Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very slow start up Vista HP Pavillion - log from HiJack This


  • This topic is locked This topic is locked
13 replies to this topic

#1 dosouth

dosouth

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 31 May 2014 - 01:45 PM

I would appreciate any assistance in helping speed up my 5 minute reboot on this old machine of mine.  Log attached and I am just learning so any help would be appreciated.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,965 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:55 AM

Posted 05 June 2014 - 09:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 dosouth

dosouth
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 07 June 2014 - 01:57 PM

Thank you for taking the time to assist me on this.  I have run all the programs and have pasted the logs below.  I did not go ahead with a clean on the AdwCleaner as not being that tech savy I was afraid I would uncheck one box that may cause the machine or some program to not reboot.  Other than that I did not discover any virus/malware in the machine.  I look forward to your feedback.

 

Again your assistance is greatly appreciated.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.06.07.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: DV7LAPTOP [administrator]

07/06/2014 3:45:28 AM
mbam-log-2014-06-07 (03-45-28).txt

Scan type: Full scan (C:\|D:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 564087
Time elapsed: 2 hour(s), 20 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

========================================================

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014

Ran by User (administrator) on DV7LAPTOP on 07-06-2014 00:06:24

Running from F:\downloads vista

Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(IDT, Inc.) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\stacsv64.exe

(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe

(Validity Sensors, Inc.) C:\WINDOWS\System32\vfsFPService.exe

(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe

(Agere Systems) C:\WINDOWS\System32\agr64svc.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

() C:\WINDOWS\SMINST\BLService.exe

(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe

(Pelmorex Media Inc.) C:\Users\User\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

(CyberLink Corp.) C:\Program Files (x86)\HP\QuickPlay\QPService.exe

(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe

(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe

(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe

(Microsoft Corporation) C:\WINDOWS\splwow64.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\WINDOWS\SysWOW64\dllhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)

HKLM\...\Run: [OnScreenDisplay] => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [685568 2008-01-23] ( Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)

HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16395880 2009-10-03] (NVIDIA Corporation)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)

HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [hpWirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2009-03-10] (CyberLink Corp.)

HKLM-x32\...\Run: [DpAgent] => C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-12-01] (DigitalPersona, Inc.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-12-16] (Check Point Software Technologies LTD)

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-3919781347-724389126-3921011176-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-3919781347-724389126-3921011176-1000\...\Run: [LG LinkAir] => [X]

HKU\S-1-5-21-3919781347-724389126-3921011176-1000\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)

HKU\S-1-5-21-3919781347-724389126-3921011176-1000\...\Run: [WeatherEye] => C:\Users\User\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe [311584 2011-08-22] (Pelmorex Media Inc.)

HKU\S-1-5-21-3919781347-724389126-3921011176-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

HKU\S-1-5-21-3919781347-724389126-3921011176-1000\...\MountPoints2: {14d42b65-cec9-11e0-af4a-002186642110} - H:\StartClickFreeBackup.exe

Lsa: [Notification Packages] scecli DPPWDFLT

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thelaundry.ca/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {56E9DD0E-262B-4FE9-9B2F-0F485FFFE2FA} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb

SearchScopes: HKLM - {56E9DD0E-262B-4FE9-9B2F-0F485FFFE2FA} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb

SearchScopes: HKLM - {FFF948FD-80FE-431D-9992-857828B76127} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl

SearchScopes: HKLM-x32 - DefaultScope {56E9DD0E-262B-4FE9-9B2F-0F485FFFE2FA} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb

SearchScopes: HKLM-x32 - {56E9DD0E-262B-4FE9-9B2F-0F485FFFE2FA} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb

SearchScopes: HKLM-x32 - {FFF948FD-80FE-431D-9992-857828B76127} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl

SearchScopes: HKCU - DefaultScope {56E9DD0E-262B-4FE9-9B2F-0F485FFFE2FA} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb

SearchScopes: HKCU - {56E9DD0E-262B-4FE9-9B2F-0F485FFFE2FA} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb

SearchScopes: HKCU - {FFF948FD-80FE-431D-9992-857828B76127} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl

BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)

BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File

BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File

BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File

BHO-x32: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files (x86)\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)

BHO-x32: HistoryTriggerBHO Class - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)

BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

BHO-x32: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)

BHO-x32: ToolbarBHO Class - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM-x32 - RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)

DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.transitbc.com/activex/smsx.cab

DPF: HKLM-x32 {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://design-concept.ca/Core/Player/2020PlayerAX_Win32.cab

DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1

 

FireFox:

========

FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ujuqd6t2.default

FF Homepage: hxxp://www.thelaundry.ca/

FF NetworkProxy: "autoconfig_url", "http://client.hola.org/proxy.pac?browser=firefox&ver=1.1.668&uuid=7acce043753a0ab3e3a3cf5440722b24&stamp=1"

FF NetworkProxy: "type", 2

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)

FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.5.0 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ujuqd6t2.default\user.js

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)

FF Extension: 20-20 3D Viewer - WEB - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ujuqd6t2.default\Extensions\2020Player_WEB@2020Technologies.com [2012-02-17]

FF Extension: Garmin Communicator - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ujuqd6t2.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012-11-29]

FF Extension: WebSlingPlayer - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ujuqd6t2.default\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2012-10-05]

FF Extension: HP Detect - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ujuqd6t2.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2013-05-23]

FF Extension: feedly - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ujuqd6t2.default\Extensions\feedly@devhd.xpi [2013-03-25]

FF Extension: Hola Unblocker - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ujuqd6t2.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack.xpi [2013-04-07]

FF Extension: GoogleEnhancer - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ujuqd6t2.default\Extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}.xpi [2011-08-24]

FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ujuqd6t2.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]

FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ujuqd6t2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-30]

FF Extension: DownThemAll! - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ujuqd6t2.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-09-12]

FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-09-24]

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008-07-29]

FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\

FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ []

FF HKLM-x32\...\Firefox\Extensions: [RAWThumbnailViewer@arcsoft.com.cn] - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\FireFox Extension

FF Extension: RAW Thumbnail Viewer - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2011-08-26]

FF HKLM-x32\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files (x86)\ArcSoft\Video Downloader\Plugin_FireFox

FF Extension: ArcSoft Video Downloader Extension - C:\Program Files (x86)\ArcSoft\Video Downloader\Plugin_FireFox [2011-08-26]

FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-09-24]

FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext

FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2011-08-23]

 

==================== Services (Whitelisted) =================

 

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

S4 QPCapSvc; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292216 2009-01-12] ()

S4 QPSched; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe [116080 2009-01-12] ()

R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()

S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()

R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)

R2 vfsFPService; C:\Windows\system32\vfsFPService.exe [717104 2008-04-27] (Validity Sensors, Inc.)

R2 vfsFPService; C:\Windows\SysWOW64\vfsFPService.exe [599344 2008-04-27] (Validity Sensors, Inc.)

R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-12-16] (Check Point Software Technologies LTD)

R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)

 

==================== Drivers (Whitelisted) ====================

 

S3 AESTAud; C:\Windows\System32\drivers\AESTAu64.sys [145280 2008-08-27] (Andrea Electronics Corporation)

S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2006-11-02] (Samsung Electronics)

R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)

R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)

R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

S3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x64.sys [742696 2006-10-09] (NVIDIA Corporation)

R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()

R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()

S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [114856 2007-07-03] (MCCI Corporation)

R3 vfs101a; C:\Windows\System32\drivers\vfs101a.sys [49968 2008-04-27] (Validity Sensors, Inc.)

R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [444952 2013-06-13] (Check Point Software Technologies LTD)

S3 vsdatant7; C:\Windows\System32\drivers\vsdatant.win7.sys [446152 2009-11-22] (Check Point Software Technologies LTD)

R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263}; C:\Program Files (x86)\HP\QuickPlay\000.fcl [146928 2009-01-12] (CyberLink Corp.)

S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]

S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]

S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]

S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]

S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]

S3 AndNetGps; system32\DRIVERS\lgandnetgps64.sys [X]

S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]

S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]

S3 androidusb; System32\Drivers\lgandadb.sys [X]

U4 eabfiltr;

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-06-07 00:06 - 2014-06-07 00:06 - 00000000 ____D () C:\FRST

2014-06-06 23:50 - 2014-06-06 23:52 - 00000000 ____D () C:\AdwCleaner

2014-06-06 17:07 - 2014-06-06 17:07 - 00000446 _____ () C:\Windows\PFRO.log

2014-06-01 12:23 - 2014-06-06 17:09 - 00000330 _____ () C:\Windows\Tasks\HPCeeScheduleForUser.job

2014-06-01 02:00 - 2014-06-06 17:18 - 00016266 _____ () C:\Windows\WindowsUpdate.log

2014-05-31 11:00 - 2014-05-31 11:00 - 00000000 __SHD () C:\found.002

2014-05-25 23:37 - 2014-05-25 23:37 - 00000000 __SHD () C:\found.001

2014-05-18 16:45 - 2014-06-06 17:09 - 00003340 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3919781347-724389126-3921011176-1000

2014-05-18 16:45 - 2014-06-06 17:09 - 00003204 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3919781347-724389126-3921011176-1000

 

==================== One Month Modified Files and Folders =======

 

2014-06-07 00:07 - 2011-08-20 16:39 - 00000000 ____D () C:\Users\User\AppData\Local\Temp

2014-06-07 00:06 - 2014-06-07 00:06 - 00000000 ____D () C:\FRST

2014-06-06 23:52 - 2014-06-06 23:50 - 00000000 ____D () C:\AdwCleaner

2014-06-06 23:36 - 2012-12-29 19:45 - 00000000 ____D () C:\Program Files\PeerBlock

2014-06-06 23:08 - 2006-11-02 08:22 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-06 23:08 - 2006-11-02 08:22 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-06 17:18 - 2014-06-01 02:00 - 00016266 _____ () C:\Windows\WindowsUpdate.log

2014-06-06 17:14 - 2006-11-02 05:46 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-06 17:11 - 2011-08-20 16:20 - 00183592 _____ () C:\ProgramData\nvModes.001

2014-06-06 17:09 - 2014-06-01 12:23 - 00000330 _____ () C:\Windows\Tasks\HPCeeScheduleForUser.job

2014-06-06 17:09 - 2014-05-18 16:45 - 00003340 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3919781347-724389126-3921011176-1000

2014-06-06 17:09 - 2014-05-18 16:45 - 00003204 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3919781347-724389126-3921011176-1000

2014-06-06 17:09 - 2011-08-20 16:20 - 00183592 _____ () C:\ProgramData\nvModes.dat

2014-06-06 17:09 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-06 17:07 - 2014-06-06 17:07 - 00000446 _____ () C:\Windows\PFRO.log

2014-06-06 17:01 - 2006-11-02 08:42 - 00032646 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-06-05 09:17 - 2014-02-20 01:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\LimeWire

2014-06-01 00:00 - 2011-08-23 20:38 - 00077824 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-05-31 16:56 - 2011-10-01 15:04 - 00000000 ____D () C:\Windows\Minidump

2014-05-31 11:47 - 2011-08-23 20:24 - 00000000 ___RD () C:\Users\User\Desktop\Computer and refresh

2014-05-31 11:00 - 2014-05-31 11:00 - 00000000 __SHD () C:\found.002

2014-05-25 23:37 - 2014-05-25 23:37 - 00000000 __SHD () C:\found.001

2014-05-20 12:31 - 2011-08-23 20:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\Real

2014-05-09 16:16 - 2012-09-18 19:10 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-09 16:16 - 2012-09-18 19:10 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

 

Files to move or delete:

====================

C:\Users\User\AppData\Roaming\desktop.ini

C:\ProgramData\DVD.exe

C:\ProgramData\Games.exe

C:\ProgramData\Karaoke.exe

C:\ProgramData\MobileTV.exe

C:\ProgramData\MPV.exe

 

 

Some content of TEMP:

====================

C:\Users\User\AppData\Local\Temp\jna8848457046270379709.dll

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-06-06 17:16

 

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2014

Ran by User at 2014-06-07 00:07:54

Running from F:\downloads vista

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}

AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ZoneAlarm Free Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

 

==================== Installed Programs ======================

 

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)

Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)

Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)

Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - LSI Corporation)

Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ArcSoft Panorama Maker 4 (HKLM-x32\...\{37530151-56A6-4CE4-9F9F-CE1F5A1356C6}) (Version: 4.5.0.112 - ArcSoft)

ArcSoft PhotoStudio Darkroom 2 (HKLM-x32\...\{40DA94AF-34B7-4BA7-A37F-26F899C031FF}) (Version: 2.0.0.174 - ArcSoft)

ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)

ArcSoft Print Creations - Brochures & Flyers (HKLM-x32\...\{01A1A019-E1D8-482A-BE17-5E118D17C0A0}) (Version:  - ArcSoft)

ArcSoft Print Creations - Funhouse II (HKLM-x32\...\{3CE47E6B-AE27-4E40-AC54-329EED96B933}) (Version:  - ArcSoft)

ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)

ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)

ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)

ArcSoft Print Creations - Photo Prints (HKLM-x32\...\{95F875CC-1B85-43E6-B3E0-13EA04F3D995}) (Version:  - ArcSoft)

ArcSoft Print Creations - Poster Creator (HKLM-x32\...\{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}) (Version:  - ArcSoft)

ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)

ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)

ArcSoft Print Creations (HKLM-x32\...\{F03EC055-F34E-4F6B-A684-8A370E11A304}) (Version: 3.0.255.500 - ArcSoft)

ArcSoft Print Creations Print Service (HKLM-x32\...\{E06E2592-29C0-4B97-A2D7-FF0C53B0D4D8}) (Version: 3.0.255.505 - ArcSoft)

ArcSoft RAW Thumbnail Viewer (HKLM-x32\...\{82FAC25D-D0E1-4D60-9268-F3DD958BF052}) (Version: 2.0.0.11 - ArcSoft)

ArcSoft Scan-n-Stitch Deluxe (HKLM-x32\...\{363188E4-1A27-4DE6-BA48-823D2E205385}) (Version: 1.1.0.17 - ArcSoft)

ArcSoft Software Suite (HKLM-x32\...\{497A1721-088F-41EF-8876-B43C9DA5528B}) (Version:  - ArcSoft)

ArcSoft Video Downloader (HKLM-x32\...\{C8B44566-839A-459C-A73D-49764CE216CC}) (Version: 2.0.0.39 - ArcSoft)

AVerMedia A309 (MiniCard, DVB-T) 1.0.64.46 (HKLM-x32\...\AVerMedia A309 (MiniCard, DVB-T)) (Version: 1.0.64.46 - AVerMedia TECHNOLOGIES, Inc.)

Batch PDF Watermark (HKLM-x32\...\{346A4198-E33B-4CEA-9BEA-37A32419FB69}) (Version: 1.0.0 - Dreamify Corp)

BurnAware Free 6.9.2 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)

Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - Canon Inc.)

Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )

Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)

Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.)

Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.)

Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 3.3.0.5 - Canon Inc.)

Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.)

Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.4.0.9 - Canon Inc.)

Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.)

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)

Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 1.0.3.17 - )

Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)

Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.2.0.5 - Canon Inc.)

Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.17.41 - )

Canon Utilities RemoteCapture DC (HKLM-x32\...\RemoteCaptureDC) (Version: 3.1.0.5 - Canon Inc.)

Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)

Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.)

Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)

Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)

Clean Disk Security 7.5 (HKLM-x32\...\Clean Disk Security) (Version: 7.5 - Kevin Solway)

Coby Media Manager (HKLM-x32\...\{6EC0BE33-4BDF-419B-AFC3-40E06BCEA536}) (Version: 1.0.2623 - Coby)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Content Transfer (HKLM-x32\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.3.0.23190 - Sony Corporation)

CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version:  - )

CyberLink DVD Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1519 - CyberLink Corp.)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2029 - CyberLink Corp.)

CyberLink YouCam (x32 Version: 2.0.2029 - CyberLink Corp.) Hidden

Defraggler (HKLM\...\Defraggler) (Version: 2.16 - Piriform)

DigitalPersona Personal 4.11 (HKLM\...\{F74D69E5-ECFD-45D1-A87A-341208ADD7CC}) (Version: 4.11.3826 - DigitalPersona, Inc.)

DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)

ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)

FileParade Bundle (HKLM-x32\...\FileParade Bundle) (Version: 1.0.0.0 - FileParade Bundle) <==== ATTENTION

Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)

Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.2.4.1230 - DVDVideoSoft Ltd.)

Free YouTube to MP3 Converter version 3.11.34.1015 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.34.1015 - DVDVideoSoft Ltd.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden

HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)

HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)

HP Battery Check (HKLM-x32\...\HP Battery Check) (Version: 4.0.17.0 - Hewlett-Packard)

HP Battery Check (x32 Version: 4.0.17.0 - Hewlett-Packard) Hidden

HP Customer Experience Enhancements (HKLM-x32\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard)

HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)

HP Help and Support (HKLM-x32\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.3.0 - Hewlett-Packard Company)

HP Integrated Module with Bluetooth wireless technology 6.0.1.4900 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4900 - HP)

HP MULTIPLE MODEM INSTALLER for VISTA (HKLM-x32\...\{45A136EC-88BF-4B95-99F5-C45D3930E1CC}) (Version: 1.0.0.30 - Hewlett Packard)

HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)

HP Photosmart Essential 2.5 (x32 Version: 1.02.0000 - Hewlett-Packard) Hidden

HP Product Detection (HKLM-x32\...\{A34CC51D-C2FF-4E0E-9F27-28B0249A15DD}) (Version: 11.15.0007 - HP)

HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.12.1 - Hewlett-Packard)

HP QuickPlay 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.6310 - Hewlett-Packard)

HP QuickTouch 1.00 D2 (HKLM\...\{1AD2F8FE-A357-4728-BDF8-B92D794CE793}) (Version: 1.0.9 - Hewlett-Packard)

HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 109.9.19158 - Hewlett-Packard)

HP Smart Web Printing (x32 Version: 109.9.19158 - Hewlett-Packard) Hidden

HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)

HP User Guides 0103 (HKLM-x32\...\{B8169E45-8E23-430B-91D1-EC64540C8ED0}) (Version: 1.01.0000 - Hewlett-Packard)

HP Wireless Assistant (HKLM-x32\...\{340F521E-3576-4E1A-B75C-EB0ACF751379}) (Version: 3.00 J1 - Hewlett-Packard)

HPAsset component for HP Active Support Library (x32 Version: 3.0.1.0 - Hewlett-Packard) Hidden

HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden

HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden

HPPhotoSmartDiscLabel_Tattoo (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden

HPPhotoSmartDiscLabelContent1 (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden

hpphotosmartdisclabelplugin (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden

HPPhotoSmartPhotobookHolidayPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

HPPhotoSmartPhotobookModernPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

HPPhotoSmartPhotobookPlayfulPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

HPPhotoSmartPhotobookScrapbookPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

HPPhotoSmartPhotobookWebPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

HPTCSSetup (HKLM-x32\...\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}) (Version: 1.0.964.2626 - Hewlett-Packard Company)

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6087.0 - IDT)

IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)

Java Auto Updater (x32 Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden

Java™ 6 Update 27 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216027FF}) (Version: 6.0.270 - Oracle)

JMicron JMB38X Flash Media Controller (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.11.02 - JMicron Technology Corp.)

KeePass Password Safe 1.24 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.24 - Dominik Reichl)

LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2719 - CyberLink Corp.)

LG Bluetooth Drivers (HKLM-x32\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics)

LG On-Screen Phone (HKLM-x32\...\LG On-Screen Phone) (Version: 2.0.06.20111116 - LG Electronics)

LG PC Suite IV (HKLM-x32\...\LG PC Suite IV) (Version: 4.3.46.20111117 - LG Electronics)

LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)

LimeWire 5.6.2 (remove only) (HKLM-x32\...\LimeWire) (Version:  - )

LimeWire version LimeStart_Shortcuts_1.1 (HKLM-x32\...\LimeWire_is1) (Version: LimeStart_Shortcuts_1.1 - LOTR, Inc. LOL)

LPEConnectFix 1.0 (HKLM-x32\...\LPEConnectFix_is1) (Version:  - LOTR, Inc. lol    www.gnutellaforums.com/)

MainConcept MJPEG Codec Demo (HKLM-x32\...\InstallShield_{805A7890-3138-44E4-8DAA-480C55516989}) (Version: 3.02.0004.0000 - MainConcept AG)

MainConcept MJPEG Codec Demo (x32 Version: 3.02.0004.0000 - MainConcept AG) Hidden

MainConcept MJPG software codec (Remove Only) (HKLM-x32\...\MCMJPG) (Version:  - )

Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft PhotoDraw 2000 (HKLM-x32\...\Microsoft PhotoDraw 2000) (Version:  - )

Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

muvee autoProducer 6.1 (HKLM-x32\...\{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}) (Version: 6.10.050 - muvee Technologies)

My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.43 - WildTangent)

Next Video Converter 3.68 (HKLM-x32\...\{2AD89908-0987-4B9E-8AB4-905899E4D754}_is1) (Version:  - NextVideoSoft, Inc.)

Nikon View 6 (HKLM-x32\...\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}) (Version:  - )

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden

NWZ-E350 WALKMAN Guide (HKLM-x32\...\{9D7E5329-5751-435B-B585-0EFF51783A20}) (Version: 2.1.0.17210 - Sony Corporation)

Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version:  - )

PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version:  - )

PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)

PHOTOfunSTUDIO 8.1 AE (HKLM-x32\...\{FC16F299-6399-4350-B0C6-36F646473958}) (Version: 8.01.510 - Panasonic Corporation)

PHOTOfunSTUDIO -viewer- (HKLM-x32\...\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}) (Version: 2.00.000 - Panasonic)

PhotoNow! (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.4518 - CyberLink Corp.)

Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3919 - CyberLink Corp.)

PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2719 - CyberLink Corp.)

PowerDirector (x32 Version: 6.5.2719 - CyberLink Corp.) Hidden

ProtectSmart Hard Drive Protection (HKLM\...\{2F97CE84-9C33-4631-821B-85EA371EA254}) (Version: 3.10.1.7 - Hewlett-Packard)

PSSWCORE (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden

PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden

QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden

QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

RealNetworks - Microsoft Visual C++ 2005 Runtime (x32 Version: 8.0 - RealNetworks) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)

Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)

SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )

Samsung Mobile phone USB driver Software (HKLM\...\Samsung Mobile phone USB driver) (Version:  - )

SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )

SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )

Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)

Samsung SCX-4x16 Series - TWAIN (HKLM-x32\...\{4518D543-6A80-4856-AFA7-10836B42113A}) (Version:  - )

Samsung SCX-4x16 Series (HKLM-x32\...\Samsung SCX-4x16 Series) (Version:  - )

Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)

Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)

SmarThru (HKLM-x32\...\{1CE06390-46D0-11D6-8578-006008CA5356}) (Version:  - )

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)

Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)

Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Validity Sensors software (HKLM\...\{567E8236-C414-4888-8211-3D61608D57AE}) (Version: 2.7.39 - Validity Sensors, Inc.)

VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden

WeatherEye (HKCU\...\WeatherEye) (Version:  - )

WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.2 - WildTangent)

Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)

Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)

Windows Driver Package - ENE (enecir) HIDClass  (04/29/2008 2.5.0.0) (HKLM\...\B30ECD0209A21D638611F893829C8AF3A483A302) (Version: 04/29/2008 2.5.0.0 - ENE)

Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

Xilisoft MOV Converter (HKLM-x32\...\Xilisoft MOV Converter) (Version: 7.0.1.1219 - Xilisoft)

Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

ZoneAlarm Firewall (x32 Version: 12.0.118.000 - Check Point Software Technologies Ltd.) Hidden

ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 12.0.118.000 - Check Point)

ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)

ZoneAlarm Security (x32 Version: 12.0.118.000 - Check Point Software Technologies Ltd.) Hidden

 

==================== Restore Points  =========================

 

 

==================== Hosts content: ==========================

 

2006-11-02 05:34 - 2006-09-18 14:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

::1             localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {09455B36-8669-45F9-866A-F6FEA2C731EE} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {0F9977F6-5E09-4EE8-B83C-E56F3D56E515} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns

Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)

Task: {2F6A4C2C-C441-4DF4-8096-DB75048ED1DC} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)

Task: {3074A4B6-ABEE-4EBE-A348-0C1807865C40} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-18] (Google Inc.)

Task: {4933F8D1-B2D2-4EB9-AA5F-CE445EFB5743} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3919781347-724389126-3921011176-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)

Task: {6E7A626B-D8F4-44C4-8A0E-509A85FA9B9D} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)

Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {7E59E2D0-D342-4095-9FA7-14BFDBF440CA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)

Task: {B6A897ED-E640-4416-B37C-A63508204C59} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-18] (Adobe Systems Incorporated)

Task: {C7370EAB-D812-478B-8F76-4ADE485C9B5D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3919781347-724389126-3921011176-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)

Task: {C766CB12-478D-40DC-A4B8-B401064616C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-18] (Google Inc.)

Task: {DC84C1BC-7862-49DD-8F02-42C5D155CB02} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()

Task: {FF5B0F2A-9AE6-4AB4-90B6-16F678593DE5} - System32\Tasks\HPCeeScheduleForUser => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2007-12-17] (Hewlett-Packard)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForUser.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe

Task: C:\Windows\Tasks\ParetoLogic Registration.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll

 

==================== Loaded Modules (whitelisted) =============

 

2011-08-23 00:09 - 2007-07-12 22:37 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll

2008-07-29 03:45 - 2008-04-26 01:15 - 00361808 _____ () C:\Windows\SMINST\BLService.exe

2007-03-29 13:53 - 2007-03-29 13:53 - 00477184 _____ () C:\Windows\system32\btwhidcs.DLL

2007-03-29 14:11 - 2007-03-29 14:11 - 00167936 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll

2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

2011-08-23 00:21 - 2009-01-12 16:49 - 00074536 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\Common\MCEMediaStatus64.dll

2008-07-29 03:45 - 2007-11-15 01:46 - 00126976 _____ () C:\Windows\SMINST\STWmiM.dll

2011-08-23 00:21 - 2009-01-12 16:50 - 00120216 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSchMgr.dll

2011-08-23 00:21 - 2009-01-12 16:50 - 00259480 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapEngine.dll

2011-08-23 00:21 - 2009-01-12 16:50 - 00345384 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLTinyDB.dll

2013-01-20 17:23 - 2014-04-17 21:33 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

 

==================== EXE Association (whitelisted) =============

 

HKU\S-1-5-21-3919781347-724389126-3921011176-1000\Software\Classes\.exe:  =>  <===== ATTENTION!

HKU\S-1-5-21-3919781347-724389126-3921011176-1000\Software\Classes\exefile:  <===== ATTENTION!

 

==================== Disabled items from MSCONFIG ==============

 

MSCONFIG\Services: ACDaemon => 3

MSCONFIG\Services: AdobeARMservice => 3

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: AeLookupSvc => 3

MSCONFIG\Services: ALG => 3

MSCONFIG\Services: aspnet_state => 3

MSCONFIG\Services: BITS => 2

MSCONFIG\Services: Browser => 2

MSCONFIG\Services: BthServ => 2

MSCONFIG\Services: btwdins => 2

MSCONFIG\Services: CFUACProxy_officeguardianv2 => 2

MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2

MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2

MSCONFIG\Services: COMSysApp => 2

MSCONFIG\Services: DFSR => 3

MSCONFIG\Services: DPS => 3

MSCONFIG\Services: ehRecvr => 3

MSCONFIG\Services: ehSched => 3

MSCONFIG\Services: ehstart => 3

MSCONFIG\Services: FDResPub => 3

MSCONFIG\Services: FontCache => 2

MSCONFIG\Services: FontCache3.0.0.0 => 3

MSCONFIG\Services: GamesAppService => 3

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: hkmsvc => 3

MSCONFIG\Services: HP Health Check Service => 3

MSCONFIG\Services: IDriverT => 2

MSCONFIG\Services: idsvc => 3

MSCONFIG\Services: IKEEXT => 3

MSCONFIG\Services: IPBusEnum => 3

MSCONFIG\Services: KtmRm => 3

MSCONFIG\Services: LightScribeService => 2

MSCONFIG\Services: lltdsvc => 3

MSCONFIG\Services: MozillaMaintenance => 3

MSCONFIG\Services: MSDTC => 3

MSCONFIG\Services: MSiSCSI => 3

MSCONFIG\Services: napagent => 2

MSCONFIG\Services: NetTcpActivator => 2

MSCONFIG\Services: odserv => 3

MSCONFIG\Services: ose => 3

MSCONFIG\Services: p2pimsvc => 3

MSCONFIG\Services: p2psvc => 3

MSCONFIG\Services: PerfHost => 3

MSCONFIG\Services: pla => 3

MSCONFIG\Services: PNRPAutoReg => 3

MSCONFIG\Services: PNRPsvc => 3

MSCONFIG\Services: ProtectedStorage => 3

MSCONFIG\Services: QPCapSvc => 2

MSCONFIG\Services: QPSched => 2

MSCONFIG\Services: QWAVE => 2

MSCONFIG\Services: RasAuto => 3

MSCONFIG\Services: RasMan => 2

MSCONFIG\Services: RemoteAccess => 3

MSCONFIG\Services: RemoteRegistry => 3

MSCONFIG\Services: RichVideo => 3

MSCONFIG\Services: RpcLocator => 3

MSCONFIG\Services: SCardSvr => 3

MSCONFIG\Services: SCPolicySvc => 3

MSCONFIG\Services: SDRSVC => 2

MSCONFIG\Services: seclogon => 3

MSCONFIG\Services: SessionEnv => 2

MSCONFIG\Services: SharedAccess => 3

MSCONFIG\Services: SkypeUpdate => 3

MSCONFIG\Services: SLUINotify => 3

MSCONFIG\Services: SstpSvc => 3

MSCONFIG\Services: swprv => 3

MSCONFIG\Services: TapiSrv => 3

MSCONFIG\Services: TBS => 2

MSCONFIG\Services: THREADORDER => 3

MSCONFIG\Services: TrkWks => 3

MSCONFIG\Services: TrustedInstaller => 3

MSCONFIG\Services: UI0Detect => 3

MSCONFIG\Services: W32Time => 2

MSCONFIG\Services: wcncsvc => 3

MSCONFIG\Services: WcsPlugInService => 3

MSCONFIG\Services: WdiServiceHost => 3

MSCONFIG\Services: WdiSystemHost => 3

MSCONFIG\Services: Wecsvc => 3

MSCONFIG\Services: wercplsupport => 3

MSCONFIG\Services: WerSvc => 3

MSCONFIG\Services: WinRM => 3

MSCONFIG\Services: wmiApSrv => 2

MSCONFIG\Services: WMPNetworkSvc => 3

MSCONFIG\Services: WPCSvc => 3

MSCONFIG\Services: WPFFontCache_v0400 => 3

MSCONFIG\Services: wuauserv => 2

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NkvMon.exe.lnk => C:\Windows\pss\NkvMon.exe.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk => C:\Windows\pss\PHOTOfunSTUDIO -viewer-.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 8.1 AE.lnk => C:\Windows\pss\PHOTOfunSTUDIO 8.1 AE.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: AESTFltr => %SystemRoot%\system32\AESTFltr.exe /NoDlg

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: ArcSoft Connection Service => "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"

MSCONFIG\startupreg: ContentTransferWMDetector.exe => C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe

MSCONFIG\startupreg: DivXMediaServer => "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"

MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

MSCONFIG\startupreg: GW Port Controller => "C:\Program Files (x86)\Samsung\SmarThru\PORTCTRL.EXE"

MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

MSCONFIG\startupreg: Power2GoExpress => NA

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: SacReminderHDDV2 => C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

MSCONFIG\startupreg: Xvid => C:\Program Files (x86)\Xvid\CheckUpdate.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (06/07/2014 00:07:59 AM) (Source: VSS) (EventID: 12292) (User: )

Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422].

Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Query Shadow Copies

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 13
   Snapshot Context: 13
   Execution Context: Coordinator

 

Error: (06/07/2014 00:07:59 AM) (Source: VSS) (EventID: 40) (User: )

Description: Volume Shadow Copy Service error:  The Microsoft Software Shadow Copy Provider (SWPRV) service is

disabled.  Please enable the service and try again.

Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Query Shadow Copies

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 13
   Snapshot Context: 13
   Execution Context: Coordinator

 

Error: (06/06/2014 05:46:28 PM) (Source: System Restore) (EventID: 8210) (User: )

Description: The scheduled restore point could not be created.  Additional information: (0x8004230f).

 

Error: (06/06/2014 05:46:28 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x8004230f).

 

Error: (06/06/2014 05:46:28 PM) (Source: VSS) (EventID: 12292) (User: )

Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422].

Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Delete Shadow Copies

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 0
   Snapshot Context: 0
   Execution Context: Coordinator

 

Error: (06/06/2014 05:46:28 PM) (Source: VSS) (EventID: 40) (User: )

Description: Volume Shadow Copy Service error:  The Microsoft Software Shadow Copy Provider (SWPRV) service is

disabled.  Please enable the service and try again.

Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Delete Shadow Copies

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 0
   Snapshot Context: 0
   Execution Context: Coordinator

 

Error: (06/06/2014 05:46:28 PM) (Source: VSS) (EventID: 12292) (User: )

Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422].

Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Query Shadow Copies
   Delete Shadow Copies

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 0
   Snapshot Context: 0
   Execution Context: Coordinator
   Execution Context: Coordinator

 

Error: (06/06/2014 05:46:28 PM) (Source: VSS) (EventID: 40) (User: )

Description: Volume Shadow Copy Service error:  The Microsoft Software Shadow Copy Provider (SWPRV) service is

disabled.  Please enable the service and try again.

Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Query Shadow Copies
   Delete Shadow Copies

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 0
   Snapshot Context: 0
   Execution Context: Coordinator
   Execution Context: Coordinator

 

Error: (06/06/2014 05:46:28 PM) (Source: VSS) (EventID: 12292) (User: )

Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422].

Operation:
   Obtain a callable interface for this provider
   Check If Volume Is Supported by Provider
   Add a Volume to a Shadow Copy Set

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {00000000-0000-0000-0000-000000000000}
   Snapshot Context: 4194317
   Execution Context: Coordinator
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volume Name: \\?\Volume{14f9fdbd-cb84-11e0-8caf-806e6f6e6963}\
   Execution Context: Coordinator

 

Error: (06/06/2014 05:46:28 PM) (Source: VSS) (EventID: 40) (User: )

Description: Volume Shadow Copy Service error:  The Microsoft Software Shadow Copy Provider (SWPRV) service is

disabled.  Please enable the service and try again.

Operation:
   Obtain a callable interface for this provider
   Check If Volume Is Supported by Provider
   Add a Volume to a Shadow Copy Set

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {00000000-0000-0000-0000-000000000000}
   Snapshot Context: 4194317
   Execution Context: Coordinator
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volume Name: \\?\Volume{14f9fdbd-cb84-11e0-8caf-806e6f6e6963}\
   Execution Context: Coordinator

 

 

System errors:

=============

Error: (06/06/2014 05:44:59 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (06/06/2014 05:43:40 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (06/06/2014 05:42:31 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (06/06/2014 05:18:59 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

      New Signature Version:

 

      Previous Signature Version: 1.175.1158.0

 

      Update Source: %NT AUTHORITY59

 

      Update Stage: 4.4.0304.00

 

      Source Path: 4.4.0304.01

 

      Signature Type: %NT AUTHORITY602

 

      Update Type: %NT AUTHORITY604

 

      User: NT AUTHORITY\SYSTEM

 

      Current Engine Version: %NT AUTHORITY605

 

      Previous Engine Version: %NT AUTHORITY606

 

      Error code: %NT AUTHORITY607

 

      Error description: %NT AUTHORITY608

 

Error: (06/06/2014 05:11:43 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)

Description: The print spooler failed to share printer CutePDF Writer with shared resource name CutePDF Writer. Error 1753. The printer cannot be used by others on the network.

 

Error: (06/06/2014 05:11:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: DgiVecp%%20

 

Error: (06/06/2014 05:10:00 PM) (Source: NETLOGON) (EventID: 3095) (User: )

Description: This computer is configured as a member of a workgroup, not as

a member of a domain. The Netlogon service does not need to run in this

configuration.

 

Error: (06/06/2014 05:09:40 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)

Description: 2147942402

 

Error: (06/06/2014 05:08:37 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (06/06/2014 05:08:33 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

 

Microsoft Office Sessions:

=========================

 

CodeIntegrity Errors:

===================================

  Date: 2014-06-07 00:07:28.319

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\vsdatant.win7.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-06-07 00:07:28.194

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\vsdatant.win7.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-06-07 00:07:28.038

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\vsdatant.win7.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-06-07 00:07:27.913

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\vsdatant.win7.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-06-07 00:07:27.632

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\vsdatant.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-06-07 00:07:27.492

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\vsdatant.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-06-07 00:07:27.336

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\vsdatant.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-06-07 00:07:27.164

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\vsdatant.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-05-31 13:13:30.121

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-05-31 13:13:29.987

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info ===========================

 

Percentage of memory in use: 72%

Total physical RAM: 2044.14 MB

Available physical RAM: 562.06 MB

Total Pagefile: 4325.55 MB

Available Pagefile: 2382.22 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:221.47 GB) (Free:154.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (HP_RECOVERY) (Fixed) (Total:11.41 GB) (Free:2 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive f: (DATA) (Fixed) (Total:232.88 GB) (Free:15.62 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 233 GB) (Disk ID: 8634BBEB)

Partition 1: (Active) - (Size=221 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: CCA6662E)

Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 

# AdwCleaner v3.212 - Report created 06/06/2014 at 23:50:44
# Updated 05/06/2014 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : User - DV7LAPTOP
# Running from : F:\downloads vista\adwcleaner_3.212.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ujuqd6t2.default\user.js
Folder Found : C:\Program Files (x86)\1ClickDownload
Folder Found : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Found : C:\Program Files (x86)\sweetpacks bundle uninstaller
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\Users\User\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Found : C:\Users\User\AppData\Roaming\dvdvideosoftiehelpers
Folder Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\owner\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\IM
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16540


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ujuqd6t2.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3313 octets] - [06/06/2014 23:50:44]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3373 octets] ##########

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,965 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:55 AM

Posted 08 June 2014 - 08:35 AM

Question. Did you install this proxy?
FF NetworkProxy: "autoconfig_url", "http://client.hola.org/proxy.pac?browser=firefox&ver=1.1.668&uuid=7acce043753a0ab3e3a3cf5440722b24&stamp=1"
===

Run the AdwCleaner tool again and clean everything that was found.
===


You are presently running the Farbar tool from this folder.
Running from F:\downloads vista

In order for this fix to work you must do the following.

Create a folder on your C:\ Desktop.
Right click on your desktop with the Mouse
Select New > create new folder.
Name that folder FRST
Copy the Farbar.exe file now in your downloads vista folder to that new folder.
Create the file fixlist.txt suggested below and make sure it also in the FRST folder
Then run the Farbar tool and select the FIX button

-

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM - {FFF948FD-80FE-431D-9992-857828B76127} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
SearchScopes: HKLM-x32 - {FFF948FD-80FE-431D-9992-857828B76127} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
SearchScopes: HKCU - {FFF948FD-80FE-431D-9992-857828B76127} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ujuqd6t2.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ []
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2011-08-23]
HKU\S-1-5-21-3919781347-724389126-3921011176-1000\Software\Classes\.exe:  =>  <===== ATTENTION!
HKU\S-1-5-21-3919781347-724389126-3921011176-1000\Software\Classes\exefile:  <===== ATTENTION!

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Let me know what problem persists.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,965 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:55 AM

Posted 14 June 2014 - 09:26 AM

Are you still with me?

#6 dosouth

dosouth
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 17 June 2014 - 01:27 PM

Hi Nasdaq,  Sorry I have been distracted but will try and give your further instructions a go this week.  I haven't given up yet, thanks again.



#7 dosouth

dosouth
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 19 June 2014 - 01:00 PM

Hello again,

 

I had a chance to run the Farbar tool after moving it to destop and then run the fixlist.txt you supplied.  The process stopped and gave me this error message:

 

 

Line 6815 (File "C:Users\User\Desktop\FRST\FRST64.exe"):

 

Error: Variable used without being declared.

 

 

 

Any suggestions?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,965 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:55 AM

Posted 20 June 2014 - 06:29 AM

Did you copy everything that is listed in the quote box

from

Start

to

end

===

Did you place the fixlist.txt file in the same folder as the FRST tool?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,965 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:55 AM

Posted 26 June 2014 - 10:49 AM

Are you still with me?

#10 dosouth

dosouth
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 27 June 2014 - 06:18 PM

Yes I am and I have printed off your last reply and will work on it tonight.  Travel for work so time gets away....



#11 dosouth

dosouth
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 28 June 2014 - 12:37 PM

Hello,

 

I recreated the FRST destop folder.  Recreated the fixlist.txt file and saved it to the FRST folder.  FRST64  updated itself and so I ran it again and then ran the fixlist.txt file from Start>End but still received the same error message as before except the Line number changed from Line 6815 to Line 7605.....



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,965 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:55 AM

Posted 28 June 2014 - 01:21 PM

Lets break the fix in two sections.

Delete your current fixlist.txt file

Create an other one with only the following lines.
 

start

HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM - {FFF948FD-80FE-431D-9992-857828B76127} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
SearchScopes: HKLM-x32 - {FFF948FD-80FE-431D-9992-857828B76127} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
SearchScopes: HKCU - {FFF948FD-80FE-431D-9992-857828B76127} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

End


Run The FIX

Delete the fixlist.txt file

Create an other one with the follow lines.
 

Start

FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ujuqd6t2.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ []
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2011-08-23]
HKU\S-1-5-21-3919781347-724389126-3921011176-1000\Software\Classes\.exe: => <===== ATTENTION!
HKU\S-1-5-21-3919781347-724389126-3921011176-1000\Software\Classes\exefile: <===== ATTENTION!

End


Run the fix.

Keep me posted.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,965 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:55 AM

Posted 04 July 2014 - 10:40 AM

Are you still with me.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,965 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:55 AM

Posted 11 July 2014 - 09:57 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users