewPlayer\NewPlayerUpdaterService.exe;c:\program files (x86)\NewPlayer\NewPlayerUpdaterService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WinRST;WinRST;c:\program files (x86)\WinRST\WinRST.exe;c:\program files (x86)\WinRST\WinRST.exe [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 hlnfd;hlnfd;c:\windows\system32\drivers\hlnfd.sys;c:\windows\SYSNATIVE\drivers\hlnfd.sys [x]
S1 qknfd;qknfd;c:\windows\system32\drivers\qknfd.sys;c:\windows\SYSNATIVE\drivers\qknfd.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 hlsvc;Highlightly Client Service;c:\program files (x86)\Highlightly\Service\hlsvc.exe;c:\program files (x86)\Highlightly\Service\hlsvc.exe [x]
S2 LPTSystemUpdater;LPT System Updater Service;c:\program files (x86)\LPT\srpts.exe;c:\program files (x86)\LPT\srpts.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 video-saver;video-saver;c:\program files (x86)\Video-Saver-soft\video-saver157.exe;c:\program files (x86)\Video-Saver-soft\video-saver157.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 20:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 17:20]
.
2014-03-24 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-04-28 21:24]
.
2014-03-15 c:\windows\Tasks\Norton Security Scan for rac.job
- c:\progra~2\NORTON~2\Engine\401~1.16\Nss.exe [2014-03-14 12:59]
.
2014-03-16 c:\windows\Tasks\PCHelpers1st.job
- c:\program files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe [2014-03-16 23:47]
.
2014-03-16 c:\windows\Tasks\PCHelpers_period.job
- c:\program files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe [2014-03-16 23:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72137848-7F57-3E82-CE0D-DEF37FF510D4}]
2014-03-23 00:54 127488 ----a-w- c:\program files (x86)\TidyNetwork\petn64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJkNnuceapeF87LRT7w5iPtWyxLMQjVituAPsmkRBTNW0dzjmgPf_SEBKZu6yBZxlskHVYaP661BLWD6ZhZQTcIUBBzYJ_UMNF3T-E3INgy1qdj-B1fgU3liVMLis5SuAh1uDfu4IuRDdlH1IhtG4hGg,,
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.key-find.com/web/?type=ds&ts=1395363235&from=tugs&uid=WDCXWD1600BEVT-60A23T0_WD-WX41A20L5877L5877&q={searchTerms}
mDefault_Page_URL = hxxp://www.key-find.com/?type=hp&ts=1395363235&from=tugs&uid=WDCXWD1600BEVT-60A23T0_WD-WX41A20L5877L5877
mStart Page = hxxp://www.key-find.com/?type=hp&ts=1395363235&from=tugs&uid=WDCXWD1600BEVT-60A23T0_WD-WX41A20L5877L5877
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.key-find.com/web/?type=ds&ts=1395363235&from=tugs&uid=WDCXWD1600BEVT-60A23T0_WD-WX41A20L5877L5877&q={searchTerms}
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49171;https=127.0.0.1:49171
uSearchAssistant = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJkNnuceapeF87LRT7w5iPtWyxLMQjVituAPsmkRBTNW0dzjmgPf_SEBKZu6yBZxlskHVYaP661BLWD6ZhZQTcIUBNEtxJEns5HkRg_chxCCM4H1T0eJbiX9dP_0J8QgUtd385uX1ZrIPdHZU4l3-j3g,,&q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-!{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_0214c - c:\users\rac\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
BHO-{323C6E6D-1621-470F-8A52-4FDEC4E75E40} - (no file)
AddRemove-VOPackage - c:\users\rac\AppData\Roaming\VOPackage\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-24  15:08:11
ComboFix-quarantined-files.txt  2014-03-24 19:08
ComboFix2.txt  2014-03-24 16:39
.
Pre-Run: 96,225,718,272 bytes free
Post-Run: 96,178,229,248 bytes free
.
- - End Of File - - 8E49C9E0EB1C993BA8DE5F2682286D0E
8C0A4C6524EFBD54F4DE42813DECDA6A
 



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,351 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:45 AM

Posted 25 March 2014 - 08:27 AM


Hello purrpurrppurr3

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 purrpurrppurr3

purrpurrppurr3
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:st petersburg florida
  • Local time:02:45 AM

Posted 26 March 2014 - 12:16 PM

my cmputer is stil moving slowly and giving me popups from sources i thought  were deleted

 

 

Activeris AntiMalware
DMUninstaller
ffdshow (remove only)
Flawless Codec
Google Update Helper
Highlightly
key-find uninstaller
LPT System Updater Service
Skype™ 6.14
Snap.Do
Snap.Do Engine
TidyNetwork
VO Package
Winamp Detector Plug-in
 



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,351 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:45 AM

Posted 27 March 2014 - 10:50 AM

I would like you to rerun FRST for me and send me a new report

If you cannot find it here is the link again.

Please download the Farbar Recovery Scan Tool from here:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ - Click on the BLUE download buttons only - ( The GREEN ones are ads)

save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it.
When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run.

Please attach that log to your reply.
The first time the tool is run, it makes a second log (Addition.txt).
Please attach that to your reply as well
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 purrpurrppurr3

purrpurrppurr3
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:st petersburg florida
  • Local time:02:45 AM

Posted 30 March 2014 - 10:29 PM

my system is faster but there is this pc helper  that says i have a lot of things i stil neen to delete

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by rac (administrator) on RAC-PC on 30-03-2014 23:21:01
Running from C:\Users\rac\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
() C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
(Highlightly) C:\Program Files (x86)\Highlightly\Service\hlsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\LPT\srpts.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\Video-Saver-soft\video-saver157.exe
(ContentExplorer) C:\Users\rac\AppData\Roaming\ContentExplorer\ContentExplorer.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
() C:\Program Files (x86)\WinRST\WinRST.exe
(Smartbar) C:\Users\rac\AppData\Local\Smartbar\Application\SnapDo.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\SmartMediaConverter\SmartMediaConverterApp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Users\rac\AppData\Local\LPT\srptm.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe
(mIRC Co. Ltd.) C:\Program Files (x86)\mIRC\mirc.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
() C:\Users\rac\AppData\Local\Smartbar\Application\Lrcnta.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1050774876-1090009769-560395148-1000\...\Run: [ContentExplorer] - C:\Users\rac\AppData\Roaming\ContentExplorer\ContentExplorer.exe [443152 2014-03-11] (ContentExplorer)
HKU\S-1-5-21-1050774876-1090009769-560395148-1000\...\Run: [Driver Support] - C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [4746584 2014-03-13] (PC Drivers Headquarters)
HKU\S-1-5-21-1050774876-1090009769-560395148-1000\...\Run: [Browser Infrastructure Helper] - C:\Users\rac\AppData\Local\Smartbar\Application\SnapDo.exe [21536 2014-02-06] (Smartbar)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49195;https=127.0.0.1:49195
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJkNnuceapeF87LRT7w5iPtWyxLMQjVituAPsmkRBTNW0dzjmgPf_SEBKZu6yBZxlskHVYaP661BLWD6ZhZQTcIUBBzYJ_UMNF3T-E3INgy1qdj-B1fgU3liVMLis5SuAh1uDfu4IuRDdlH1IhtG4hGg,,
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJkNnuceapeF87LRT7w5iPtWyxLMQjVituAPsmkRBTNW0dzjmgPf_SEBKZu6yBZxlskHVYaP661BLWD6ZhZQTcIUBNEtxJEns5HkRg_chxCCM4H1T0eJbiX9dP_0J8QgUtd385uX1ZrIPdHZU4l3-j3g,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJkNnuceapeF87LRT7w5iPtWyxLMQjVituAPsmkRBTNW0dzjmgPf_SEBKZu6yBZxlskHVYaP661BLWD6ZhZQTcIUBNEtxJEns5HkRg_chxCCM4H1T0eJbiX9dP_0J8QgUtd385uX1ZrIPdHZU4l3-j3g,,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hp&ts=1395363235&from=tugs&uid=WDCXWD1600BEVT-60A23T0_WD-WX41A20L5877L5877
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=ds&ts=1395363235&from=tugs&uid=WDCXWD1600BEVT-60A23T0_WD-WX41A20L5877L5877&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hp&ts=1395363235&from=tugs&uid=WDCXWD1600BEVT-60A23T0_WD-WX41A20L5877L5877
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hp&ts=1395363235&from=tugs&uid=WDCXWD1600BEVT-60A23T0_WD-WX41A20L5877L5877
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=ds&ts=1395363235&from=tugs&uid=WDCXWD1600BEVT-60A23T0_WD-WX41A20L5877L5877&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {CB17CBB5-1E01-4645-BA4A-F52B45955619} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJkNnuceapeF87LRT7w5iPtWyxLMQjVituAPsmkRBTNW0dzjmgPf_SEBKZu6yBZxlskHVYaP661BLWD6ZhZQTcIUBNEtxJEns5HkRg_chxCCM4H1T0eJbiX9dP_0J8QgUtd385uX1ZrIPdHZU4l3-j3g,,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJkNnuceapeF87LRT7w5iPtWyxLMQjVituAPsmkRBTNW0dzjmgPf_SEBKZu6yBZxlskHVYaP661BLWD6ZhZQTcIUBNEtxJEns5HkRg_chxCCM4H1T0eJbiX9dP_0J8QgUtd385uX1ZrIPdHZU4l3-j3g,,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJkNnuceapeF87LRT7w5iPtWyxLMQjVituAPsmkRBTNW0dzjmgPf_SEBKZu6yBZxlskHVYaP661BLWD6ZhZQTcIUBNEtxJEns5HkRg_chxCCM4H1T0eJbiX9dP_0J8QgUtd385uX1ZrIPdHZU4l3-j3g,,&q={searchTerms}
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3324769&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP7E3EBCD3-0BC7-419E-B33B-E2B56441AECD&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJkNnuceapeF87LRT7w5iPtWyxLMQjVituAPsmkRBTNW0dzjmgPf_SEBKZu6yBZxlskHVYaP661BLWD6ZhZQTcIUBNEtxJEns5HkRg_chxCCM4H1T0eJbiX9dP_0J8QgUtd385uX1ZrIPdHZU4l3-j3g,,&q={searchTerms}
SearchScopes: HKCU - {057AA397-3DF8-4F81-B143-60A53D82627F} URL = http://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20140313,19669,0,UN,7635
BHO: No Name - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} -  No File
BHO: TidyNetwork - {72137848-7F57-3E82-CE0D-DEF37FF510D4} - C:\Program Files (x86)\TidyNetwork\petn64.dll ()
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: ConvertFilesforFree - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll (Convert Files for Free)
BHO-x32: TidyNetwork - {72137848-7F57-3E82-CE0D-DEF37FF510D4} - C:\Program Files (x86)\TidyNetwork\petn.dll ()
BHO-x32: Highlightly - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dll (Highlightly)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - !{8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - !{8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
Toolbar: HKLM-x32 - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: Quiknowledge - C:\Program Files (x86)\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com [2014-03-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-02-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-02-18]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-10-31]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-15]
FF HKLM-x32\...\Firefox\Extensions: [quiknowledge@quiknowledge.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com
FF Extension: Quiknowledge - C:\Program Files (x86)\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com [2014-03-14]
FF HKLM-x32\...\Firefox\Extensions: [extension@Convert_Files_for_Free.com] - C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com
FF Extension: ConvertFilesforFree - C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com [2014-03-14]
FF HKCU\...\Firefox\Extensions: [{04b6d429-1271-4278-9b7e-7de402ce8a7a}] - C:\Program Files (x86)\Video-Saver-soft\157.xpi
FF Extension: Video-Saver - C:\Program Files (x86)\Video-Saver-soft\157.xpi [2014-03-14]

Chrome:
=======
CHR HomePage:
CHR Extension: (Social Privacy) - C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn [2013-11-11]
CHR Extension: (HQTotalS) - C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm [2014-03-20]
CHR Extension: (media enhance) - C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo [2014-03-14]
CHR Extension: (No Name) - C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 ConvertFilesforFreeUpdt; C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe [252928 2014-01-28] ()
R2 hlsvc; C:\Program Files (x86)\Highlightly\Service\hlsvc.exe [273000 2014-02-05] (Highlightly)
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32288 2014-02-06] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
R2 video-saver; C:\Program Files (x86)\Video-Saver-soft\video-saver157.exe [195072 2014-03-14] ()
R2 WinRST; C:\Program Files (x86)\WinRST\WinRST.exe [59904 2014-02-26] ()
S2 NewPlayerUpdaterService; "C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe" [X]

==================== Drivers (Whitelisted) ====================

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29696 2011-06-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2011-06-03] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [90624 2011-06-03] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 hlnfd; C:\Windows\System32\drivers\hlnfd.sys [58256 2014-02-05] (Highlightly)
R1 qknfd; C:\Windows\System32\drivers\qknfd.sys [58256 2014-02-05] (Quiknowledge)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-30 23:21 - 2014-03-30 23:21 - 00020739 _____ () C:\Users\rac\Desktop\FRST.txt
2014-03-30 02:00 - 2014-03-30 02:00 - 00002946 _____ () C:\Windows\System32\Tasks\{46A2F195-46D2-40D5-AA04-EBC1641CC11D}
2014-03-30 01:59 - 2014-03-30 01:59 - 00002946 _____ () C:\Windows\System32\Tasks\{D81A5431-3C67-4854-8FAB-A35108D243F5}
2014-03-30 01:59 - 2014-03-30 01:59 - 00002946 _____ () C:\Windows\System32\Tasks\{1F9A7692-9776-497F-8E11-7FB0CBEF6FCF}
2014-03-30 01:59 - 2014-03-30 01:59 - 00002946 _____ () C:\Windows\System32\Tasks\{16D174B5-7194-4183-BC1B-91E7DB0E9390}
2014-03-30 01:58 - 2014-03-30 01:58 - 00002946 _____ () C:\Windows\System32\Tasks\{402DF358-6AF4-4373-89EF-E75A66BB3465}
2014-03-30 01:58 - 2014-03-30 01:58 - 00002946 _____ () C:\Windows\System32\Tasks\{1AA6B5C9-90D3-4AAC-B42B-E8D3564B03FF}
2014-03-26 14:36 - 2014-03-26 14:38 - 00009324 _____ () C:\Users\rac\Desktop\internet keys.odt
2014-03-26 14:28 - 2014-03-26 14:28 - 00000087 ____H () C:\Users\rac\Desktop\.~lock.internet doodles.odt#
2014-03-25 16:27 - 2014-03-25 16:27 - 00009078 _____ () C:\Users\rac\Desktop\internet doodles.odt
2014-03-25 14:33 - 2014-03-30 01:56 - 00000000 ____D () C:\Users\rac\AppData\Roaming\InstallX Search Protect for Yahoo
2014-03-25 14:33 - 2014-03-25 14:33 - 00000000 ____D () C:\Users\rac\AppData\Local\visi_coupon
2014-03-25 14:31 - 2014-03-25 15:00 - 00000000 ____D () C:\Program Files (x86)\Software Updater
2014-03-24 15:53 - 2014-03-24 15:53 - 00172140 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-03-24 15:08 - 2014-03-24 15:08 - 00022696 _____ () C:\ComboFix.txt
2014-03-24 12:12 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-24 12:12 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-24 12:12 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-24 12:12 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-24 12:12 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-24 12:12 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-24 12:12 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-24 12:12 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-24 12:01 - 2014-03-24 15:08 - 00000000 ____D () C:\Qoobox
2014-03-24 12:01 - 2014-03-24 12:01 - 00000000 ___RD () C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-24 12:00 - 2014-03-24 12:33 - 00000000 ____D () C:\Windows\erdnt
2014-03-24 11:57 - 2014-03-24 11:57 - 00000000 _____ () C:\Users\rac\Desktop\Combofix-file197_html.42b732h.partial
2014-03-24 11:56 - 2014-03-24 11:56 - 00256766 _____ () C:\Users\rac\Desktop\combofix.htm
2014-03-24 11:55 - 2014-03-24 11:55 - 05192353 ____R (Swearware) C:\Users\rac\Desktop\ComboFix.exe
2014-03-22 20:58 - 2014-03-22 20:58 - 00000000 ____D () C:\Program Files\Highlightly
2014-03-22 20:57 - 2014-03-22 21:00 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-03-22 20:57 - 2014-03-22 20:58 - 00000000 ____D () C:\Program Files (x86)\Highlightly
2014-03-22 20:55 - 2014-03-24 13:07 - 00000000 ____D () C:\Users\rac\AppData\Local\LPT
2014-03-22 20:55 - 2014-03-22 20:55 - 00000000 ____D () C:\Users\rac\AppData\Local\Smartbar
2014-03-22 20:54 - 2014-03-22 20:54 - 00003980 _____ () C:\Windows\System32\Tasks\TidyNetwork Update
2014-03-22 20:54 - 2014-03-22 20:54 - 00000000 ____D () C:\Users\rac\AppData\Local\TidyNetwork
2014-03-22 20:54 - 2014-03-22 20:54 - 00000000 ____D () C:\Program Files (x86)\TidyNetwork
2014-03-20 23:58 - 2014-03-20 23:58 - 00000000 ____D () C:\Windows\ERUNT
2014-03-20 23:51 - 2014-03-21 00:38 - 00010384 _____ () C:\Users\rac\Desktop\bleepingcomputer.odt
2014-03-20 23:13 - 2014-03-20 23:17 - 00000000 ____D () C:\AdwCleaner
2014-03-20 20:54 - 2014-03-20 20:54 - 00000000 ____D () C:\Users\rac\AppData\Roaming\key-find
2014-03-20 20:53 - 2014-03-20 20:53 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Activeris
2014-03-20 20:52 - 2014-03-20 20:52 - 00001118 _____ () C:\Users\Public\Desktop\Activeris AntiMalware.lnk
2014-03-20 20:52 - 2014-03-20 20:52 - 00000000 ____D () C:\ProgramData\Activeris
2014-03-20 20:52 - 2014-03-20 20:52 - 00000000 ____D () C:\Program Files (x86)\Activeris AntiMalware
2014-03-20 20:52 - 2012-09-26 19:03 - 00020480 _____ () C:\Windows\system32\acrisnative64.exe
2014-03-20 19:37 - 2014-03-20 19:37 - 00003236 _____ () C:\Windows\System32\Tasks\PC Speed Maximizer Schedule
2014-03-19 00:54 - 2014-03-19 00:54 - 02385872 _____ (Flawless Technology) C:\Users\rac\Downloads\FlawlessCodec (1).exe
2014-03-18 23:59 - 2014-03-18 23:59 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-03-18 23:26 - 2014-03-18 23:33 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Flawless Technology
2014-03-18 23:25 - 2014-03-18 23:25 - 02385872 _____ (Flawless Technology) C:\Users\rac\Downloads\FlawlessCodec.exe
2014-03-17 00:47 - 2014-03-17 01:26 - 00029891 _____ () C:\Users\rac\Desktop\Addition.txt
2014-03-17 00:20 - 2014-03-30 23:21 - 00000000 ____D () C:\FRST
2014-03-17 00:18 - 2014-03-17 00:19 - 02157056 _____ (Farbar) C:\Users\rac\Desktop\FRST64.exe
2014-03-16 23:14 - 2014-03-16 23:14 - 00003238 _____ () C:\Windows\System32\Tasks\{B2BC67B3-1024-4EBE-BA60-1EB1983D2979}
2014-03-16 15:37 - 2014-03-22 20:58 - 00002901 _____ () C:\Windows\IE11_main.log
2014-03-16 15:37 - 2014-03-18 23:06 - 00000000 ____D () C:\Users\rac\AppData\Local\5656
2014-03-16 15:36 - 2014-03-16 15:36 - 00000000 ____D () C:\Users\rac\AppData\Local\Hyper Browser
2014-03-16 03:52 - 2014-03-21 01:03 - 00000000 ___RD () C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-16 00:15 - 2014-03-16 00:15 - 00000000 ____D () C:\Users\rac\AppData\Local\Tuguu_SL
2014-03-16 00:11 - 2014-03-16 00:11 - 00004186 _____ () C:\Windows\System32\Tasks\PCSB_rac_PCSpeedBoost_RS_WeeklyTask
2014-03-16 00:11 - 2014-03-16 00:11 - 00004018 _____ () C:\Windows\System32\Tasks\PCSB_rac_PCSpeedBoost_RS_DailyTask
2014-03-16 00:11 - 2014-03-16 00:11 - 00003628 _____ () C:\Windows\System32\Tasks\PCSB_rac_PCSpeedBoost_LogonTask
2014-03-16 00:10 - 2014-03-16 00:10 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-03-16 00:10 - 2014-03-16 00:10 - 00000000 ____D () C:\Program Files (x86)\PC SpeedBoost
2014-03-16 00:06 - 2014-03-16 00:06 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Optimizer Elite Max
2014-03-16 00:01 - 2014-03-30 20:12 - 00000296 _____ () C:\Windows\Tasks\PCHelpers_period.job
2014-03-16 00:01 - 2014-03-16 00:28 - 00000296 _____ () C:\Windows\Tasks\PCHelpers1st.job
2014-03-16 00:01 - 2014-03-16 00:06 - 00002868 _____ () C:\Windows\System32\Tasks\PCHelpers_period
2014-03-16 00:01 - 2014-03-16 00:01 - 00002678 _____ () C:\Windows\System32\Tasks\PCHelpers1st
2014-03-16 00:01 - 2014-03-16 00:01 - 00000000 ____D () C:\Program Files (x86)\Optimizer Elite Max
2014-03-15 23:55 - 2014-03-15 23:55 - 00000000 ____D () C:\Users\rac\Downloads\Driver Support
2014-03-15 23:54 - 2014-03-15 23:55 - 00000000 ____D () C:\ProgramData\UAB
2014-03-15 23:54 - 2014-03-15 23:54 - 00003774 _____ () C:\Windows\System32\Tasks\Driver Support-RTMScan
2014-03-15 23:54 - 2014-03-15 23:54 - 00003768 _____ () C:\Windows\System32\Tasks\Driver Support-RTMUpdater
2014-03-15 23:54 - 2014-03-15 23:54 - 00003758 _____ () C:\Windows\System32\Tasks\Driver Support-RTMRules
2014-03-15 23:54 - 2014-03-15 23:54 - 00003458 _____ () C:\Windows\System32\Tasks\Driver Support-RTMScanRunOnce
2014-03-15 23:54 - 2014-03-15 23:54 - 00000000 ____D () C:\Users\rac\AppData\Local\PC_Drivers_Headquarters
2014-03-15 23:54 - 2014-03-15 23:54 - 00000000 ____D () C:\ProgramData\Driver Support
2014-03-15 23:53 - 2014-03-15 23:53 - 00002261 _____ () C:\Users\Public\Desktop\Driver Support.lnk
2014-03-15 23:53 - 2014-03-15 23:53 - 00000000 ____D () C:\Program Files (x86)\Driver Support
2014-03-15 05:05 - 2014-03-15 05:05 - 00001043 _____ () C:\Users\rac\Desktop\Continue VuuPC Installation.lnk
2014-03-14 15:38 - 2014-03-14 15:38 - 00000000 ____D () C:\Users\rac\AppData\Local\WinRST
2014-03-14 15:38 - 2014-03-14 15:38 - 00000000 ____D () C:\Program Files (x86)\WinRST
2014-03-14 15:37 - 2014-03-14 15:37 - 00000000 ____D () C:\Users\rac\AppData\Roaming\ContentExplorer
2014-03-14 15:19 - 2014-03-30 23:06 - 00000000 ____D () C:\Program Files (x86)\SmartMediaConverter
2014-03-14 15:19 - 2014-03-14 15:19 - 00000000 ____D () C:\Users\rac\AppData\Roaming\SmartMediaConverter
2014-03-14 15:18 - 2014-03-14 15:18 - 00000000 ____D () C:\Program Files (x86)\Convert Files for Free
2014-03-14 14:57 - 2014-03-27 19:22 - 00000448 ____H () C:\Windows\Tasks\Norton Security Scan for rac.job
2014-03-14 14:57 - 2014-03-20 19:25 - 00000112 _____ () C:\Users\rac\AppData\Roaming\WB.CFG
2014-03-14 14:57 - 2014-03-14 14:57 - 00003598 _____ () C:\Windows\System32\Tasks\Norton Security Scan for rac
2014-03-14 14:57 - 2014-03-14 14:57 - 00000000 ____D () C:\Users\rac\AppData\Local\IsolatedStorage
2014-03-14 14:57 - 2014-03-14 14:57 - 00000000 ____D () C:\ProgramData\Symantec
2014-03-14 14:56 - 2014-03-22 20:15 - 00000000 ____D () C:\Program Files (x86)\Video-Saver-soft
2014-03-14 14:56 - 2014-03-14 14:56 - 00000000 ____D () C:\Windows\system32\Drivers\NSSx64
2014-03-14 14:56 - 2014-03-14 14:56 - 00000000 ____D () C:\Program Files\Quiknowledge
2014-03-14 14:56 - 2014-03-14 14:56 - 00000000 ____D () C:\Program Files (x86)\Norton Security Scan
2014-03-14 14:47 - 2014-03-14 14:47 - 00001929 _____ () C:\Users\rac\Desktop\Sync Folder.lnk
2014-03-14 14:45 - 2014-03-14 14:48 - 00000161 _____ () C:\Users\rac\AppData\Roaming\aps.uninstall.scan.results
2014-03-06 22:53 - 2014-03-16 06:43 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-06 22:53 - 2014-03-06 22:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 22:53 - 2014-03-06 22:53 - 00000000 ____D () C:\Users\rac\AppData\Local\Skype
2014-03-04 23:26 - 2014-03-04 23:26 - 00000000 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log

==================== One Month Modified Files and Folders =======

2014-03-30 23:21 - 2014-03-30 23:21 - 00020739 _____ () C:\Users\rac\Desktop\FRST.txt
2014-03-30 23:21 - 2014-03-17 00:20 - 00000000 ____D () C:\FRST
2014-03-30 23:21 - 2012-04-28 06:04 - 00000000 ____D () C:\Users\rac\AppData\Roaming\mIRC
2014-03-30 23:20 - 2012-06-03 03:08 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Skype
2014-03-30 23:20 - 2012-04-30 13:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-30 23:06 - 2014-03-14 15:19 - 00000000 ____D () C:\Program Files (x86)\SmartMediaConverter
2014-03-30 22:31 - 2009-07-14 00:51 - 00068742 _____ () C:\Windows\setupact.log
2014-03-30 22:16 - 2010-05-25 18:54 - 01730562 _____ () C:\Windows\WindowsUpdate.log
2014-03-30 20:47 - 2009-07-14 00:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-30 20:47 - 2009-07-14 00:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-30 20:41 - 2012-03-05 00:57 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{446804D8-324D-4E2F-823D-D8FDE34A93D6}
2014-03-30 20:37 - 2012-04-28 05:54 - 00000398 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2014-03-30 20:37 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-30 20:12 - 2014-03-16 00:01 - 00000296 _____ () C:\Windows\Tasks\PCHelpers_period.job
2014-03-30 19:54 - 2012-05-06 22:39 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-30 02:00 - 2014-03-30 02:00 - 00002946 _____ () C:\Windows\System32\Tasks\{46A2F195-46D2-40D5-AA04-EBC1641CC11D}
2014-03-30 01:59 - 2014-03-30 01:59 - 00002946 _____ () C:\Windows\System32\Tasks\{D81A5431-3C67-4854-8FAB-A35108D243F5}
2014-03-30 01:59 - 2014-03-30 01:59 - 00002946 _____ () C:\Windows\System32\Tasks\{1F9A7692-9776-497F-8E11-7FB0CBEF6FCF}
2014-03-30 01:59 - 2014-03-30 01:59 - 00002946 _____ () C:\Windows\System32\Tasks\{16D174B5-7194-4183-BC1B-91E7DB0E9390}
2014-03-30 01:58 - 2014-03-30 01:58 - 00002946 _____ () C:\Windows\System32\Tasks\{402DF358-6AF4-4373-89EF-E75A66BB3465}
2014-03-30 01:58 - 2014-03-30 01:58 - 00002946 _____ () C:\Windows\System32\Tasks\{1AA6B5C9-90D3-4AAC-B42B-E8D3564B03FF}
2014-03-30 01:56 - 2014-03-25 14:33 - 00000000 ____D () C:\Users\rac\AppData\Roaming\InstallX Search Protect for Yahoo
2014-03-27 19:22 - 2014-03-14 14:57 - 00000448 ____H () C:\Windows\Tasks\Norton Security Scan for rac.job
2014-03-26 14:38 - 2014-03-26 14:36 - 00009324 _____ () C:\Users\rac\Desktop\internet keys.odt
2014-03-26 14:28 - 2014-03-26 14:28 - 00000087 ____H () C:\Users\rac\Desktop\.~lock.internet doodles.odt#
2014-03-26 14:28 - 2012-05-11 04:05 - 00000000 ____D () C:\Users\rac\AppData\Local\CrashDumps
2014-03-25 22:43 - 2012-04-28 05:42 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-03-25 22:43 - 2010-05-25 18:56 - 00252752 _____ () C:\Windows\PFRO.log
2014-03-25 16:27 - 2014-03-25 16:27 - 00009078 _____ () C:\Users\rac\Desktop\internet doodles.odt
2014-03-25 15:00 - 2014-03-25 14:31 - 00000000 ____D () C:\Program Files (x86)\Software Updater
2014-03-25 14:41 - 2012-04-28 05:42 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-03-25 14:33 - 2014-03-25 14:33 - 00000000 ____D () C:\Users\rac\AppData\Local\visi_coupon
2014-03-25 05:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-24 15:53 - 2014-03-24 15:53 - 00172140 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-03-24 15:12 - 2012-04-28 06:04 - 00000000 ____D () C:\Program Files (x86)\mIRC
2014-03-24 15:08 - 2014-03-24 15:08 - 00022696 _____ () C:\ComboFix.txt
2014-03-24 15:08 - 2014-03-24 12:01 - 00000000 ____D () C:\Qoobox
2014-03-24 15:04 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-24 13:07 - 2014-03-22 20:55 - 00000000 ____D () C:\Users\rac\AppData\Local\LPT
2014-03-24 12:33 - 2014-03-24 12:00 - 00000000 ____D () C:\Windows\erdnt
2014-03-24 12:01 - 2014-03-24 12:01 - 00000000 ___RD () C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-24 11:57 - 2014-03-24 11:57 - 00000000 _____ () C:\Users\rac\Desktop\Combofix-file197_html.42b732h.partial
2014-03-24 11:56 - 2014-03-24 11:56 - 00256766 _____ () C:\Users\rac\Desktop\combofix.htm
2014-03-24 11:55 - 2014-03-24 11:55 - 05192353 ____R (Swearware) C:\Users\rac\Desktop\ComboFix.exe
2014-03-24 11:53 - 2013-09-08 12:25 - 00000290 _____ () C:\Windows\SysWOW64\usergui.cfg
2014-03-24 11:53 - 2012-10-18 11:30 - 00004491 _____ () C:\Windows\SysWOW64\userawacs.cfg
2014-03-24 11:52 - 2013-10-06 17:26 - 00000844 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-22 21:00 - 2014-03-22 20:57 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-03-22 20:58 - 2014-03-22 20:58 - 00000000 ____D () C:\Program Files\Highlightly
2014-03-22 20:58 - 2014-03-22 20:57 - 00000000 ____D () C:\Program Files (x86)\Highlightly
2014-03-22 20:58 - 2014-03-16 15:37 - 00002901 _____ () C:\Windows\IE11_main.log
2014-03-22 20:55 - 2014-03-22 20:55 - 00000000 ____D () C:\Users\rac\AppData\Local\Smartbar
2014-03-22 20:54 - 2014-03-22 20:54 - 00003980 _____ () C:\Windows\System32\Tasks\TidyNetwork Update
2014-03-22 20:54 - 2014-03-22 20:54 - 00000000 ____D () C:\Users\rac\AppData\Local\TidyNetwork
2014-03-22 20:54 - 2014-03-22 20:54 - 00000000 ____D () C:\Program Files (x86)\TidyNetwork
2014-03-22 20:15 - 2014-03-14 14:56 - 00000000 ____D () C:\Program Files (x86)\Video-Saver-soft
2014-03-21 01:03 - 2014-03-16 03:52 - 00000000 ___RD () C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 00:38 - 2014-03-20 23:51 - 00010384 _____ () C:\Users\rac\Desktop\bleepingcomputer.odt
2014-03-21 00:04 - 2012-04-28 05:52 - 00000000 ____D () C:\Program Files (x86)\Winferno
2014-03-20 23:58 - 2014-03-20 23:58 - 00000000 ____D () C:\Windows\ERUNT
2014-03-20 23:17 - 2014-03-20 23:13 - 00000000 ____D () C:\AdwCleaner
2014-03-20 20:54 - 2014-03-20 20:54 - 00000000 ____D () C:\Users\rac\AppData\Roaming\key-find
2014-03-20 20:53 - 2014-03-20 20:53 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Activeris
2014-03-20 20:52 - 2014-03-20 20:52 - 00001118 _____ () C:\Users\Public\Desktop\Activeris AntiMalware.lnk
2014-03-20 20:52 - 2014-03-20 20:52 - 00000000 ____D () C:\ProgramData\Activeris
2014-03-20 20:52 - 2014-03-20 20:52 - 00000000 ____D () C:\Program Files (x86)\Activeris AntiMalware
2014-03-20 19:37 - 2014-03-20 19:37 - 00003236 _____ () C:\Windows\System32\Tasks\PC Speed Maximizer Schedule
2014-03-20 19:25 - 2014-03-14 14:57 - 00000112 _____ () C:\Users\rac\AppData\Roaming\WB.CFG
2014-03-20 15:01 - 2013-11-03 19:01 - 00001350 _____ () C:\Users\rac\Desktop\Clean Registry for Free!.lnk
2014-03-19 03:04 - 2013-09-08 06:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 03:01 - 2012-05-10 09:15 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-19 00:54 - 2014-03-19 00:54 - 02385872 _____ (Flawless Technology) C:\Users\rac\Downloads\FlawlessCodec (1).exe
2014-03-18 23:59 - 2014-03-18 23:59 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-03-18 23:33 - 2014-03-18 23:26 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Flawless Technology
2014-03-18 23:25 - 2014-03-18 23:25 - 02385872 _____ (Flawless Technology) C:\Users\rac\Downloads\FlawlessCodec.exe
2014-03-18 23:06 - 2014-03-16 15:37 - 00000000 ____D () C:\Users\rac\AppData\Local\5656
2014-03-17 01:26 - 2014-03-17 00:47 - 00029891 _____ () C:\Users\rac\Desktop\Addition.txt
2014-03-17 00:19 - 2014-03-17 00:18 - 02157056 _____ (Farbar) C:\Users\rac\Desktop\FRST64.exe
2014-03-16 23:14 - 2014-03-16 23:14 - 00003238 _____ () C:\Windows\System32\Tasks\{B2BC67B3-1024-4EBE-BA60-1EB1983D2979}
2014-03-16 15:36 - 2014-03-16 15:36 - 00000000 ____D () C:\Users\rac\AppData\Local\Hyper Browser
2014-03-16 06:43 - 2014-03-06 22:53 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-16 06:43 - 2012-06-03 03:07 - 00000000 ____D () C:\ProgramData\Skype
2014-03-16 05:42 - 2012-08-15 01:22 - 00000000 ____D () C:\Users\rac\AppData\Local\Windows Live
2014-03-16 05:39 - 2012-10-29 21:31 - 00000000 ____D () C:\Users\rac\AppData\Local\Windows Live Writer
2014-03-16 04:18 - 2009-10-31 04:19 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-16 02:10 - 2009-10-31 05:49 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-03-16 00:28 - 2014-03-16 00:01 - 00000296 _____ () C:\Windows\Tasks\PCHelpers1st.job
2014-03-16 00:15 - 2014-03-16 00:15 - 00000000 ____D () C:\Users\rac\AppData\Local\Tuguu_SL
2014-03-16 00:11 - 2014-03-16 00:11 - 00004186 _____ () C:\Windows\System32\Tasks\PCSB_rac_PCSpeedBoost_RS_WeeklyTask
2014-03-16 00:11 - 2014-03-16 00:11 - 00004018 _____ () C:\Windows\System32\Tasks\PCSB_rac_PCSpeedBoost_RS_DailyTask
2014-03-16 00:11 - 2014-03-16 00:11 - 00003628 _____ () C:\Windows\System32\Tasks\PCSB_rac_PCSpeedBoost_LogonTask
2014-03-16 00:10 - 2014-03-16 00:10 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-03-16 00:10 - 2014-03-16 00:10 - 00000000 ____D () C:\Program Files (x86)\PC SpeedBoost
2014-03-16 00:06 - 2014-03-16 00:06 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Optimizer Elite Max
2014-03-16 00:06 - 2014-03-16 00:01 - 00002868 _____ () C:\Windows\System32\Tasks\PCHelpers_period
2014-03-16 00:01 - 2014-03-16 00:01 - 00002678 _____ () C:\Windows\System32\Tasks\PCHelpers1st
2014-03-16 00:01 - 2014-03-16 00:01 - 00000000 ____D () C:\Program Files (x86)\Optimizer Elite Max
2014-03-15 23:55 - 2014-03-15 23:55 - 00000000 ____D () C:\Users\rac\Downloads\Driver Support
2014-03-15 23:55 - 2014-03-15 23:54 - 00000000 ____D () C:\ProgramData\UAB
2014-03-15 23:54 - 2014-03-15 23:54 - 00003774 _____ () C:\Windows\System32\Tasks\Driver Support-RTMScan
2014-03-15 23:54 - 2014-03-15 23:54 - 00003768 _____ () C:\Windows\System32\Tasks\Driver Support-RTMUpdater
2014-03-15 23:54 - 2014-03-15 23:54 - 00003758 _____ () C:\Windows\System32\Tasks\Driver Support-RTMRules
2014-03-15 23:54 - 2014-03-15 23:54 - 00003458 _____ () C:\Windows\System32\Tasks\Driver Support-RTMScanRunOnce
2014-03-15 23:54 - 2014-03-15 23:54 - 00000000 ____D () C:\Users\rac\AppData\Local\PC_Drivers_Headquarters
2014-03-15 23:54 - 2014-03-15 23:54 - 00000000 ____D () C:\ProgramData\Driver Support
2014-03-15 23:53 - 2014-03-15 23:53 - 00002261 _____ () C:\Users\Public\Desktop\Driver Support.lnk
2014-03-15 23:53 - 2014-03-15 23:53 - 00000000 ____D () C:\Program Files (x86)\Driver Support
2014-03-15 23:38 - 2012-02-06 15:11 - 00094120 _____ () C:\Users\rac\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-15 23:38 - 2009-07-14 00:45 - 00389424 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-15 17:24 - 2014-02-18 23:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-15 17:24 - 2012-04-28 05:42 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Mozilla
2014-03-15 17:15 - 2009-10-31 06:10 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-03-15 17:14 - 2012-03-15 19:56 - 00000000 ____D () C:\Users\rac\AppData\Local\Facebook
2014-03-15 05:05 - 2014-03-15 05:05 - 00001043 _____ () C:\Users\rac\Desktop\Continue VuuPC Installation.lnk
2014-03-15 04:59 - 2012-05-06 23:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 04:59 - 2012-05-06 23:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 15:38 - 2014-03-14 15:38 - 00000000 ____D () C:\Users\rac\AppData\Local\WinRST
2014-03-14 15:38 - 2014-03-14 15:38 - 00000000 ____D () C:\Program Files (x86)\WinRST
2014-03-14 15:37 - 2014-03-14 15:37 - 00000000 ____D () C:\Users\rac\AppData\Roaming\ContentExplorer
2014-03-14 15:19 - 2014-03-14 15:19 - 00000000 ____D () C:\Users\rac\AppData\Roaming\SmartMediaConverter
2014-03-14 15:18 - 2014-03-14 15:18 - 00000000 ____D () C:\Program Files (x86)\Convert Files for Free
2014-03-14 14:57 - 2014-03-14 14:57 - 00003598 _____ () C:\Windows\System32\Tasks\Norton Security Scan for rac
2014-03-14 14:57 - 2014-03-14 14:57 - 00000000 ____D () C:\Users\rac\AppData\Local\IsolatedStorage
2014-03-14 14:57 - 2014-03-14 14:57 - 00000000 ____D () C:\ProgramData\Symantec
2014-03-14 14:56 - 2014-03-14 14:56 - 00000000 ____D () C:\Windows\system32\Drivers\NSSx64
2014-03-14 14:56 - 2014-03-14 14:56 - 00000000 ____D () C:\Program Files\Quiknowledge
2014-03-14 14:56 - 2014-03-14 14:56 - 00000000 ____D () C:\Program Files (x86)\Norton Security Scan
2014-03-14 14:56 - 2010-05-25 19:10 - 00000000 ____D () C:\ProgramData\Norton
2014-03-14 14:48 - 2014-03-14 14:45 - 00000161 _____ () C:\Users\rac\AppData\Roaming\aps.uninstall.scan.results
2014-03-14 14:47 - 2014-03-14 14:47 - 00001929 _____ () C:\Users\rac\Desktop\Sync Folder.lnk
2014-03-13 13:20 - 2012-04-30 13:25 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-13 13:20 - 2012-04-30 13:25 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-13 13:20 - 2012-03-18 08:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 20:11 - 2009-07-14 01:13 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-07 03:10 - 2012-09-02 00:05 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Winamp
2014-03-06 22:53 - 2014-03-06 22:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 22:53 - 2014-03-06 22:53 - 00000000 ____D () C:\Users\rac\AppData\Local\Skype
2014-03-04 23:26 - 2014-03-04 23:26 - 00000000 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-04 23:26 - 2013-09-20 10:06 - 00000000 ____D () C:\Program Files (x86)\Java

Some content of TEMP:
====================
C:\Users\rac\AppData\Local\Temp\air49F9.exe
C:\Users\rac\AppData\Local\Temp\searchprotector.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-26 17:33

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by rac at 2014-03-17 01:19:23
Running from C:\Users\rac\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG Internet Security 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

ATI Catalyst Install Manager (HKLM\...\{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4335 - AVG Technologies)
AVG 2014 (Version: 14.0.3722 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4335 - AVG Technologies) Hidden
ccc-utility64 (Version: 2009.0804.2223.38385 - ATI) Hidden
Java™ 6 Update 15 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416015FF}) (Version: 6.0.150 - Sun Microsystems, Inc.)
Java™ SE Development Kit 6 Update 15 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160150}) (Version: 1.6.0.150 - Sun Microsystems, Inc.)
LK Maintenance (HKLM-x32\...\{4ACD145C-665E-40CC-89A0-A3213D761571}) (Version: 1.0 - LK Maintenance)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.11.11.7 - Conduit) <==== ATTENTION
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version:  - )
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - )
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

07-03-2014 08:00:19 Windows Update
09-03-2014 08:00:20 Windows Update
11-03-2014 09:11:52 Windows Update
12-03-2014 07:00:32 Windows Update
13-03-2014 16:40:53 Windows Defender Checkpoint
14-03-2014 16:24:30 Windows Update
15-03-2014 21:10:16 Removed Facebook Video Calling 2.0.0.447
15-03-2014 21:14:55 Configured LabelPrint
15-03-2014 21:31:16 Configured SlingPlayer
15-03-2014 23:08:10 Configured SlingPlayer
16-03-2014 06:05:46 Removed Acrobat.com
16-03-2014 08:39:39 Removed Visual Studio 2010 x64 Redistributables

==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-03-14 15:38 - 00008953 ____A C:\Windows\system32\Drivers\etc\hosts
216.239.32.20 google.com www.google.com
216.239.32.20 google.com www.google.ad
216.239.32.20 google.com www.google.ae
216.239.32.20 google.com www.google.com.af
216.239.32.20 google.com www.google.com.ag
216.239.32.20 google.com www.google.com.ai
216.239.32.20 google.com www.google.al
216.239.32.20 google.com www.google.am
216.239.32.20 google.com www.google.co.ao
216.239.32.20 google.com www.google.com.ar
216.239.32.20 google.com www.google.as
216.239.32.20 google.com www.google.at
216.239.32.20 google.com www.google.com.au
216.239.32.20 google.com www.google.az
216.239.32.20 google.com www.google.ba
216.239.32.20 google.com www.google.com.bd
216.239.32.20 google.com www.google.be
216.239.32.20 google.com www.google.bf
216.239.32.20 google.com www.google.bg
216.239.32.20 google.com www.google.com.bh
216.239.32.20 google.com www.google.bi
216.239.32.20 google.com www.google.bj
216.239.32.20 google.com www.google.com.bn
216.239.32.20 google.com www.google.com.bo
216.239.32.20 google.com www.google.com.br
216.239.32.20 google.com www.google.bs
216.239.32.20 google.com www.google.bt
216.239.32.20 google.com www.google.co.bw
216.239.32.20 google.com www.google.by

There are 162 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {07933784-EB5C-4D30-A371-426512076F64} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1050774876-1090009769-560395148-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {0B16131D-2E87-4E2A-BE47-A8C0E1DDF780} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1050774876-1090009769-560395148-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {15483BC5-643A-4F6B-8B45-FEBFCE068448} - System32\Tasks\media enhance-codedownloader => C:\Program Files (x86)\media enhance\media enhance-codedownloader.exe [2014-03-14] (freeven)
Task: {1AFC7C12-BB52-4757-ACB7-628B27904836} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2012-09-05] (Systweak Inc) <==== ATTENTION
Task: {236A3DCF-5AB2-41D2-86CB-925CFDF713F8} - System32\Tasks\AmiUpdXp => C:\Users\rac\AppData\Local\5656\a17911.exe [2014-03-16] () <==== ATTENTION
Task: {237470C4-7F28-46C9-B19C-66DD7F29B63F} - System32\Tasks\media enhance-enabler => C:\Program Files (x86)\media enhance\media enhance-enabler.exe [2014-03-14] (freeven) <==== ATTENTION
Task: {25C9AB7A-A964-4834-BA2D-656B8B7101B7} - System32\Tasks\{4E842F74-69E7-4AB7-B4EC-CE94E6AAD446} => Firefox.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {26E1959D-F0B6-48D3-ACA3-B3DE21DAB463} - System32\Tasks\RPCReminder => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RPCReminder.exe [2012-02-08] (Winferno Software)
Task: {30AFFE3D-0876-478A-9DB0-22C6FD1E6AE2} - System32\Tasks\PCSB_rac_PCSpeedBoost_LogonTask => C:\Program Files (x86)\PC SpeedBoost\PCSpeedBoost.exe [2014-03-05] ()
Task: {32C8E359-EBB3-4EA8-9F6B-F04B1B142AAB} - System32\Tasks\Driver Support-RTMScanRunOnce => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-03-13] (PC Drivers Headquarters)
Task: {4CFCDE59-B4E6-41C2-B44E-8AE7016F1B97} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-03-14] (SaveSense) <==== ATTENTION
Task: {5047D0FD-610B-4426-830D-1135E99E68F3} - System32\Tasks\{6F53C8F8-971B-40BD-837E-C3E567188CF8} => Firefox.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {522E5F20-B056-4796-8F2D-9D35AC892BEA} - System32\Tasks\Norton Security Scan for rac => C:\Program Files (x86)\Norton Security Scan\Engine\4.0.1.16\Nss.exe [2013-05-07] (Symantec Corporation)
Task: {5F9DC12D-7743-4426-9F9B-A779070F7239} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-03-14] (SaveSense) <==== ATTENTION
Task: {643AC9FC-34E7-492E-8275-5A7026CFFACA} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe [2012-07-20] (Systweak Inc                                                ) <==== ATTENTION
Task: {64E2533E-B665-43D2-ABC4-01EBCF70233E} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2012-09-05] (Systweak Inc) <==== ATTENTION
Task: {657E092D-04A8-43A0-9280-4C2555C5DF9E} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1050774876-1090009769-560395148-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {68AC0493-BA60-40E4-B9E3-2D9ACDC944FB} - System32\Tasks\media enhance-updater => C:\Program Files (x86)\media enhance\media enhance-updater.exe [2014-03-14] (freeven)
Task: {6B822348-FCD2-49F4-ABA5-A1444574C3E8} - System32\Tasks\PCSB_rac_PCSpeedBoost_RS_DailyTask => C:\Program Files (x86)\PC SpeedBoost\PCSpeedBoost.exe [2014-03-05] ()
Task: {6B8C2E5B-38FE-49FA-A9AC-CDF77222B5E4} - System32\Tasks\PC Optimizer Pro Updates => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {74CE516B-89BD-4558-A0E8-6952AE9A9C47} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1050774876-1090009769-560395148-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {753DB9F6-81C0-474C-8651-64DB850A814A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {7A35E2E8-A38C-4FDF-A7A2-00F048242258} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {7E27EE74-1C3B-4629-B002-4048CD5F712F} - System32\Tasks\PCHelpers_period => C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe [2014-01-03] (Viracure Limited)
Task: {9081B060-6C1F-4342-8F83-3F9B5981B62D} - System32\Tasks\media enhance-firefoxinstaller => C:\Program Files (x86)\media enhance\media enhance-firefoxinstaller.exe [2014-03-14] (freeven)
Task: {965D2B2C-3371-479D-A123-F7404ECEF363} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {975D3631-B635-41AB-A3EE-E9EAC22FF6F6} - System32\Tasks\PCSB_rac_PCSpeedBoost_LG_DailyTask => C:\Program Files (x86)\PC SpeedBoost\PCSpeedBoost.exe [2014-03-05] ()
Task: {9A212980-8973-4FF4-959A-D19F072B2217} - System32\Tasks\RegPowerClean => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2012-02-08] (Capital Intellect Inc)
Task: {9DB3A6BC-B2C3-42AB-A16D-CD1B4604F285} - System32\Tasks\SaveSense => C:\Users\rac\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {A7B94868-9C5D-4DFC-8457-3782D2DFBFFB} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-03-13] (PC Drivers Headquarters)
Task: {AAB87745-D95D-491B-925F-A2BA99AA5C4C} - System32\Tasks\PCHelpers1st => C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe [2014-01-03] (Viracure Limited)
Task: {AC47BDC9-AC7B-4187-993D-A02FAF430484} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2013-05-24] (Systweak) <==== ATTENTION
Task: {AD1B109A-71F8-4844-88A4-B54F11886B9F} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {B2D0DE20-A62B-4A5E-A6FC-1699EB7D045A} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-03-13] (PC Drivers Headquarters)
Task: {B579AA19-55C2-4F91-93B4-B60950462BB8} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-11] (Bitberry Software)
Task: {BDDE2443-E55D-4B41-986A-B2B5C492075D} - System32\Tasks\PCSB_rac_PCSpeedBoost_RS_WeeklyTask => C:\Program Files (x86)\PC SpeedBoost\PCSpeedBoost.exe [2014-03-05] ()
Task: {C8CCE008-2776-4747-B8D9-78C3068433F4} - System32\Tasks\{EFAE00DD-42DE-4D04-88FB-A0C2592C84E2} => Firefox.exe http://ui.skype.com/ui/0/6.3.73.105.456/en/abandoninstall?page=tsWLM
Task: {CA1B226C-B8CD-4ACB-B6DD-C6C78FFDBA35} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1050774876-1090009769-560395148-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CA9E0708-E17A-4778-9058-44D82B5D4112} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-03-13] (PC Drivers Headquarters)
Task: {DAE4A4D5-9C98-47DF-BAFA-71C89104F982} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2012-09-05] (Systweak Inc) <==== ATTENTION
Task: {DBBC6EDE-34AA-4D6E-A83E-A24C92B364A4} - System32\Tasks\media enhance-chromeinstaller => C:\Program Files (x86)\media enhance\media enhance-chromeinstaller.exe [2014-03-14] (freeven)
Task: {E3D552DF-4EAA-4A11-B2B9-DC8EDAF38F96} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2012-02-29] (Trusted Software ApS) <==== ATTENTION
Task: {E4C54893-59B5-43F0-9F1E-77EEA9BADFD8} - System32\Tasks\Video-Saver_wd => C:\Program Files (x86)\Video-Saver-soft\video-saver_wd.exe [2014-03-14] ()
Task: {F8BB600F-B2BC-4276-974C-4A094011F5BB} - System32\Tasks\Video-Saver Update => C:\Program Files (x86)\Video-Saver-soft\Video.exe [2014-03-14] ()
Task: {F8FA0AEE-278C-4632-AD3D-D3C9CA129452} - System32\Tasks\FF Watcher {A607C5A1-0C6E-42E0-89AB-3735F99C8659} => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\rac\AppData\Local\5656\a17911.exe <==== ATTENTION
Task: C:\Windows\Tasks\FF Watcher {A607C5A1-0C6E-42E0-89AB-3735F99C8659}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
Task: C:\Windows\Tasks\media enhance-chromeinstaller.job => C:\Program Files (x86)\media enhance\media enhance-chromeinstaller.exe
Task: C:\Windows\Tasks\media enhance-codedownloader.job => C:\Program Files (x86)\media enhance\media enhance-codedownloader.exe
Task: C:\Windows\Tasks\media enhance-enabler.job => C:\Program Files (x86)\media enhance\media enhance-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\media enhance-firefoxinstaller.job => C:\Program Files (x86)\media enhance\media enhance-firefoxinstaller.exe
Task: C:\Windows\Tasks\media enhance-updater.job => C:\Program Files (x86)\media enhance\media enhance-updater.exe
Task: C:\Windows\Tasks\Norton Security Scan for rac.job => C:\PROGRA~2\NORTON~2\Engine\401~1.16\Nss.exe
Task: C:\Windows\Tasks\PC Optimizer Pro Updates.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\PCHelpers1st.job => C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe
Task: C:\Windows\Tasks\PCHelpers_period.job => C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegPowerClean.job => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RegPowerClean.exe
Task: C:\Windows\Tasks\RPCReminder.job => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RPCReminder.exe
Task: C:\Windows\Tasks\SaveSense.job => C:\Users\rac\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\Video-Saver Update.job => C:\Program Files (x86)\Video-Saver-soft\Video.exe
Task: C:\Windows\Tasks\Video-Saver_wd.job => C:\Program Files (x86)\Video-Saver-soft\video-saver_wd.exe

==================== Loaded Modules (whitelisted) =============

2014-03-14 14:42 - 2014-03-14 14:42 - 02681648 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll
2014-03-14 14:56 - 2014-03-14 14:56 - 00093696 _____ () C:\Program Files (x86)\Video-Saver-soft\video-saver_wd.exe
2014-01-28 06:21 - 2014-01-28 06:21 - 00252928 _____ () C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
2014-03-10 10:39 - 2014-03-10 10:39 - 00011776 _____ () C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
2014-03-14 15:38 - 2014-02-20 15:33 - 00052568 _____ () C:\Users\rac\AppData\Local\PirritSuggestor\PirritService.exe
2013-08-14 18:19 - 2013-08-14 18:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2009-10-31 06:15 - 2009-07-06 15:20 - 00247152 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-03-14 15:38 - 2014-02-26 17:42 - 00059904 _____ () C:\Program Files (x86)\WinRST\WinRST.exe
2014-03-14 15:38 - 2014-02-20 15:33 - 00191320 _____ () C:\Users\rac\AppData\Local\PirritSuggestor\PirritDesktop.exe
2014-03-14 14:41 - 2014-03-10 12:18 - 03234256 _____ () C:\Users\rac\AppData\Local\fst_us_11\upfst_us_11.exe
2014-03-13 12:37 - 2014-03-13 12:37 - 00428416 _____ () C:\Program Files (x86)\Driver Support\Driver Support\Agent.Communication.XmlSerializers.dll
2014-02-27 13:41 - 2014-02-27 13:41 - 00442816 _____ () C:\Program Files (x86)\SmartMediaConverter\SmartMediaConverterApp.exe
2014-02-14 10:37 - 2014-02-14 10:37 - 00076560 _____ () C:\Users\rac\AppData\Roaming\LVMaintenance\LVMaintenance.exe
2014-02-27 13:41 - 2014-02-27 13:41 - 00165824 _____ () C:\Program Files (x86)\SmartMediaConverter\SmartMediaConverterBrowser.exe
2014-03-05 12:15 - 2014-03-05 12:15 - 07457136 _____ () C:\Program Files (x86)\PC SpeedBoost\PCSpeedBoost.exe
2014-03-14 14:56 - 2014-03-14 14:56 - 00195072 _____ () C:\Program Files (x86)\Video-Saver-soft\video-saver157.exe
2014-03-14 14:42 - 2014-03-14 14:42 - 02961368 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
2014-03-14 14:42 - 2014-03-14 14:42 - 00186496 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll
2013-10-15 06:46 - 2012-07-25 15:03 - 00886272 _____ () C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll
2013-10-15 06:46 - 2013-05-24 16:13 - 01730928 _____ () C:\Program Files (x86)\Advanced System Protector\aspsys.dll
2014-01-22 04:34 - 2014-01-22 04:34 - 00732160 _____ () C:\Program Files (x86)\PC SpeedBoost\libGLESv2.dll
2013-12-18 08:15 - 2013-12-18 08:15 - 00854016 _____ () C:\Program Files (x86)\PC SpeedBoost\platforms\qwindows.dll
2014-01-22 04:35 - 2014-01-22 04:35 - 00047104 _____ () C:\Program Files (x86)\PC SpeedBoost\libEGL.dll
2013-06-15 12:34 - 2013-06-15 12:34 - 00022016 _____ () C:\Program Files (x86)\PC SpeedBoost\imageformats\qgif.dll
2013-06-15 12:34 - 2013-06-15 12:34 - 00021504 _____ () C:\Program Files (x86)\PC SpeedBoost\imageformats\qico.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\rac\Downloads\RESUME S. DANIELLE WILSON.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Astrology Home Page Guard 64 bit => "C:\PROGRA~2\ASTROL~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: Astrology Search Scope Monitor => "C:\PROGRA~2\ASTROL~2\bar\1.bin\4asrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: Astrology_4a Browser Plugin Loader => C:\PROGRA~2\ASTROL~2\bar\1.bin\4abrmon.exe
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: Exetender => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
MSCONFIG\startupreg: Facebook Update => "C:\Users\rac\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Iminent => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
MSCONFIG\startupreg: IminentMessenger => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: VideoDownloadConverter Home Page Guard 64 bit => "C:\PROGRA~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: VideoDownloadConverter Search Scope Monitor => "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: VideoDownloadConverter_4z Browser Plugin Loader => C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbrmon.exe
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
MSCONFIG\startupreg: WirelessAssistant => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/17/2014 01:20:46 AM) (Source: ConvertFilesforFree) (User: )
Description: Can't parse JSON update object

Error: (03/17/2014 01:04:53 AM) (Source: ConvertFilesforFree) (User: )
Description: Can't parse JSON update object

Error: (03/17/2014 00:59:15 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1dd8

Start Time: 01cf419031132512

Termination Time: 1133

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (03/17/2014 00:48:44 AM) (Source: ConvertFilesforFree) (User: )
Description: Can't parse JSON update object

Error: (03/17/2014 00:32:58 AM) (Source: ConvertFilesforFree) (User: )
Description: Can't parse JSON update object

Error: (03/17/2014 00:17:07 AM) (Source: ConvertFilesforFree) (User: )
Description: Can't parse JSON update object

Error: (03/17/2014 00:01:10 AM) (Source: ConvertFilesforFree) (User: )
Description: Can't parse JSON update object

Error: (03/16/2014 11:55:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 6.14.0.104, time stamp: 0x52f90e3e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x05f2951e
Faulting process id: 0x1438
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (03/16/2014 11:53:33 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b10

Start Time: 01cf418c8a442c0f

Termination Time: 741

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (03/16/2014 11:46:50 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 154c

Start Time: 01cf415b58057980

Termination Time: 10221

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

System errors:
=============
Error: (03/16/2014 10:48:57 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (03/16/2014 03:37:01 PM) (Source: Service Control Manager) (User: )
Description: The PirritUpdater service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/16/2014 03:23:02 PM) (Source: Service Control Manager) (User: )
Description: The WinRST service hung on starting.

Error: (03/16/2014 03:23:02 PM) (Source: Service Control Manager) (User: )
Description: The PirritUpdater service hung on starting.

Error: (03/16/2014 03:23:02 PM) (Source: Service Control Manager) (User: )
Description: The PirritDesktop service hung on starting.

Error: (03/16/2014 03:21:33 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgfws service.

Error: (03/16/2014 03:21:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%1053

Error: (03/16/2014 03:21:07 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

Error: (03/16/2014 03:20:44 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.

Error: (03/16/2014 03:20:19 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 70%
Total physical RAM: 1788.2 MB
Available physical RAM: 521.25 MB
Total Pagefile: 5218.15 MB
Available Pagefile: 1929.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:135.29 GB) (Free:87.9 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:13.47 GB) (Free:2.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 7C072C8A)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=135 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,351 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:45 AM

Posted 31 March 2014 - 09:10 AM

Hello purrpurrppurr3



I need you to download this script I have made for you --> Attached File  fixlist.txt   6.12KB   10 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,351 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:45 AM

Posted 03 April 2014 - 07:17 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users