Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

adware issue please help hijack file attached


  • This topic is locked This topic is locked
11 replies to this topic

#1 rajendra786

rajendra786

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 23 May 2015 - 06:40 AM

i have window 7 64 bit ,when I surf by INTERNET EXPL-11 automatically advertisement link opens pl find hijack this file

 

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:28 PM, on 23-May-15
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.17801)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE
C:\Program Files (x86)\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe
C:\Program Files (x86)\PrinterShare\paConsole.exe
C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyVPN.exe
C:\Program Files (x86)\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Administrator\AppData\Roaming\uTorrent\updates\3.4.3_40414\uTorrentie.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
C:\Users\Administrator\AppData\Roaming\uTorrent\updates\3.4.3_40414\uTorrentie.exe
C:\Users\Administrator\AppData\Roaming\uTorrent\updates\3.4.3_40414\uTorrentie.exe
C:\Users\Administrator\AppData\Roaming\uTorrent\updates\3.4.3_40414\uTorrentie.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe
C:\Users\Administrator\Downloads\Computer Clean-Up Kit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nzherald.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AlterGeo Magic Scanner - {9BFBA68E-E21B-458E-AE12-FE85E903D2C1} - C:\Program Files (x86)\AlterGeo\AlterGeo Magic Scanner\3.2.1.742\AlterGeo.BrowserPlugin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SecureWebBHO - {D3C24E2B-C820-4492-9B69-11BF7163F998} - C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - (no file)
O3 - Toolbar: (no name) - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - (no file)
O3 - Toolbar: (no name) - {a0154e07-2b48-475c-a82a-80efd84ea33e} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [E06AXLRD_3778968] "C:\Program Files (x86)\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files (x86)\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - HKCU\..\Run: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe
O4 - HKCU\..\Run: [PrinterShare] C:\Program Files (x86)\PrinterShare\paConsole.exe -minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SurfEasy] C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyVPN.exe startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs:   
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Kaspersky Anti-Virus Service 15.0.0 (AVP15.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Malware Protection - AV Security Software - C:\Windows\mlwps.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Local Synchronization Host (MainLSyncHost) - Unknown owner - c:\windows\syswow64\mpk\lsynchost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service: Privoxy (PrivoxyService) (PrivoxyService) - The Privoxy team - www.privoxy.org - C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: RealPlayer Cloud Service - RealNetworks, Inc. - c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - Unknown owner - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SurfEasy Service (SurfEasyVPN) - Unknown owner - C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD Backup (WDBackup) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 20318 bytes


Edited by computerxpds, 23 May 2015 - 06:51 AM.
Moved to MRL from Windows 7


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 25 May 2015 - 08:49 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running?
Wait for further instructions.

p.s.
HijackThis is no longer supported.
I suggest your remove it Using the Add/Remove programs applet.
Use the Farbar tool from now on to report problems.
<<<>>>

#3 rajendra786

rajendra786
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 25 May 2015 - 11:19 AM

my laptop running windows 7 64 bit ,pl find attach herewith after running Farbar recovery scan, shall wait for yr further instructions,generally I get pop up on firefox browser from Adsupply

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by Administrator (administrator) on DELLLAPTOP on 25-05-2015 20:11:29
Running from C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I82ZMLPV
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1436224 2010-11-30] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2015-01-31] (RealNetworks, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-99012261-2059416597-3692396249-500\...\Run: [] => [X]
HKU\S-1-5-21-99012261-2059416597-3692396249-500\...\Run: [E06AXLRD_1177386] => C:\Program Files (x86)\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE [301776 2005-06-03] (Microsoft Corporation)
HKU\S-1-5-21-99012261-2059416597-3692396249-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKU\S-1-5-21-99012261-2059416597-3692396249-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220"
HKU\S-1-5-21-99012261-2059416597-3692396249-500\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-99012261-2059416597-3692396249-500\...\Policies\Explorer: []
HKU\S-1-5-21-99012261-2059416597-3692396249-500\...\MountPoints2: F - F:\Startme.exe
HKU\S-1-5-21-99012261-2059416597-3692396249-500\...\MountPoints2: {82b60947-577e-11e2-864b-806e6f6e6963} - E:\autoRcd.exe
HKU\S-1-5-21-99012261-2059416597-3692396249-500\...\MountPoints2: {9ab759dc-584f-11e2-9961-d242ceb92b7b} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-99012261-2059416597-3692396249-500\...\MountPoints2: {d4dcab25-5b65-11e2-82e2-9d9eb810ab7c} - F:\Startme.exe
HKU\S-1-5-21-99012261-2059416597-3692396249-500\...\MountPoints2: {eec75f47-cf6e-11e4-93e5-edd3d91f757f} - F:\Startme.exe
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 0x00
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 0x00
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
HKU\S-1-5-21-99012261-2059416597-3692396249-500\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
HKU\S-1-5-21-99012261-2059416597-3692396249-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ae/?ocid=iehp
HKU\S-1-5-21-99012261-2059416597-3692396249-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nzherald.co.nz/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-26] (RealDownloader)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-02-23] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-18] (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-04-25] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-26] (RealDownloader)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-27] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-02-23] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-18] (Microsoft Corp.)
BHO-x32: AlterGeoBHO Class -> {9BFBA68E-E21B-458E-AE12-FE85E903D2C1} -> C:\Program Files (x86)\AlterGeo\AlterGeo Magic Scanner\3.2.1.742\AlterGeo.BrowserPlugin.dll No File
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-04-25] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-20] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-04-25] (Google Inc.)
Toolbar: HKLM-x32 - No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} -  No File
Toolbar: HKLM-x32 - No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
Toolbar: HKLM-x32 - No Name - {a0154e07-2b48-475c-a82a-80efd84ea33e} -  No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-04-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-99012261-2059416597-3692396249-500 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-04-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-99012261-2059416597-3692396249-500 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
Toolbar: HKU\S-1-5-21-99012261-2059416597-3692396249-500 -> No Name - {8FFBFA75-0C80-42BC-B43D-B826C1DBC0F9} -  No File
Toolbar: HKU\S-1-5-21-99012261-2059416597-3692396249-500 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM {CB927D12-4FF7-4A9E-A169-56E4B8A75598} http://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xepbpyi3.default-1432357456136
FF Homepage: hxxp://www.nzherald.co.nz/
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-06-11] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-06-11] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-06-11] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @ei.DailyWellnessGuide_80.com/Plugin -> C:\Program Files (x86)\DailyWellnessGuide_80EI\Installr\1.bin\NP80EISB.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-07-20] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-20] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-02-23] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-02-23] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-02-23] ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( )
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-01-31] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-26] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-01-31] (RealPlayer Cloud)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2010-01-21] (Sony Media Software and Services Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll No File
FF Plugin HKU\S-1-5-21-99012261-2059416597-3692396249-500: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll [2011-01-27] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-99012261-2059416597-3692396249-500: @talk.google.com/GoogleTalkPlugin -> C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-99012261-2059416597-3692396249-500: @talk.google.com/O1DPlugin -> C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-99012261-2059416597-3692396249-500: @tools.google.com/Google Update;version=3 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-99012261-2059416597-3692396249-500: @tools.google.com/Google Update;version=9 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Administrator\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Administrator\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Administrator\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2013-03-28] (Octoshape ApS)
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\e9892acb6c0dae4f51fb8f7fc918bdcf [2015-05-24]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-01-31]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-02-21]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-02-23]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-02-23]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-02-23]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-02-23]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-02-23]
FF HKU\S-1-5-21-99012261-2059416597-3692396249-500\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR HomePage: Default -> hxxp://www.moneycontrol.com/
CHR StartupUrls: Default -> "hxxp://www.moneycontrol.com/"
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-02]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-02]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-02]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-02]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-02]
CHR Extension: (Kaspersky Protection) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-05-02]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-05-02]
CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-02]
CHR Extension: (Bookmark Manager) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-02]
CHR Extension: (Skype Click to Call) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-02]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-02]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-02]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-04-20] ()
S4 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [70952 2011-03-31] (CyberLink)
S4 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [312616 2011-03-31] (CyberLink)
S4 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1868432 2012-12-24] ()
S4 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-17] ()
S4 MainLSyncHost; c:\windows\syswow64\mpk\lsynchost.exe [1695032 2014-10-03] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2010-11-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [282616 2010-11-11] (Microsoft Corporation)
S4 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-28] (Sony Corporation)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
S4 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2015-01-31] (RealNetworks, Inc.)
S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S4 SurfEasyVPN; C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe [3272376 2014-12-02] ()
S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-07-22] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\ADMINI~1\AppData\Local\Temp\7zS2E3B\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-05-22] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-02-23] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-02-23] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S3 s1029bus; C:\Windows\System32\DRIVERS\s1029bus.sys [116264 2009-05-25] (MCCI Corporation)
S3 s1029mdfl; C:\Windows\System32\DRIVERS\s1029mdfl.sys [19496 2009-05-25] (MCCI Corporation)
S3 s1029mdm; C:\Windows\System32\DRIVERS\s1029mdm.sys [158760 2009-05-25] (MCCI Corporation)
S3 s1029mgmt; C:\Windows\System32\DRIVERS\s1029mgmt.sys [139304 2009-05-25] (MCCI Corporation)
S3 s1029nd5; C:\Windows\System32\DRIVERS\s1029nd5.sys [34856 2009-05-25] (MCCI Corporation)
S3 s1029obex; C:\Windows\System32\DRIVERS\s1029obex.sys [135208 2009-05-25] (MCCI Corporation)
S3 s1029unic; C:\Windows\System32\DRIVERS\s1029unic.sys [151592 2009-05-25] (MCCI Corporation)
R3 tapse01; C:\Windows\System32\DRIVERS\tapse01.sys [39096 2014-12-02] (The OpenVPN Project)
S3 uti1otg1; C:\Windows\SysWOW64\Drivers\uti1otg1.sys [7168 2013-04-01] () []
R3 zebrceb; C:\Windows\System32\DRIVERS\zebrceb.sys [81280 2008-01-15] (MCCI)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-04-12] (CyberLink Corp.)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 gttptsod; \??\C:\Windows\system32\drivers\gttptsod.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 20:02 - 2015-05-25 20:11 - 00000000 ____D () C:\FRST
2015-05-25 19:55 - 2015-05-25 19:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-25 19:54 - 2015-05-25 19:55 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-25 19:54 - 2015-05-25 19:54 - 00000000 ____D () C:\Windows\TempEDBE8873-A83F-6C8F-3CEB-1297D4551394-Signatures
2015-05-25 16:22 - 2015-05-25 16:22 - 00000362 _____ () C:\Users\Administrator\Desktop\regedit.reg
2015-05-24 18:39 - 2015-05-24 18:39 - 00028563 _____ () C:\Users\Administrator\Desktop\AdwCleaner[S1].txt
2015-05-24 18:08 - 2015-05-24 18:09 - 02223104 _____ () C:\Users\Administrator\Downloads\AdwCleaner.exe
2015-05-23 19:18 - 2015-05-23 19:18 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-05-23 19:18 - 2015-05-23 19:18 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-05-23 19:01 - 2015-05-23 19:04 - 55915216 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\IE11-Windows6.1-x64-en-us.exe
2015-05-23 15:57 - 2015-05-23 15:57 - 00244844 ____H () C:\Windows\SysWOW64\mlfcache.dat
2015-05-23 15:55 - 2015-05-23 15:55 - 00002503 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2015-05-23 15:55 - 2015-05-23 15:55 - 00002491 _____ () C:\Users\Public\Desktop\Safari.lnk
2015-05-23 15:54 - 2015-05-23 15:55 - 00000000 ____D () C:\Program Files (x86)\Safari
2015-05-23 15:54 - 2015-05-23 15:54 - 02057008 _____ () C:\Users\Administrator\Downloads\Adaware_Installer.exe
2015-05-23 15:54 - 2015-05-23 15:54 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-05-23 15:53 - 2015-05-23 15:53 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-05-23 15:53 - 2015-05-23 15:53 - 00000000 ____D () C:\Program Files\Bonjour
2015-05-23 15:53 - 2015-05-23 15:53 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-05-23 15:52 - 2015-05-23 15:52 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-05-23 15:52 - 2015-05-23 15:52 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-05-23 15:48 - 2015-05-23 15:51 - 38494576 _____ (Apple Inc.) C:\Users\Administrator\Downloads\SafariSetup.exe
2015-05-23 15:19 - 2015-05-23 15:19 - 00000000 ____D () C:\32788R22FWJFW
2015-05-23 15:16 - 2015-05-25 19:54 - 00001935 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-23 15:13 - 2015-05-23 15:20 - 00000000 ____D () C:\Users\Administrator\Downloads\Computer Clean-Up Kit
2015-05-23 12:46 - 2015-05-23 12:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-05-23 12:46 - 2015-05-23 12:46 - 00000000 ____D () C:\Windows\system32\appraiser
2015-05-23 12:16 - 2015-03-25 07:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-23 12:16 - 2015-03-25 07:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-23 12:16 - 2015-03-25 07:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-23 12:16 - 2015-03-25 07:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-23 12:16 - 2015-03-25 07:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-23 12:16 - 2015-03-25 07:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-05-23 12:16 - 2015-03-25 07:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-23 12:16 - 2015-03-25 07:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-23 12:16 - 2015-03-25 07:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-23 12:16 - 2015-03-25 07:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-23 12:16 - 2015-03-25 07:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-05-23 12:16 - 2015-03-25 07:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-23 12:16 - 2015-03-25 07:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-23 12:16 - 2015-03-25 07:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-23 12:16 - 2015-03-25 07:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-23 12:16 - 2015-03-25 07:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-23 12:16 - 2015-03-23 07:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-05-23 12:16 - 2015-03-23 07:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-05-23 12:16 - 2015-01-29 07:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-23 12:16 - 2015-01-29 07:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-23 12:15 - 2015-03-23 07:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-05-23 12:15 - 2015-03-23 07:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-05-23 12:15 - 2015-03-23 07:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-05-23 12:15 - 2015-03-23 07:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-05-23 12:15 - 2015-03-23 07:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-05-23 12:15 - 2015-03-23 07:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-05-23 12:15 - 2015-02-18 11:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-23 12:15 - 2015-02-18 11:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-23 12:15 - 2015-01-28 03:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-05-23 12:14 - 2015-03-04 08:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-23 12:14 - 2015-03-04 08:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-23 12:14 - 2015-03-04 08:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-23 12:14 - 2015-03-04 08:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-23 12:14 - 2015-03-04 08:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-23 12:14 - 2015-03-04 08:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-23 12:14 - 2015-03-04 08:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-23 12:12 - 2015-05-24 14:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-23 10:42 - 2015-05-23 18:52 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-05-23 10:35 - 2015-05-23 10:35 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-23 10:35 - 2015-05-23 10:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-23 10:35 - 2015-05-23 10:35 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-23 10:35 - 2015-05-23 10:35 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-23 10:35 - 2015-05-23 10:35 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-23 10:35 - 2015-05-23 10:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-23 10:35 - 2015-05-23 10:35 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-05-23 10:35 - 2015-05-23 10:35 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-05-23 10:35 - 2015-05-23 10:35 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-23 10:35 - 2015-05-23 10:35 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-23 10:35 - 2015-05-23 10:35 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-05-23 10:35 - 2015-05-23 10:35 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-05-23 10:35 - 2015-05-23 10:35 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-23 10:35 - 2015-05-23 10:35 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-05-23 10:35 - 2015-05-23 10:35 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-05-23 10:35 - 2015-05-23 10:35 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-23 10:35 - 2015-05-23 10:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-23 10:35 - 2015-05-23 10:35 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-05-23 10:35 - 2015-05-23 10:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-05-23 10:35 - 2015-05-23 10:35 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-05-23 10:35 - 2015-05-23 10:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-05-23 10:35 - 2015-05-23 10:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-05-23 10:35 - 2015-05-23 10:35 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-05-23 10:35 - 2015-05-23 10:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-05-23 10:35 - 2015-05-23 10:35 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-23 10:35 - 2015-05-23 10:35 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-05-23 10:35 - 2015-05-23 10:35 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-23 10:35 - 2015-05-23 10:35 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-05-23 10:35 - 2015-05-23 10:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-23 10:30 - 2015-05-23 10:30 - 00000134 _____ () C:\Users\Administrator\Desktop\Internet Explorer Troubleshooting.url
2015-05-23 10:24 - 2015-05-23 10:25 - 36138288 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\IE9-WindowsVista-x64-enu.exe
2015-05-23 09:04 - 2015-05-23 09:04 - 00000000 ____D () C:\Users\Administrator\Desktop\Old Firefox Data
2015-05-23 07:40 - 2015-05-23 07:45 - 00000398 _____ () C:\Users\Administrator\Documents\user.js
2015-05-23 06:27 - 2015-05-25 16:38 - 00001703 _____ () C:\Users\Administrator\Desktop\malware advst.txt
2015-05-22 10:03 - 2015-05-22 10:17 - 00005029 _____ () C:\Users\Administrator\Desktop\malware removal tips.txt
2015-05-22 10:01 - 2015-05-22 10:01 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-05-22 09:53 - 2015-05-22 10:44 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-22 09:00 - 2015-05-23 12:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-22 09:00 - 2015-05-23 07:39 - 00001193 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-22 09:00 - 2015-05-23 07:39 - 00001181 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-22 08:58 - 2015-05-22 09:00 - 40259616 _____ () C:\Users\Administrator\Desktop\Firefox Setup 38.0.5b3.exe
2015-05-20 20:51 - 2015-05-20 20:51 - 00005700 _____ () C:\Users\Administrator\Desktop\streaming nz neo leeming.txt
2015-05-16 07:59 - 2010-10-07 12:08 - 00101376 _____ () C:\Users\Administrator\Desktop\IRH Capital and Revenue 2011 to 2015.xls
2015-05-12 16:59 - 2015-05-13 06:22 - 00000191 _____ () C:\Users\Administrator\Desktop\stock at mandi 15th may 15.txt
2015-05-09 07:22 - 2015-05-09 07:23 - 00000000 ____D () C:\Users\Administrator\Documents\indian passport
2015-05-08 15:06 - 2015-05-08 15:06 - 00001123 _____ () C:\Users\Administrator\Desktop\police clearnace certificate oman.txt
2015-05-08 06:52 - 2015-05-08 06:52 - 00000000 ____D () C:\Users\Administrator\Documents\OMAN VISA RULES
2015-05-04 15:59 - 2015-05-04 15:59 - 00144896 _____ () C:\Users\Administrator\Desktop\2.Main Bldg M Hall Bill No 2.xls
2015-05-04 15:58 - 2015-05-04 15:58 - 03376554 _____ () C:\Users\Administrator\Desktop\multi hall.dwg
2015-05-04 15:58 - 2015-05-04 15:58 - 01239441 _____ () C:\Users\Administrator\Desktop\GENERAL DETAILS.dwg
2015-05-03 20:35 - 2015-05-03 20:35 - 00000170 _____ () C:\Users\Administrator\Desktop\nz property advst 2015.txt
2015-05-02 15:28 - 2015-05-02 15:28 - 00002853 _____ () C:\Users\Administrator\Downloads\software_removal_tool (1).log
2015-05-02 15:27 - 2015-05-02 15:35 - 00005864 _____ () C:\Users\Administrator\Downloads\software_removal_tool.log
2015-05-02 10:38 - 2015-05-02 10:38 - 00001118 _____ () C:\Users\Administrator\Desktop\citizen ecodrive.htm
2015-05-01 14:02 - 2015-05-01 14:02 - 00000331 _____ () C:\Users\Administrator\Desktop\harish panchal contacts.txt
2015-04-28 16:58 - 2015-04-28 17:03 - 00076800 _____ () C:\Users\Administrator\Desktop\maintenance report REV AS ON 28TH APRIL 2015.xls
2015-04-26 16:21 - 2015-05-23 15:16 - 00000000 ____D () C:\Users\Administrator\Desktop\utmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 20:08 - 2013-01-06 01:29 - 01179180 _____ () C:\Windows\WindowsUpdate.log
2015-05-25 19:55 - 2013-01-06 08:57 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-05-25 19:55 - 2013-01-06 05:48 - 00823262 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-25 19:44 - 2009-07-14 08:45 - 00031504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-25 19:44 - 2009-07-14 08:45 - 00031504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-25 19:43 - 2013-01-06 06:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-25 19:36 - 2015-01-18 14:23 - 00003360 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-99012261-2059416597-3692396249-500
2015-05-25 19:36 - 2015-01-18 14:23 - 00003242 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-99012261-2059416597-3692396249-500
2015-05-25 19:36 - 2013-04-09 19:26 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-25 19:35 - 2014-01-11 12:33 - 00000480 ____H () C:\Windows\Tasks\GS-Enabler-S-1622525965.job
2015-05-25 19:35 - 2013-01-06 05:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-25 19:35 - 2010-11-21 07:47 - 47749160 _____ () C:\Windows\PFRO.log
2015-05-25 19:35 - 2009-07-14 09:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-25 19:35 - 2009-07-14 08:51 - 00141187 _____ () C:\Windows\setupact.log
2015-05-25 19:33 - 2014-02-02 20:35 - 00000000 ____D () C:\AdwCleaner
2015-05-25 19:33 - 2013-01-06 05:53 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-25 19:17 - 2015-04-17 06:06 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-99012261-2059416597-3692396249-500UA.job
2015-05-25 15:51 - 2009-07-14 07:20 - 00000000 ____D () C:\Windows\rescache
2015-05-25 15:50 - 2014-10-25 15:49 - 00003966 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{536BA2EF-944F-4451-A767-EEC3A8FFD270}
2015-05-25 14:39 - 2013-05-04 08:36 - 00000000 ____D () C:\Users\Administrator\Desktop\ashirwad docs 2013
2015-05-25 05:47 - 2009-07-14 07:20 - 00000000 ____D () C:\Windows\AppCompat
2015-05-24 18:16 - 2013-01-06 01:34 - 00000000 ____D () C:\Users\Administrator
2015-05-24 14:43 - 2009-07-14 07:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-24 05:17 - 2015-04-17 06:06 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-99012261-2059416597-3692396249-500Core.job
2015-05-23 20:00 - 2013-01-06 07:49 - 00012112 _____ () C:\Windows\IE9_main.log
2015-05-23 19:34 - 2015-03-06 06:22 - 00001447 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-23 19:30 - 2009-07-14 07:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-23 19:25 - 2014-03-28 20:11 - 00052236 _____ () C:\Windows\IE11_main.log
2015-05-23 19:08 - 2013-01-06 05:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent
2015-05-23 18:12 - 2014-03-27 07:29 - 00022955 _____ () C:\Windows\IE10_main.log
2015-05-23 17:00 - 2015-02-28 14:37 - 00003382 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-99012261-2059416597-3692396249-500
2015-05-23 17:00 - 2014-12-11 06:23 - 00003264 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-99012261-2059416597-3692396249-500
2015-05-23 15:55 - 2013-02-04 06:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apple Computer
2015-05-23 15:55 - 2013-02-04 06:35 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2015-05-23 12:46 - 2009-07-14 07:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-23 12:31 - 2014-03-27 07:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-23 07:39 - 2013-01-09 05:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla
2015-05-23 07:03 - 2015-01-05 15:11 - 00000000 ____D () C:\Users\Administrator\Downloads\Exodus.Gods.And.Kings.2014.TELESYNC.XViD.MrSeeN-SiMPLE
2015-05-23 07:03 - 2014-10-05 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\topsevenreviews
2015-05-23 07:03 - 2014-10-05 16:09 - 00000000 ____D () C:\Program Files (x86)\topsevenreviews
2015-05-23 07:03 - 2009-07-14 09:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-05-23 07:03 - 2009-07-14 07:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-05-23 07:02 - 2010-11-21 11:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-05-23 07:02 - 2009-07-14 07:20 - 00000000 ____D () C:\Windows\registration
2015-05-23 07:01 - 2013-01-06 22:15 - 00000000 ____D () C:\ProgramData\Real
2015-05-23 06:04 - 2014-05-31 06:02 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-05-22 09:53 - 2014-09-22 21:21 - 00000000 ____D () C:\Program Files (x86)\STAAD
2015-05-22 08:55 - 2013-01-06 05:53 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-21 18:46 - 2013-01-06 21:08 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-05-21 15:40 - 2013-01-06 06:38 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype
2015-05-21 05:08 - 2013-05-07 18:01 - 00000000 ____D () C:\Windows\pss
2015-05-21 05:07 - 2014-04-04 18:59 - 00000000 ___RD () C:\Users\Administrator\Dropbox
2015-05-21 05:07 - 2014-04-04 18:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Dropbox
2015-05-20 20:54 - 2013-01-06 06:29 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DMCache
2015-05-20 20:32 - 2014-12-13 09:45 - 00000000 ____D () C:\Users\Administrator\AppData\Local\com.surfeasy.se0200
2015-05-20 06:24 - 2013-10-20 06:05 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-20 05:55 - 2013-01-07 06:54 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-20 05:53 - 2014-09-15 20:05 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-17 11:26 - 2013-06-19 06:33 - 00013842 _____ () C:\Users\Administrator\Desktop\hsbc nz net n  hdfc notes.txt
2015-05-16 15:27 - 2013-01-06 05:53 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 15:27 - 2013-01-06 05:53 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 05:12 - 2015-04-17 06:06 - 00003930 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-99012261-2059416597-3692396249-500UA
2015-05-16 05:12 - 2015-04-17 06:06 - 00003534 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-99012261-2059416597-3692396249-500Core
2015-05-14 17:21 - 2013-01-07 05:05 - 00000000 ____D () C:\Users\Administrator\Documents\JOBS NZ
2015-05-12 21:58 - 2013-03-14 17:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-12 21:58 - 2013-01-06 06:10 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-12 19:47 - 2015-02-04 21:53 - 00001272 _____ () C:\Users\Administrator\Desktop\USD NZD .txt
2015-05-12 04:10 - 2014-04-04 18:59 - 00001043 _____ () C:\Users\Administrator\Desktop\Dropbox.lnk
2015-05-12 04:10 - 2014-04-04 18:58 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-11 06:04 - 2013-10-15 06:43 - 00000000 ____D () C:\Users\Administrator\Desktop\property 2013
2015-05-10 06:17 - 2015-04-01 14:35 - 00000000 ____D () C:\Users\Administrator\Desktop\asif ali
2015-05-09 09:24 - 2013-01-07 05:12 - 00000000 ____D () C:\Users\Administrator\Documents\NZ Miscell
2015-05-04 20:16 - 2009-07-14 09:13 - 00805676 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-01 15:57 - 2014-10-25 16:55 - 00004368 _____ () C:\Users\Administrator\Desktop\stocks 2014.txt
2015-05-01 15:56 - 2013-01-07 05:12 - 00000000 ____D () C:\Users\Administrator\Documents\nz property
2015-04-30 10:07 - 2013-01-06 09:30 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-27 20:12 - 2012-12-30 19:18 - 00000000 ____D () C:\Users\Administrator\Documents\BANKS
2015-04-26 12:31 - 2014-12-17 15:21 - 00002293 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk
2015-04-25 16:05 - 2013-03-15 14:54 - 00000000 ____D () C:\Users\Administrator\Documents\tour 2013
2015-04-25 11:13 - 2013-01-06 05:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2015-04-25 10:53 - 2013-01-06 05:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Deployment

==================== Files in the root of some directories =======

2015-03-20 16:23 - 2015-03-20 16:23 - 0017920 _____ () C:\Program Files\329626_TradeBookReport.xls
2013-03-25 16:30 - 2013-03-25 16:30 - 0038442 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft Excel 97-2003.ADR
2013-03-25 16:28 - 2013-03-25 16:28 - 0038443 _____ () C:\Users\Administrator\AppData\Roaming\Tab Separated Values (Windows).ADR
2014-08-29 11:13 - 2014-08-29 11:15 - 0009728 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-16 19:09 - 2014-08-16 19:09 - 0004096 ____H () C:\Users\Administrator\AppData\Local\keyfile3.drm
2014-07-17 19:26 - 2014-07-17 19:26 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-10-01 17:32 - 2014-10-01 17:33 - 6345936 ____R (PC Cleaners) C:\ProgramData\pclunst.exe

Files to move or delete:
====================
C:\ProgramData\pclunst.exe

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgtyaxu.dll
C:\Users\Administrator\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\Administrator\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Administrator\AppData\Local\Temp\NEventMessages.dll
C:\Users\Administrator\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\clauth1.dll
C:\Windows\SysWOW64\clauth2.dll
C:\Windows\SysWOW64\ssprs.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-24 05:53

==================== End of log ============================

 

addition log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by Administrator at 2015-05-25 20:11:59
Running from C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I82ZMLPV
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-99012261-2059416597-3692396249-500 - Administrator - Enabled) => C:\Users\Administrator
ASPNET (S-1-5-21-99012261-2059416597-3692396249-1003 - Limited - Enabled)
Guest (S-1-5-21-99012261-2059416597-3692396249-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-99012261-2059416597-3692396249-1001 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Out of date) {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Microsoft Security Essentials (Disabled - Out of date) {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Microsoft Security Essentials (Disabled - Out of date) {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Microsoft Security Essentials (Enabled - Out of date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Nero SoundTrax Help (x32 Version: 4.0.11.0 - Nero AG) Hidden
µTorrent (HKU\S-1-5-21-99012261-2059416597-3692396249-500\...\uTorrent) (Version: 3.4.3.40414 - BitTorrent Inc.)
4Videosoft MKV Video Converter (HKLM-x32\...\4Videosoft MKV Video Converter_is1) (Version:  - )
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
Aiseesoft DVD Audio Ripper v6.2.56 (HKLM-x32\...\Aiseesoft DVD Audio Ripper v6.2.566.2.56) (Version: 6.2.56 - Friends in War)
AlterGeo Magic Scanner (HKLM-x32\...\{128C4A3A-42D2-4479-8880-3051ECFAA505}) (Version: 3.2.1.742 - AlterGeo)
Apple Application Support (HKLM-x32\...\{553255F3-78FD-40F1-A6F8-6882140265FE}) (Version: 1.2.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoCAD 2013 - English (HKLM\...\AutoCAD 2013 - English) (Version: 19.0.55.0 - Autodesk)
AutoCAD 2013 - English (Version: 19.0.55.0 - Autodesk) Hidden
AutoCAD 2013 Language Pack - English (Version: 19.0.55.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.31 - Avanquest Software)
Bentley IEG License Service (HKLM-x32\...\{D4A33E08-4FE7-40C4-BF5E-5853C56ADD7C}) (Version: 2.0.8 - Bentley Systems Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.17.916 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{7E6316CA-5ED0-4EF9-9920-A92115E286B7}) (Version: 0.7.17.916 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrowseToSave (HKLM\...\{ADF902FF-14E7-4389-A162-5CC5761A2009}) (Version: 1.0 - ) <==== ATTENTION
CDA to MP3 Converter v3.2 build 1159 (HKLM-x32\...\{22AC6A90-A99A-4E41-BADC-AC05C811C2C8}_is1) (Version:  - Hoo Technologies)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 23.4.1.0 - COMODO)
CTSCameraViewer 2.1.0 (HKLM-x32\...\{CB65F1BE-ECF5-4919-96EF-E7DCD444F639}}_is1) (Version:  - CameraTunerSoft.com)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.1005 - CyberLink Corp.)
CyberLink PowerDVD 11 (HKLM-x32\...\InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}) (Version: 11.0.1620.51 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 7 - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.2 - Illustrate)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
Dropbox (HKU\S-1-5-21-99012261-2059416597-3692396249-500\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
EZ CD Audio Converter (32-bit) (HKLM-x32\...\EZ CD Audio Converter (32-bit)) (Version: 1.0.8 - Poikosoft)
EZ CD Audio Converter (HKLM-x32\...\EZ CD Audio Converter) (Version: 2.2.2 - Poikosoft)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Foxit Reader (HKLM-x32\...\{68205FFB-5918-43D4-B0D4-131DE9282046}) (Version: 5.0.2.718 - Foxit Corporation)
Free FLV to MP4 Converter 1.0.10 (HKLM-x32\...\{B00D1F02-C556-48eb-9DC2-32C778B71CE2}_is1) (Version: 1.0.10 - topsevenreviews)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java™ 6 Update 38 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216038FF}) (Version: 6.0.380 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
M6 Processing 1.0 (HKU\S-1-5-21-99012261-2059416597-3692396249-500\...\M6 Processing) (Version: 1.0 - Pysy Software S.L.)
Macromedia Shockwave Player (HKLM-x32\...\Macromedia Shockwave Player) (Version:  - )
Media Go (HKLM-x32\...\{520CD4F0-9DAC-4C5C-8CA1-D0210CFF6062}) (Version: 1.4.269 - Sony)
Menu Templates - Starter Kit (x32 Version: 9.0.4.0 - Nero AG) Hidden
MHTML Converter (HKLM-x32\...\MHTML Converter) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Encarta Premium 2006 DVD (HKLM-x32\...\{06040081-3E21-46D6-9A91-D927BA08F41D}) (Version: 2006 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-99012261-2059416597-3692396249-500\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.0.657.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MKVToolNix 6.1.0 (HKLM-x32\...\MKVToolNix) (Version: 6.1.0 - Moritz Bunkus)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Templates - Starter Kit (x32 Version: 9.0.4.0 - Nero AG) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-99012261-2059416597-3692396249-500\...\MyFreeCodec) (Version:  - )
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Nero 9 (HKLM-x32\...\{e6a1f459-5f4a-4471-92ce-c27b968336fa}) (Version:  - Nero AG)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.54.0 - Nokia)
Nokia Suite (x32 Version: 3.8.54.0 - Nokia) Hidden
Octoshape Streaming Services (HKU\S-1-5-21-99012261-2059416597-3692396249-500\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
Paint Shop Pro 7 ESD (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PC Suite for Sony Ericsson (HKLM-x32\...\{E1252473-6306-4d5d-904D-B06AA7F38161}) (Version: 1.6.0 - )
PC Suite for Sony Ericsson (x32 Version: 1.6.0 - Sony Ericsson) Hidden
PC Suite for Sony Ericsson x64 (Version: 1.6.0 - Sony Ericsson) Hidden
PilotEdit 5.2.0 (HKLM-x32\...\PilotEdit_is1) (Version:  - )
PlayMemories Home (HKLM-x32\...\{1E5C7043-09C5-4974-A69F-A5271FD82BBC}) (Version: 7.0.00.11271 - Sony Corporation)
PlayStation®Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.02.00076 - Sony Computer Entertainment Inc.)
PlayStation®Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 3.1.8.07881 - Sony Computer Entertainment Inc.)
pr1 (HKLM-x32\...\ST5UNST #1) (Version:  - )
PrinterShare 2.3.08 (HKLM\...\{EF8069FB-5FA0-4087-89A0-FA04DA22C4C1}) (Version: 2.3.8.0 - Printer Anywhere Inc.)
QuickTime (HKLM-x32\...\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}) (Version: 7.66.71.0 - Apple Inc.)
RealDownloader (x32 Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Sony Ericsson Symbian 9 Drivers (HKLM\...\Sony Ericsson) (Version:  - )
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
SoundTrax (x32 Version: 4.0.11.0 - Nero AG) Hidden
SurfEasy VPN 3.0.252 (HKLM-x32\...\SurfEasy VPN) (Version: 3.0.252 - SurfEasy Inc)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TouchFreeze (HKLM-x32\...\{D031E017-2434-40A7-A352-4DDD0199170D}) (Version: 1.0.2 - Ivan Zhakov)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
WD Link (HKLM-x32\...\WD Link) (Version: 1.00.03 - Western Digital)
WD Quick View (HKLM-x32\...\{79966948-BECF-4CB1-A79F-E76C830A17D2}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{7AE43D6C-B3F1-448D-AD84-1CDC7AC6EBC7}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
xat.com Image Optimizer (HKLM-x32\...\xat.com Image Optimizer) (Version:  - )
Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Widgets (HKLM-x32\...\Yahoo! Widget Engine) (Version: 4.5.2.0 - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-99012261-2059416597-3692396249-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-99012261-2059416597-3692396249-500_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-99012261-2059416597-3692396249-500_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-99012261-2059416597-3692396249-500_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-99012261-2059416597-3692396249-500_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-99012261-2059416597-3692396249-500_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-99012261-2059416597-3692396249-500_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-99012261-2059416597-3692396249-500_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-99012261-2059416597-3692396249-500_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2013\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-99012261-2059416597-3692396249-500_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-99012261-2059416597-3692396249-500_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-99012261-2059416597-3692396249-500_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-99012261-2059416597-3692396249-500_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-99012261-2059416597-3692396249-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-99012261-2059416597-3692396249-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-99012261-2059416597-3692396249-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-99012261-2059416597-3692396249-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-99012261-2059416597-3692396249-500_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-99012261-2059416597-3692396249-500_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-99012261-2059416597-3692396249-500_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-99012261-2059416597-3692396249-500_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

23-05-2015 10:34:01 Windows Modules Installer
23-05-2015 12:14:04 Windows Update
23-05-2015 15:53:28 Installed Safari
23-05-2015 17:06:49 Windows Modules Installer
23-05-2015 17:54:47 Windows Modules Installer
23-05-2015 17:58:06 Windows Modules Installer
23-05-2015 19:15:54 Windows Modules Installer
23-05-2015 19:17:13 Windows Modules Installer
25-05-2015 16:47:51 Windows Update
25-05-2015 19:52:59 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 06:34 - 2009-06-11 01:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {000AAE24-5700-4572-9868-DAF35801349C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {132BE1C9-609C-4385-A857-7620CB905AC2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {15721F70-5E43-4473-AE0A-4CC438107985} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {176764E5-7C6F-4DFD-B8FE-D2DD6040A3DD} - \GS-Enabler-S-1622525965 No Task File <==== ATTENTION
Task: {18D92B05-193A-4725-A1C5-36D1C2E7ED36} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-99012261-2059416597-3692396249-500 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {2182B061-759F-42FC-A786-901A5A483517} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {22B45059-2552-4651-9C56-EDDE0926108E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-99012261-2059416597-3692396249-500Core => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-17] (Google Inc.)
Task: {2385B40A-E6CF-485A-AC54-617B109DE7F0} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11] (Microsoft Corporation)
Task: {5B31AE43-720B-4C4B-A9D2-C471AD69870F} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11] (Microsoft Corporation)
Task: {5D9C8FC2-F33E-48D9-9AD9-5DE2E8984A45} - System32\Tasks\KeepMySettingsX => C:\Users\Administrator\AppData\Roaming\KeepMySettingsX\keepmysettingsx.exe
Task: {622CF11A-47DB-430A-B983-C96AE5BDAACA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-99012261-2059416597-3692396249-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {67E01D0D-B9A2-40EB-AB05-620D6993C6FF} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-30] (Oracle Corporation)
Task: {6FC39A37-DD26-4F86-BD7A-D4D2D5E87071} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-99012261-2059416597-3692396249-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {80475AA3-8C51-4755-8729-1569F97B17DF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-99012261-2059416597-3692396249-500UA => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-17] (Google Inc.)
Task: {886AD7AB-1F54-46B0-A59C-53A290F669DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-25] (Google Inc.)
Task: {8D737187-B6A3-4F6C-BBFF-80C802F4C9DC} - System32\Tasks\Real Player online update program => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2015-01-31] (RealNetworks, Inc.)
Task: {BBE540E5-DBCD-4ECB-B16C-AAD8B2E95494} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {CD88C4DA-6C08-478C-86AC-E10D5A17CC5F} - System32\Tasks\mcleaner => C:\Users\Administrator\AppData\Roaming\2735.tmp.exe <==== ATTENTION
Task: {D3940DB5-BC40-46F5-A2BE-B23EE14BBBF8} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-99012261-2059416597-3692396249-500 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {DC03BB4B-2612-4640-9B63-E3AD92312D98} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-99012261-2059416597-3692396249-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-99012261-2059416597-3692396249-500UA.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GS-Enabler-S-1622525965.job => c:\programdata\softwarehouse\gs-enabler\GS-Enabler.exeL/schedule /profile c:\programdata\softwarehouse\gs-enabler\1622525965.ini <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2005-06-03 21:30 - 2005-06-03 21:30 - 00248528 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\Reference 2006\ERSREGPR.DLL
2005-06-03 21:30 - 2005-06-03 21:30 - 00203472 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\Reference 2006\MSENCDAT.DLL
2005-06-03 21:30 - 2005-06-03 21:30 - 00178896 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\Reference 2006\ENCCONT.DLL
2005-06-03 21:30 - 2005-06-03 21:30 - 00326352 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\Reference 2006\MSENCXML.DLL
2005-06-03 21:30 - 2005-06-03 21:30 - 00051920 _____ () C:\Program Files (x86)\Microsoft Encarta\Encarta Premium DVD 2006\EDICTITS.EBK
2014-03-31 21:35 - 2014-03-31 21:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:3E7908F7
AlternateDataStreams: C:\ProgramData\Temp:A1EDB939

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-99012261-2059416597-3692396249-500\...\yahoo.com -> hxxps://login.yahoo.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-99012261-2059416597-3692396249-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Autodesk Content Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: CLHNServiceForPowerDVD => 2
MSCONFIG\Services: CyberLink PowerDVD 11.0 Monitor Service => 2
MSCONFIG\Services: CyberLink PowerDVD 11.0 Service => 2
MSCONFIG\Services: DragonUpdater => 2
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HssWd => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: Live Malware Protection => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MainLSyncHost => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Nero BackItUp Scheduler 4.0 => 2
MSCONFIG\Services: PMBDeviceInfoProvider => 2
MSCONFIG\Services: PrivoxyService => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: RealPlayer Cloud Service => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\Services: SurfEasyVPN => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: WDBackup => 2
MSCONFIG\Services: WDDriveService => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acrobat Assistant.lnk => C:\Windows\pss\Acrobat Assistant.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NOTFOUND.lnk => C:\Windows\pss\NOTFOUND.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^StormWatch.lnk => C:\Windows\pss\StormWatch.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^StormWatchApp.lnk => C:\Windows\pss\StormWatchApp.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Yahoo! Widgets.lnk => C:\Windows\pss\Yahoo! Widgets.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Driver Pro => C:\Program Files (x86)\Driver Pro\DPLauncher.exe
MSCONFIG\startupreg: E06AXLRD_3778968 => "C:\Program Files (x86)\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
MSCONFIG\startupreg: Google Update => "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: googletalk => C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iLivid => "C:\Users\Administrator\AppData\Local\iLivid\iLivid.exe" -autorun
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: mRouterConfig => "C:\Program Files (x86)\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
MSCONFIG\startupreg: MSSE => "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: Octoshape Streaming Services => "C:\Users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
MSCONFIG\startupreg: PC Cleaners => "C:\ProgramData\PC Cleaners\PCCleaners.exe" /minimize
MSCONFIG\startupreg: PC Suite for Smartphones => "C:\Program Files (x86)\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: Power2GoExpress => "C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
MSCONFIG\startupreg: PrinterShare => C:\Program Files (x86)\PrinterShare\paConsole.exe -minimized
MSCONFIG\startupreg: RealDownloader => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
MSCONFIG\startupreg: RemoteControl11 => "C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SurfEasy => C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyVPN.exe startup
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: TotalRecipeSearch Home Page Guard 64 bit => "C:\PROGRA~2\TOTALR~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: TotalRecipeSearch Search Scope Monitor => "C:\PROGRA~2\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: TotalRecipeSearch_14 Browser Plugin Loader => C:\PROGRA~2\TOTALR~2\bar\1.bin\14brmon.exe
MSCONFIG\startupreg: TotalRecipeSearch_14 Browser Plugin Loader 64 => C:\PROGRA~2\TOTALR~2\bar\1.bin\14brmon64.exe
MSCONFIG\startupreg: TouchFreeze => C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: vm6 => C:\Users\Administrator\AppData\Roaming\M6 Processing\vm6.exe
MSCONFIG\startupreg: WD Quick View => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{81081376-A76C-4398-813D-C5334DA27FC2}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{E4015652-2E5A-4CE3-889B-D0F75FA5BC71}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4CC93B06-1933-40EC-88CD-F21E698F792B}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E1E7FBE0-FF1A-4D1B-83F6-C87654BA9E53}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{BEFC2836-95DA-4B8D-B55E-AB9F891A4441}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{CE5BE585-1F39-463C-B159-BC02D9E017E2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CE4145DA-8437-4C28-B1EE-403E36ED6373}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS2E3B\hppiw.exe
FirewallRules: [{E07A198A-59BA-4AD2-9FF9-254CB2B03CB4}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS2E3B\hppiw.exe
FirewallRules: [{424D05DF-F18B-4FCF-914B-F6138415BDA2}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS302F\hppiw.exe
FirewallRules: [{C5DBF460-264D-40C3-A58D-A2E947EFC160}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS302F\hppiw.exe
FirewallRules: [{7C1555CB-5E17-4BF9-93B6-E828ED201155}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS33DF\hppiw.exe
FirewallRules: [{C7C8168A-C6E3-4DD9-AFAB-DD89FDFEA9DC}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS33DF\hppiw.exe
FirewallRules: [{53AB9D9A-9E66-4158-A191-39DA8099B988}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS6533\hppiw.exe
FirewallRules: [{2421EC74-76D4-4A29-A365-963F27F1D5C2}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS6533\hppiw.exe
FirewallRules: [{D589B3C4-772A-4D82-860A-09A93E356B7A}] => (Allow) C:\Program Files (x86)\Mail.Ru\Sputnik\SputnikHelper.exe
FirewallRules: [{FCD255F5-8BC8-4EAD-80B9-A29C2ED08CEE}] => (Allow) C:\Program Files (x86)\Mail.Ru\Sputnik\SputnikHelper.exe
FirewallRules: [{0D198BD1-335E-4A0E-B338-75A7EB26EF03}] => (Allow) C:\Program Files (x86)\Mail.Ru\Sputnik\SputnikFlashPlayer.exe
FirewallRules: [{29AFF93F-13FA-4A1D-B22A-84CAB9D55E04}] => (Allow) C:\Program Files (x86)\Mail.Ru\Sputnik\SputnikFlashPlayer.exe
FirewallRules: [{14CF91C9-B1A5-4AF8-AFF8-01826C2FC253}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{A556CE68-D4A1-4135-8861-1B128F0D9A16}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS2212\hppiw.exe
FirewallRules: [{08799EFB-1C3C-40B3-8E18-646A3416D265}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS2212\hppiw.exe
FirewallRules: [{DA030DF6-AE0F-41D2-9AF4-E251343B82D4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11.exe
FirewallRules: [{2D7E4F91-8C63-4E46-874D-6960D5511AC2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
FirewallRules: [{8335A4A3-7B40-4393-B0F8-E65F5FB8B1DD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
FirewallRules: [{43951014-BB63-4728-98B0-3D9CA0195910}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD11\Movie\PowerDVD Cinema\PowerDVDCinema11.exe
FirewallRules: [TCP Query User{2AE130EC-AFC1-48AA-8863-CA0E7BF23836}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe] => (Allow) C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe
FirewallRules: [UDP Query User{BBFF5CA2-A6C9-45F3-8F41-1472E0F66D63}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe] => (Allow) C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe
FirewallRules: [TCP Query User{EF3CBC77-6441-4274-AE30-C7F6DA5B7A17}C:\program files (x86)\sony\media go\mediago.exe] => (Allow) C:\program files (x86)\sony\media go\mediago.exe
FirewallRules: [UDP Query User{F07C0820-B751-416B-AA04-66C8A8618846}C:\program files (x86)\sony\media go\mediago.exe] => (Allow) C:\program files (x86)\sony\media go\mediago.exe
FirewallRules: [TCP Query User{903E50F4-2D76-4799-A1D7-A0A375EAB6A2}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe] => (Allow) C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe
FirewallRules: [UDP Query User{73033573-17DF-4E52-8A54-DF155C7164D1}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe] => (Allow) C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe
FirewallRules: [TCP Query User{BC1B097B-F349-4513-BF18-9874B13CCD7E}C:\users\administrator\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\administrator\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [UDP Query User{425A2B0F-1FF2-49BA-A93C-FF2581A89429}C:\users\administrator\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\administrator\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [{FA37A6C9-E273-4CCE-8000-FB5E9B42791B}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{14C7C05F-668B-413D-B066-D2D9A3872C7F}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{3AB82BBD-79ED-4A63-8235-D9EE0FB04915}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{CC9B04CF-BC70-4BA6-867C-072E119CD056}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [{81BA5DE6-0C6F-4B95-B517-905D9353B9E0}] => (Allow) C:\Program Files (x86)\Tango\Tango.exe
FirewallRules: [{9D0B9D1B-5DB1-4B4D-8328-1D1E290E4FFA}] => (Allow) C:\Program Files (x86)\Tango\Tango.exe
FirewallRules: [{694B47AA-9462-45AB-8C3F-CE39CC396281}] => (Allow) C:\Users\Administrator\AppData\Local\iLivid\iLivid.exe
FirewallRules: [{4FF4800B-C845-4FF5-90F9-CBE8C6C2F65C}] => (Allow) C:\Users\Administrator\AppData\Local\iLivid\iLivid.exe
FirewallRules: [{B9C83C4D-5880-479E-AF7E-46C6C2CD48A0}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{67911497-C810-4300-A500-10ACBAFD9FF5}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{75139E69-A41E-4264-A658-328DCA594F6C}] => (Allow) C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{578F3D38-3F84-45D6-9A10-D1F6B9A7E6A4}] => (Allow) C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FE77F310-8244-4E06-A73A-94C340C889F0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B4A1FA02-CE0B-45F5-B40A-F6CE662D234A}] => (Allow) LPort=2869
FirewallRules: [{2BE8E160-C825-4365-A0D4-69DF2A8218EB}] => (Allow) LPort=1900
FirewallRules: [{9D4D1D6F-E6BD-489D-AC6F-B762EB08E70E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A2B3042C-02AF-4CBA-A033-FCC87176584D}] => (Allow) LPort=50248
FirewallRules: [{37333989-4640-4C40-836C-EB270C4C4E11}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AB4B41D9-D205-4FE0-80BC-CA15E0427A58}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FF11DA5A-ED3D-4A4E-A220-06D01EFC14EE}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{73D7ACEA-8E53-4879-A588-2AD708949644}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{32AE5084-80EA-4056-9C3E-021731F6D569}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{81C2757C-EB0B-42FA-BEB4-1C6B6CC5B4EA}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{27C3F960-A581-4529-BE2E-0B3C7B045D57}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{A2764CA9-A985-4F31-9CC6-B4F9B9196823}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [{332CC548-A939-49DA-8A40-981B3946AFD0}] => (Allow) C:\Users\Administrator\AppData\Local\TNT2\2.0.0.1928\TNT2User.exe
FirewallRules: [{7527FBD1-E59E-42BD-813C-385E14C3C60D}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [TCP Query User{70D2D29A-03AF-428E-BDBD-054A890B5833}C:\program files (x86)\printershare\paconsole.exe] => (Allow) C:\program files (x86)\printershare\paconsole.exe
FirewallRules: [UDP Query User{9BC8DF74-9867-4BE3-A036-3C35011C6431}C:\program files (x86)\printershare\paconsole.exe] => (Allow) C:\program files (x86)\printershare\paconsole.exe
FirewallRules: [TCP Query User{0EEDEE7C-B369-4E90-B14A-2F2DA91B9FE0}E:\setup.exe] => (Allow) E:\setup.exe
FirewallRules: [UDP Query User{957F004D-1297-446B-B5F5-0525BD5B5507}E:\setup.exe] => (Allow) E:\setup.exe
FirewallRules: [TCP Query User{DBBDD920-348C-4B1B-8DB4-72F39F16F722}C:\program files (x86)\printershare\paconsole.exe] => (Allow) C:\program files (x86)\printershare\paconsole.exe
FirewallRules: [UDP Query User{1A3700DD-2E61-4D9C-A5B5-1B93DC112887}C:\program files (x86)\printershare\paconsole.exe] => (Allow) C:\program files (x86)\printershare\paconsole.exe
FirewallRules: [TCP Query User{AC8F0BE6-5641-4D69-9AD3-1754FA7DDD3A}C:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{8C402434-87E0-484D-BB4D-E1860C7E1B6E}C:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{916B88A1-076E-4EFB-93B8-071D6B680610}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{64DC003C-F14B-44E8-8B29-7DB76D05AB12}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{E0DECDAB-4D5F-4018-AF5F-1CB4BD5D9B9E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3CAD6014-B59F-4A2B-AB76-0D99A77192C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3BD1F2F2-9947-4D93-B5F2-4CAF3CA55493}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7D281D85-B280-4A49-B283-376E18466ECC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7E47A4E4-708A-4A53-B784-A8BA9EC68259}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{84BFF2A5-6DFC-4017-833B-6C1672D23B4D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

==================== Faulty Device Manager Devices =============

Name: BAPIDRV
Description: BAPIDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BAPIDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2015 07:54:23 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"1".Error in manifest or policy file "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"2" on line Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
Definition is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/25/2015 07:54:19 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"1".Error in manifest or policy file "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"2" on line Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
Definition is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/25/2015 07:37:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2015 04:48:33 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"1".Error in manifest or policy file "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"2" on line Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
Definition is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/25/2015 04:48:31 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"1".Error in manifest or policy file "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"2" on line Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
Definition is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/25/2015 03:07:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/25/2015 03:05:09 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"1".Error in manifest or policy file "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"2" on line Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
Definition is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/25/2015 03:05:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/25/2015 03:04:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (05/25/2015 03:04:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

System errors:
=============
Error: (05/25/2015 07:38:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (05/25/2015 07:34:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%3

Error: (05/25/2015 07:34:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (05/25/2015 07:34:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (05/25/2015 07:34:23 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (05/25/2015 07:33:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (05/25/2015 07:33:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/25/2015 07:33:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/25/2015 07:33:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/25/2015 07:33:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Indexing Service service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-07-06 09:25:50.976
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-06 09:25:50.974
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-06 09:25:50.971
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-06 09:25:50.954
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-06 09:25:50.951
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-06 09:25:50.949
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-05 20:52:26.740
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-05 20:52:26.738
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-05 20:52:26.735
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-05 20:52:26.718
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 41%
Total physical RAM: 3894.68 MB
Available physical RAM: 2278.73 MB
Total Pagefile: 7787.54 MB
Available Pagefile: 5405.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.39 GB) (Free:40.66 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:151.6 GB) (Free:81.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 6043C50E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=151.6 GB) - (Type=07 NTFS)

==================== End of log ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 25 May 2015 - 01:01 PM



Remove this program in bold using the Add/Remove Programs applet.
BrowseToSave (HKLM\...\{ADF902FF-14E7-4389-A162-5CC5761A2009}) (Version: 1.0 - ) <==== ATTENTION

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-99012261-2059416597-3692396249-500\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO-x32: AlterGeoBHO Class -> {9BFBA68E-E21B-458E-AE12-FE85E903D2C1} -> C:\Program Files (x86)\AlterGeo\AlterGeo Magic Scanner\3.2.1.742\AlterGeo.BrowserPlugin.dll No File
Toolbar: HKLM-x32 - No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} -  No File
Toolbar: HKLM-x32 - No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
Toolbar: HKLM-x32 - No Name - {a0154e07-2b48-475c-a82a-80efd84ea33e} -  No File
Toolbar: HKU\S-1-5-21-99012261-2059416597-3692396249-500 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
Toolbar: HKU\S-1-5-21-99012261-2059416597-3692396249-500 -> No Name - {8FFBFA75-0C80-42BC-B43D-B826C1DBC0F9} -  No File
Toolbar: HKU\S-1-5-21-99012261-2059416597-3692396249-500 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @ei.DailyWellnessGuide_80.com/Plugin -> C:\Program Files (x86)\DailyWellnessGuide_80EI\Installr\1.bin\NP80EISB.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll No File
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\e9892acb6c0dae4f51fb8f7fc918bdcf [2015-05-24]
S2 HPSLPSVC; C:\Users\ADMINI~1\AppData\Local\Temp\7zS2E3B\hpslpsvc64.dll [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 gttptsod; \??\C:\Windows\system32\drivers\gttptsod.sys [X]
Task: C:\Windows\Tasks\GS-Enabler-S-1622525965.job => c:\programdata\softwarehouse\gs-enabler\GS-Enabler.exeL/schedule /profile c:\programdata\softwarehouse\gs-enabler\1622525965.ini <==== ATTENTION
Task: {CD88C4DA-6C08-478C-86AC-E10D5A17CC5F} - System32\Tasks\mcleaner => C:\Users\Administrator\AppData\Roaming\2735.tmp.exe <==== ATTENTION
Task: {176764E5-7C6F-4DFD-B8FE-D2DD6040A3DD} - \GS-Enabler-S-1622525965 No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:3E7908F7
AlternateDataStreams: C:\ProgramData\Temp:A1EDB939
C:\Users\Administrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgtyaxu.dll
C:\Users\Administrator\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\Administrator\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Administrator\AppData\Local\Temp\NEventMessages.dll
C:\Users\Administrator\AppData\Local\Temp\NOSEventMessages.dll
C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\e9892acb6c0dae4f51fb8f7fc918bdcf
c:\programdata\softwarehouse\gs-enabler
C:\Users\Administrator\AppData\Roaming\2735.tmp.exe

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

As previously requested download and run the AdwCleaner.
Clean everything that is left over.

How is the computer running now?

#5 rajendra786

rajendra786
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 25 May 2015 - 09:29 PM

i had  followed above and pl find fixlog file, I will feedback on working after I try once again;

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Administrator at 2015-05-26 06:13:32 Run:1
Running from C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I82ZMLPV
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-99012261-2059416597-3692396249-500\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO-x32: AlterGeoBHO Class -> {9BFBA68E-E21B-458E-AE12-FE85E903D2C1} -> C:\Program Files (x86)\AlterGeo\AlterGeo Magic Scanner\3.2.1.742\AlterGeo.BrowserPlugin.dll No File
Toolbar: HKLM-x32 - No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} -  No File
Toolbar: HKLM-x32 - No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
Toolbar: HKLM-x32 - No Name - {a0154e07-2b48-475c-a82a-80efd84ea33e} -  No File
Toolbar: HKU\S-1-5-21-99012261-2059416597-3692396249-500 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
Toolbar: HKU\S-1-5-21-99012261-2059416597-3692396249-500 -> No Name - {8FFBFA75-0C80-42BC-B43D-B826C1DBC0F9} -  No File
Toolbar: HKU\S-1-5-21-99012261-2059416597-3692396249-500 -> No Name -
{47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @ei.DailyWellnessGuide_80.com/Plugin -> C:\Program Files (x86)\DailyWellnessGuide_80EI\Installr\1.bin\NP80EISB.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll No File
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\e9892acb6c0dae4f51fb8f7fc918bdcf [2015-05-24]
S2 HPSLPSVC; C:\Users\ADMINI~1\AppData\Local\Temp\7zS2E3B\hpslpsvc64.dll [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 gttptsod; \??\C:\Windows\system32\drivers\gttptsod.sys [X]
Task: C:\Windows\Tasks\GS-Enabler-S-1622525965.job => c:\programdata\softwarehouse\gs-enabler\GS-Enabler.exeL/schedule /profile
c:\programdata\softwarehouse\gs-enabler\1622525965.ini <==== ATTENTION
Task: {CD88C4DA-6C08-478C-86AC-E10D5A17CC5F} - System32\Tasks\mcleaner => C:\Users\Administrator\AppData\Roaming\2735.tmp.exe <==== ATTENTION
Task: {176764E5-7C6F-4DFD-B8FE-D2DD6040A3DD} - \GS-Enabler-S-1622525965 No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:3E7908F7
AlternateDataStreams: C:\ProgramData\Temp:A1EDB939
C:\Users\Administrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgtyaxu.dll
C:\Users\Administrator\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\Administrator\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Administrator\AppData\Local\Temp\NEventMessages.dll
C:\Users\Administrator\AppData\Local\Temp\NOSEventMessages.dll
C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\e9892acb6c0dae4f51fb8f7fc918bdcf
c:\programdata\softwarehouse\gs-enabler
C:\Users\Administrator\AppData\Roaming\2735.tmp.exe

End

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully
HKU\S-1-5-21-99012261-2059416597-3692396249-500\Software\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9BFBA68E-E21B-458E-AE12-FE85E903D2C1}" => key Removed successfully
"HKCR\Wow6432Node\CLSID\{9BFBA68E-E21B-458E-AE12-FE85E903D2C1}" => key Removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{09900DE8-1DCA-443F-9243-26FF581438AF} => value Removed successfully
HKCR\Wow6432Node\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} => value Removed successfully
HKCR\Wow6432Node\CLSID\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{a0154e07-2b48-475c-a82a-80efd84ea33e} => value Removed successfully
HKCR\Wow6432Node\CLSID\{a0154e07-2b48-475c-a82a-80efd84ea33e} => key not found.
HKU\S-1-5-21-99012261-2059416597-3692396249-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} => value Removed successfully
HKCR\CLSID\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} => key not found.
HKU\S-1-5-21-99012261-2059416597-3692396249-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FFBFA75-0C80-42BC-B43D-B826C1DBC0F9} => value Removed successfully
HKCR\CLSID\{8FFBFA75-0C80-42BC-B43D-B826C1DBC0F9} => key not found.
HKU\S-1-5-21-99012261-2059416597-3692396249-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-99012261-2059416597-3692396249-500 -> No Name - => value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-99012261-2059416597-3692396249-500 -> No Name - => key not found.
{47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File => Error: No automatic fix ' & $found1 & ' for this entry.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@ei.DailyWellnessGuide_80.com/Plugin" => key Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1" => key Removed successfully
C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\e9892acb6c0dae4f51fb8f7fc918bdcf => Moved successfully.
HPSLPSVC => Service Removed successfully
BAPIDRV => Service Removed successfully
dgderdrv => Service Removed successfully
gttptsod => Service Removed successfully
C:\Windows\Tasks\GS-Enabler-S-1622525965.job => Moved successfully.
"c:\programdata\softwarehouse\gs-enabler\1622525965.ini <==== ATTENTION" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD88C4DA-6C08-478C-86AC-E10D5A17CC5F}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD88C4DA-6C08-478C-86AC-E10D5A17CC5F}" => key Removed successfully
C:\Windows\System32\Tasks\mcleaner => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mcleaner" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{176764E5-7C6F-4DFD-B8FE-D2DD6040A3DD}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{176764E5-7C6F-4DFD-B8FE-D2DD6040A3DD}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GS-Enabler-S-1622525965" => key Removed successfully
C:\ProgramData\Temp => ":3E7908F7" ADS Removed successfully.
C:\ProgramData\Temp => ":A1EDB939" ADS Removed successfully.
C:\Users\Administrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgtyaxu.dll => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\gtalkwmp1.dll => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\jre-8u45-windows-au.exe => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\NEventMessages.dll => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\NOSEventMessages.dll => Moved successfully.
"C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\e9892acb6c0dae4f51fb8f7fc918bdcf" => File/Folder not found.
"c:\programdata\softwarehouse\gs-enabler" => File/Folder not found.
"C:\Users\Administrator\AppData\Roaming\2735.tmp.exe" => File/Folder not found.

The system needed a reboot.

==== End of Fixlog 06:13:58 ====



#6 rajendra786

rajendra786
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 26 May 2015 - 06:00 AM

dear nasdaq, i find problem has been rectified and many thanks for your support, for my knowledge can u let me know which programs or virus was infected in my pc? and to avoid this in future what should i do, major changes i found was when i was logging newspaper www.timesofindia.com , i use to see many advertisement, now all gone .



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 26 May 2015 - 08:26 AM

No virus just some Adware that generates Adds.
They come bundled with many 3rd party programs. Watch what you download.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 rajendra786

rajendra786
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 26 May 2015 - 09:13 AM

dear nasdaq, i am sending another desktop computer running 32 bit windows vista log file , this computer is running slow

 

pl find log file FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-05-2015
Ran by User (administrator) on RAJENDRADESKTOP on 26-05-2015 18:09:42
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User & Guest)
Platform: Microsoft® Windows Vista™ Home Premium  (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

 

==================== Processes (Whitelisted) =================

 

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn11\ytbb.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acer Tour] => [X]
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4390912 2007-03-01] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-12-03] (Kaspersky Lab ZAO)
HKLM\...\Run: [dplaysvr] => C:\Users\User\AppData\Local\dplaysvr.exe
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-11-08] (Adobe Systems Incorporated)
Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll [2011-04-24] (Kaspersky Lab ZAO)
HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\Run: [Acer Tour Reminder] => [X]
HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\Run: [] => [X]
HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-04] (Google Inc.)
HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\Run: [E06AXLRD_11876652] => C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE [301776 2005-06-03] (Microsoft Corporation)
HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\Run: [LxrAutorun] => C:\Users\User\AppData\Local\Lexar Media\LxrAutorun.exe
HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\MountPoints2: {235b2518-10ae-11df-82ad-0019dbba6b68} - "K:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\MountPoints2: {48788310-bddc-11dc-92d8-0019dbba6b68} - J:\Driver\Files\Drago.exe
HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\MountPoints2: {616b3188-bd17-11dc-9cc5-0019dbba6b68} - Driver\Files\Drago.exe
HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\MountPoints2: {7ac3c6b2-9604-11df-a4b4-0019dbba6b68} - F:\AutoRun.exe
HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\MountPoints2: {873b5664-b863-11de-8bde-0019dbba6b68} - F:\sv8c2bjw.bat
HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\MountPoints2: {c0c32703-e7c2-11df-9f6a-001e101f0e7d} - F:\AutoRun.exe
HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\MountPoints2: {cd10956b-8c92-11df-b095-0019dbba6b68} - F:\AutoRun.exe
HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\MountPoints2: {cd109576-8c92-11df-b095-0019dbba6b68} - K:\AutoRun.exe
HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\MountPoints2: {ec0fcc62-1522-11df-8001-0019dbba6b68} - F:\Startme.exe
HKU\S-1-5-18\...\Run: [Acer Tour Reminder] => C:\Acer\AcerTour\Reminder.exe [151552 2007-02-16] (Acer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk [2015-02-22]
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2009-02-09] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [NBHShellExt] -> {8D2223A2-B3C6-4e32-B096-CDD11F628C60} =>  No File
BootExecute: autocheck autochk /p \??\K:autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.moneycontrol.com/
URLSearchHook: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll (Yahoo! Inc.)
SearchScopes: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll [2014-07-29] (Yahoo! Inc.)
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15] (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-06-16] (RealPlayer)
BHO: IE to GetRight Helper -> {31FF080D-12A3-439A-A2EF-4BA95A3148E8} -> C:\Program Files\GetRight\xx2gr.dll [2007-07-18] (Headlight Software, Inc.)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG8\avgssie.dll No File
BHO: No Name -> {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} ->  No File
BHO: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll [2011-04-24] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation)
BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} ->  No File
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: Encarta Web Companion Helper Object -> {955BE0B8-BC85-4CAF-856E-8E0D8B610560} -> C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-03] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-06] (Google Inc.)
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-06-19] (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.10.11023.1534\swg.dll [2015-03-06] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
BHO: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll [2011-04-24] (Kaspersky Lab ZAO)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll [2007-02-07] (HiTRUST)
Toolbar: HKLM - Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-03] (Microsoft Corporation)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll [2014-07-29] (Yahoo! Inc.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-06] (Google Inc.)
Toolbar: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000 -> Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-03] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000 -> No Name - {EA6BF496-A4A3-40BB-9A5C-A510DB132EE0} -  No File
Toolbar: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-06] (Google Inc.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll [2007-10-18] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll [2007-10-18] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-06-19] (Skype Technologies S.A.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of  Addition.txt
Tcpip\..\Interfaces\{6126BD18-EB53-46C6-AF31-314B4BCFAA1F}: [NameServer] 212.72.1.186,212.72.23.30

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5tzxolvf.default
FF Homepage: hxxp://www.nzherald.co.nz/
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 9666
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 9666
FF NetworkProxy: "no_proxies_on", "127.0.0.1"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 9666
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 9666
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll [2012-07-02] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2009-03-18] (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2012-06-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2012-06-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-06-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-06-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2012-06-16] (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3241121675-3820270717-1873967838-1000: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-10-20] (Yahoo! Inc.)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5tzxolvf.default\user.js [2013-01-05]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5tzxolvf.default\searchplugins\alnaddyToolbar.xml [2013-01-05]
FF Extension: Add Google Search To New Tab Page - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5tzxolvf.default\Extensions\newtabgoogle@graememcc.co.uk.xpi [2015-03-14]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-17]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-05-17]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-05-17]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-05-17]
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2010-02-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-03]
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-03-01]
FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012-03-01]
FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012-03-01]
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2012-04-08]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-16]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-10]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2010-02-18]

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-08]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-08]
CHR Extension: (Alnaddy Chrome Toolbar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfgeoffnibjeoognckaejmoibecgaodo [2013-02-08]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-08]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-08]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-02-08]
CHR Extension: (uTorrentControl3) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcoadpabahabkmdndndlimfikephnoka [2013-02-08]
CHR Extension: (Virtual Keyboard) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-02-08]
CHR Extension: (Freemake Video Converter) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-02-08]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-02-08]
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-02-08]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-02-08]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-08]
CHR Extension: (Anti-Banner) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-02-08]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx [2011-04-27]
CHR HKLM\...\Chrome\Extension: [fcoadpabahabkmdndndlimfikephnoka] - C:\Users\User\AppData\Local\CRE\fcoadpabahabkmdndndlimfikephnoka.crx [2012-06-07]
CHR HKLM\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx [2011-04-27]
CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2012-04-08]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-06-16]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-06-19]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx [2011-04-27]
CHR HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcoadpabahabkmdndndlimfikephnoka] - C:\Users\User\AppData\Local\CRE\fcoadpabahabkmdndndlimfikephnoka.crx [2012-06-07]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [266343 2007-04-05] (CyberLink) []
S2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2006-12-30] () []
S2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554352 2007-09-12] (Symantec Corporation)
S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-12-03] (Kaspersky Lab ZAO)
S2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-02-07] (HiTRSUT)
S2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-01-31] (Acer Inc.) []
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-04-03] (Macrovision Europe Ltd.) []
S2 gupdate1c9e5d8b0b2c66a; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-22] (Google Inc.)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) []
S2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-15] (Hewlett-Packard Company) []
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
S2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
S2 LxrSII1s; C:\Windows\system32\LxrSII1s.exe [65536 2009-12-30] (Lexar Media, Inc.) []
S2 PLFlash DeviceIoControl Service; C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe [81920 2008-08-29] (Prolific Technology Inc.) []
S2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474168 2012-04-22] (Sony Corporation)
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] () []
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [652800 2010-01-26] (Nokia) []
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136 2012-06-19] (Skype Technologies S.A.)
S3 Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [155344 2011-06-29] (Avanquest Software) []
S3 usnjsvc; C:\Program Files\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation)
S2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2009-11-13] (WDC) []
S2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) []
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [265912 2007-01-17] (Microsoft Corporation)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)
S2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S2 LiveUpdate Notice Ex; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2006-11-02] (Microsoft Corporation)
S3 acfva; C:\Windows\System32\DRIVERS\ACFVA32.sys [87040 2008-07-15] (Conexant Systems Inc.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [23000 2005-05-31] (IVT Corporation) []
S3 dgcfltr; C:\Windows\System32\DRIVERS\ACFDCP32.sys [28928 2008-06-16] (Conexant Systems, Inc.)
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] ()
S3 k750mgmt; C:\Windows\System32\DRIVERS\k750mgmt.sys [81728 2008-01-25] (MCCI)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [133208 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [570160 2011-04-20] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [23856 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-02] (Kaspersky Lab)
R2 LxrSII1d; C:\Windows\System32\Drivers\LxrSII1d.sys [63448 2009-12-30] (Lexar Media, Inc.)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2009-05-06] (NewTech Infosystems, Inc.) []
S1 oxser; C:\Windows\System32\DRIVERS\oxser.sys [51169 2003-04-28] (OEM) []
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20264 2007-02-07] (HiTRUST)
R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-02-07] (HiTRUST)
R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-02-07] (HiTRUST)
R3 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [56320 2012-11-29] (Dataram, Inc.)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)
S3 s1029bus; C:\Windows\System32\DRIVERS\s1029bus.sys [90280 2009-05-25] (MCCI Corporation)
S3 s1029mdfl; C:\Windows\System32\DRIVERS\s1029mdfl.sys [15016 2009-05-25] (MCCI Corporation)
S3 s1029mdm; C:\Windows\System32\DRIVERS\s1029mdm.sys [122280 2009-05-25] (MCCI Corporation)
S3 s1029mgmt; C:\Windows\System32\DRIVERS\s1029mgmt.sys [115880 2009-05-25] (MCCI Corporation)
S3 s1029nd5; C:\Windows\System32\DRIVERS\s1029nd5.sys [26024 2009-05-25] (MCCI Corporation)
S3 s1029obex; C:\Windows\System32\DRIVERS\s1029obex.sys [111912 2009-05-25] (MCCI Corporation)
S3 s1029unic; C:\Windows\System32\DRIVERS\s1029unic.sys [116904 2009-05-25] (MCCI Corporation)
S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [83336 2007-04-03] (MCCI Corporation)
S3 s116mdfl; C:\Windows\System32\DRIVERS\s116mdfl.sys [15112 2007-04-03] (MCCI Corporation)
S3 s116mdm; C:\Windows\System32\DRIVERS\s116mdm.sys [108680 2007-04-03] (MCCI Corporation)
S3 s116mgmt; C:\Windows\System32\DRIVERS\s116mgmt.sys [100488 2007-04-03] (MCCI Corporation)
S3 s116nd5; C:\Windows\System32\DRIVERS\s116nd5.sys [23176 2007-04-03] (MCCI Corporation)
S3 s116obex; C:\Windows\System32\DRIVERS\s116obex.sys [98696 2007-04-03] (MCCI Corporation)
S3 s116unic; C:\Windows\System32\DRIVERS\s116unic.sys [99080 2007-04-03] (MCCI Corporation)
S3 STV680; C:\Windows\System32\drivers\STV680.sys [105544 2000-11-10] (STMicroelectronics                                          ) []
R3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1963680 2006-12-06] (Microsoft Corporation)
S3 w810bus; C:\Windows\System32\DRIVERS\w810bus.sys [58288 2006-02-20] (MCCI)
S3 w810mgmt; C:\Windows\System32\DRIVERS\w810mgmt.sys [85408 2008-01-25] (MCCI)
S3 w810obex; C:\Windows\System32\DRIVERS\w810obex.sys [83344 2008-01-25] (MCCI)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U3 navapsvc; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U3 SAVRT; No ImagePath
U1 SAVRTPEL; No ImagePath
U2 srservice; No ImagePath
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-26 17:44 - 2015-05-26 17:50 - 00062188 _____ () C:\Users\User\Desktop\Addition.txt
2015-05-26 17:42 - 2015-05-26 18:09 - 00031495 _____ () C:\Users\User\Desktop\FRST.txt
2015-05-26 17:42 - 2015-05-26 18:09 - 00000000 ____D () C:\FRST
2015-05-26 17:42 - 2015-05-26 17:42 - 01147392 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2015-05-26 17:41 - 2015-05-26 17:41 - 00000000 ____D () C:\Users\User\AppData\Local\visi_coupon
2015-05-26 17:32 - 2015-05-26 17:40 - 00000000 ____D () C:\AdwCleaner
2015-05-26 17:31 - 2015-05-26 17:31 - 02223104 _____ () C:\Users\User\Desktop\adwcleaner_4.205.exe
2015-05-23 11:30 - 2015-05-23 11:30 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-05-23 11:30 - 2015-05-23 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-23 11:30 - 2015-05-23 11:30 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-05-23 11:28 - 2015-05-23 11:29 - 00270578 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2015-05-23 11:26 - 2009-08-24 16:47 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2015-05-17 18:00 - 2015-05-17 18:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-16 15:19 - 2015-05-16 15:21 - 00000000 ____D () C:\Users\User\Desktop\MRP POLICE CLEARANCE N PPT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-26 18:10 - 2008-02-09 21:59 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{C9932585-4C49-4E0E-87CA-85BC4A312B10}.job
2015-05-26 17:59 - 2006-11-02 16:47 - 00003200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-26 17:59 - 2006-11-02 16:47 - 00003200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-26 17:46 - 2009-07-01 16:14 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-26 17:46 - 2009-07-01 16:14 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-26 16:03 - 2008-01-05 21:16 - 01630662 _____ () C:\Windows\WindowsUpdate.log
2015-05-26 16:03 - 2006-11-02 15:18 - 00000000 ____D () C:\Windows\tracing
2015-05-26 16:00 - 2011-01-24 06:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-26 15:59 - 2006-11-02 17:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-23 13:02 - 2006-11-02 17:01 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-23 13:00 - 2012-02-04 15:57 - 00009893 _____ () C:\Windows\IE9_main.log
2015-05-23 11:58 - 2015-01-25 14:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-23 11:45 - 2006-11-02 15:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-23 11:30 - 2012-06-29 12:07 - 00000000 ___RD () C:\Program Files\Skype
2015-05-23 11:30 - 2012-06-29 12:07 - 00000000 ____D () C:\ProgramData\Skype
2015-05-19 06:12 - 2009-04-18 15:34 - 00000000 ____D () C:\Users\User\AIRLINES
2015-05-19 05:39 - 2012-06-18 17:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-08 12:57 - 2010-10-07 14:36 - 00000000 ____D () C:\Users\User\Desktop\Ashirwad
2015-05-07 15:13 - 2006-11-02 14:33 - 00745868 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-30 10:07 - 2006-11-02 14:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Files in the root of some directories =======

2009-03-02 17:47 - 2012-06-18 19:20 - 0000144 _____ () C:\Users\User\AppData\Roaming\default.rss
2009-03-02 17:47 - 2009-03-02 17:47 - 0000000 _____ () C:\Users\User\AppData\Roaming\downloads.m3u
2008-02-11 14:38 - 2008-02-11 14:38 - 0087608 _____ () C:\Users\User\AppData\Roaming\inst.exe
2009-04-15 21:02 - 2009-04-18 15:15 - 0487761 _____ () C:\Users\User\AppData\Roaming\NMM-MetaData.db
2008-02-11 14:38 - 2008-02-11 14:38 - 0007887 _____ () C:\Users\User\AppData\Roaming\pcouffin.cat
2008-02-11 14:38 - 2008-02-11 14:38 - 0001144 _____ () C:\Users\User\AppData\Roaming\pcouffin.inf
2008-02-11 14:38 - 2008-02-11 14:38 - 0000034 _____ () C:\Users\User\AppData\Roaming\pcouffin.log
2008-02-11 14:38 - 2008-02-11 14:38 - 0047360 _____ (VSO Software) C:\Users\User\AppData\Roaming\pcouffin.sys
2009-04-30 19:05 - 2009-04-30 19:05 - 0000000 _____ () C:\Users\User\AppData\Roaming\wklnhst.dat
2008-01-05 09:27 - 2012-02-16 23:59 - 0001356 _____ () C:\Users\User\AppData\Local\d3d9caps.dat
2008-01-07 17:23 - 2015-02-28 09:04 - 0161792 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-03-18 16:20 - 2008-03-18 16:20 - 0000092 _____ () C:\Users\User\AppData\Local\fusioncache.dat
2008-01-09 09:23 - 2008-01-09 09:23 - 0004096 ____H () C:\Users\User\AppData\Local\keyfile3.drm
2012-03-01 12:25 - 2012-03-01 12:25 - 0017408 _____ () C:\Users\User\AppData\Local\WebpageIcons.db
2010-02-09 20:34 - 2010-02-09 20:34 - 0148736 _____ (Avanquest Software) C:\ProgramData\hpe5198.dll
2008-01-18 11:40 - 2013-09-27 08:05 - 0011339 _____ () C:\ProgramData\hpzinstall.log
2009-04-05 14:26 - 2009-04-05 14:28 - 0007271 _____ () C:\ProgramData\LUUnInstall.LiveUpdate

Files to move or delete:
====================
C:\ProgramData\hpe5198.dll

Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\User\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\ResetDevice.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
C:\Users\User\AppData\Local\Temp\_is45E5.exe
C:\Users\User\AppData\Local\Temp\_is5EF1.exe
C:\Users\User\AppData\Local\Temp\_is65D3.exe
C:\Users\User\AppData\Local\Temp\_is933A.exe
C:\Users\User\AppData\Local\Temp\_isA19C.exe
C:\Users\User\AppData\Local\Temp\_isAE8.exe
C:\Users\User\AppData\Local\Temp\_isB75.exe
C:\Users\User\AppData\Local\Temp\_isC565.exe
C:\Users\User\AppData\Local\Temp\_isD2F8.exe
C:\Users\User\AppData\Local\Temp\_isD680.exe
C:\Users\User\AppData\Local\Temp\{42208092-FFA2-4B4C-B6C0-87A06D786F61}-40.0.2214.115_chrome_installer.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

 

***********************

 

addition log file

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-05-2015
Ran by User at 2015-05-26 18:10:33
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================

 

==================== Accounts: =============================

Administrator (S-1-5-21-3241121675-3820270717-1873967838-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3241121675-3820270717-1873967838-1002 - Limited - Enabled)
Guest (S-1-5-21-3241121675-3820270717-1873967838-501 - Limited - Enabled) => C:\Users\Guest
User (S-1-5-21-3241121675-3820270717-1873967838-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Nero SoundTrax Help (Version: 4.0.11.0 - Nero AG) Hidden
µTorrent (HKLM\...\uTorrent) (Version: 3.1.3 - )
AC3Filter (remove only) (HKLM\...\AC3Filter) (Version:  - )
Acer Arcade Live Main Page (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.0.4010 - Acer Inc.)
Acer DV Magician (HKLM\...\{F6EFFB76-4A07-11DA-9D78-000129760D75}) (Version: 1.2.2810 - Acer Inc.)
Acer DVDivine (HKLM\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.1.1610 - Acer Inc.)
Acer eDataSecurity Management (HKLM\...\{AEEAE013-92F1-4515-B278-139F1A692A36}) (Version: 2.5.3032 - HiTRUST Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.3005 - Acer Inc.)
Acer ePerformance Management (HKLM\...\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}) (Version: 2.5.3002 - Acer Inc.)
Acer HomeMedia (HKLM\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 1.3.4010 - Acer Inc.)
Acer HomeMedia Connect (HKLM\...\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}) (Version: 1.4.4010 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 4.01.20070419 - Acer Inc.)
Acer SlideShow DVD (HKLM\...\{41581EF5-45A7-11DA-9D78-000129760D75}) (Version: 1.2.2810 - Acer Inc.)
Acer Tour (HKLM\...\{94389919-B0AA-4882-9BE8-9F0B004ECA35}) (Version: 2.0.1001 - Acer Inc.)
Acer VideoMagician (HKLM\...\{F79A208D-D929-11D9-9D77-000129760D75}) (Version: 1.3.1610 - Acer Inc.)
Acrobat X Suite (HKLM\...\{3F41BA46-09C3-4500-96D7-DC4390AD0124}) (Version: 1.0 - Adobe Systems Incorporated)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Acrobat 6.0 Professional - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000001}) (Version: 006.000.000 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.3.300.262 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version:  3.0 - )
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
Any DVD Converter Professional 3.5.7 (HKLM\...\Any DVD Converter Professional_is1) (Version:  - Any-DVD-Converter.com)
Any Video Converter 2.7.3 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aquatica 3 (HKLM\...\Aquatica3) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{9F827E95-123C-EAA5-6CCD-9D9E8FC2A80E}) (Version: 3.0.710.0 - ATI Technologies, Inc.)
Audio DVD Creator 1.9.1.0 (HKLM\...\Audio DVD Creator_is1) (Version:  - Goland Tech Ltd.)
AutoCAD 2010 - English (HKLM\...\AutoCAD 2010 - English) (Version: 18.0.55.0 - Autodesk)
AutoCAD 2010 - English (Version: 18.0.55.0 - Autodesk) Hidden
AutoCAD 2010 Language Pack - English (Version: 18.0.55.0 - Autodesk) Hidden
AutoCAD Electrical 2008 (HKLM\...\AutoCAD Electrical 2008) (Version: 5.0.60.2 - Autodesk)
AutoCAD Electrical 2008 (Version: 5.0.60.2 - Autodesk) Hidden
Autodesk Backburner 2008.1 (HKLM\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2008.1 - Autodesk, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Boris Graffiti (HKLM\...\{262BF2CD-601D-4F43-919C-4B00B1D1F338}) (Version: 5.20.200 - Boris FX, Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
ccc-core-static (Version: 2009.0203.2228.40314 - ATI) Hidden
Chronicle Encyclopedia of History (HKLM\...\Chronicle Encyclopedia of History) (Version:  - )
Computer Alarm Clock (HKLM\...\Computer Alarm Clock) (Version:  - )
ConvertXtoDVD 2.2.3.258h (HKLM\...\{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1) (Version: 2.2.3.258h - VSO-Software SARL)
Creative Modem Blaster PCI DI5663 (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_201514F1) (Version:  - )
dBpoweramp [Audio Info] Codec (HKLM\...\dBpoweramp [Audio Info] Codec) (Version: Release 1 - Illustrate)
dBpowerAMP AAC Codec (HKLM\...\dBpowerAMP AAC Codec) (Version:  - )
dBpoweramp AAC Encoder (HKLM\...\dBpoweramp AAC Encoder) (Version:  - )
dBpowerAMP FLAC Codec (HKLM\...\dBpowerAMP FLAC Codec) (Version:  - )
dBpoweramp m4a Codec (HKLM\...\dBpoweramp m4a Codec) (Version: Release 8 - Illustrate)
dBpoweramp m4b Audio book Encoder (HKLM\...\dBpoweramp m4b Audio book Encoder) (Version:  - )
dBpowerAMP Monkeys Audio Codec (HKLM\...\dBpowerAMP Monkeys Audio Codec) (Version:  - )
dBpowerAMP Mp3 (MPEG Suite 2000 CLI) (HKLM\...\dBpowerAMP Mp3 (MPEG Suite 2000 CLI)) (Version:  - )
dBpowerAMP Music Converter (HKLM\...\dBpowerAMP Music Converter) (Version:  - )
dBpowerAMP Ogg Vorbis Codec (HKLM\...\dBpowerAMP Ogg Vorbis Codec) (Version:  - )
dBpowerAMP Shorten Codec (HKLM\...\dBpowerAMP Shorten Codec) (Version:  - )
dBpowerAMP Skin Designer (HKLM\...\dBpowerAMP Skin Designer) (Version:  - )
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
Digital Media Converter 2.78 (HKLM\...\Digital Media Converter_is1) (Version:  - Deskshare Inc.)
Disc2Phone (HKLM\...\{6E65247F-58F9-41CA-BE69-0316F7907170}) (Version: 1.3.0.106 - Sony Media Software)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.0.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.0.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.0.0.19 - DivX, Inc.)
dMC Power Pack (HKLM\...\dMC Power Pack) (Version:  - )
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
DolbyFiles (Version: 2.0 - Nero AG) Hidden
Dorling Kindersley XP Update (HKLM\...\{D9D76D84-F59D-43AA-B302-6B36CE1DE9F1}) (Version: 1.00.0000 - GSP)
Driver Genius Professional Edition (HKLM\...\Driver Genius Professional Edition_is1) (Version:  - Driver-Soft Inc.)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1319 - CyberLink Corporation)
dvdSanta 4.50 (HKLM\...\dvdSanta 4.50 - Make your own DVD movies!_is1) (Version:  - ZY Computing, Inc)
Easy DVD Rip (HKLM\...\Easy DVD Rip) (Version:  - )
EPSON PhotoQuicker3.0 (HKLM\...\{1F363A3E-92D8-4C24-B84F-487DA22BEE3E}) (Version:  - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
eSobi v2 (HKLM\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.0.00111 - esobi Inc.)
eSobi v2 (Version: 2.0.0.00111 - esobi Inc.) Hidden
Eyewitness Encyclopedia of Nature 2.0 (HKLM\...\Eyewitness Encyclopedia of Nature 2.0) (Version:  - )
Eyewitness History of the World 3.0 (HKLM\...\{DB4C2E4D-F2F8-4B14-A299-6A54B29B45FF}) (Version: 3.0 - )
FastView Image Viewer (HKLM\...\FastView Image Viewer) (Version:  - )
FBX Plugin 2009.0 for Max 2009 (HKLM\...\FBX Plugin 2009.0 for Max 2009) (Version:  - )
Foxit Phantom (HKLM\...\Foxit Phantom) (Version: 2.2.2.1108 - Foxit Software Company)
Freemake Video Converter version 3.0.2 (HKLM\...\Freemake Video Converter_is1) (Version: 3.0.2 - Ellora Assets Corporation)
GetRight (HKLM\...\GetRight Pro_is1) (Version:  - Headlight Software, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Earth (HKLM\...\{2EAF7E61-068E-11DF-953C-005056806466}) (Version: 5.1.7938.4346 - Google)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKLM\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk (remove only) (HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HijackThis 1.99.1 (HKLM\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
Hijackthis 1.99.1 (HKLM\...\Hijackthis_is1) (Version:  - Soeperman Enterprises Ltd)
Home Media Server 4.2.0.38 (HKLM\...\Home Media Server 4.2.0.38) (Version:  - Universal Electronics, Inc.)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Scanjet G2710 (HKLM\...\{15220096-5EA9-4C53-89ED-ADBD38BCA32C}) (Version: 13.0 - HP)
HP Scanjet G2710 (HKLM\...\{26D127FF-C0BF-4387-8AF7-242F59D9D9D8}) (Version: 13.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
hpg2710 (Version: 13.0.0.0 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
ImageForge version 3.60 (HKLM\...\ImageForge version 3.60_is1) (Version:  - )
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Kaspersky Internet Security 2012 (HKLM\...\InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}) (Version: 12.0.0.374 - Kaspersky Lab)
Kaspersky Internet Security 2012 (Version: 12.0.0.374 - Kaspersky Lab) Hidden
Kybtec World Clock 3.3.1.1 (HKLM\...\{25D4A6A6-BFBF-49AF-89CA-635A468B0515}) (Version: 1.0.0 - Kybtec Software)
Landscapes Screen Saver (HKLM\...\Landscapes) (Version:  - Made with Softdisk's Screen Saver Studio)
LifeGlobe Goldfish Aquarium 2.0 (HKLM\...\LifeGlobe Goldfish Aquarium 2.0_is1) (Version: 2.0 - Prolific Publishing, Inc.)
LightScribe  1.4.136.1 (Version: 1.4.136.1 - http://www.lightscribe.com) Hidden
LiveUpdate 3.2 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
LiveUpdate Notice (Symantec Corporation) (HKLM\...\{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}) (Version: 1.4.5 - Symantec Corporation)
Macromedia Shockwave Player (HKLM\...\Macromedia Shockwave Player) (Version:  - )
Magic Bullet Looks Studio (HKLM\...\Magic Bullet Looks Studio) (Version:  - )
Media Go (HKLM\...\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}) (Version: 1.1.237 - Sony)
Menu Templates - Starter Kit (Version: 9.0.4.0 - Nero AG) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Hotfix (KB929729) (HKLM\...\M929729) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Encarta Premium 2006 DVD (HKLM\...\{06040081-3E21-46D6-9A91-D927BA08F41D}) (Version: 2006 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{06C32EA0-4A22-4919-979A-8700715865B8}) (Version: 1.30.175.0 - Microsoft)
Microsoft Money Plus (HKLM\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MiniMinder 7.29 (HKLM\...\MiniMinder_is1) (Version: 7.29 - vellosoft)
MKV Player 2.0.1 (HKLM\...\MKV Player_is1) (Version:  - vsevensoft.com)
MKVToolNix 5.6.0 (HKLM\...\MKVToolNix) (Version: 5.6.0 - Moritz Bunkus)
MotionDV STUDIO 6.0E LE for DV (HKLM\...\{4C41DF54-F78D-404E-9E71-29EF5A00F1E9}) (Version:  - Matsubleepa Electric Industrial Co., Ltd.)
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version:  - )
Movie Templates - Pack 1 (Version: 9.0.4.0 - Nero AG) Hidden
Movie Templates - Starter Kit (Version: 9.0.4.0 - Nero AG) Hidden
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MP3 Sound Cutter 1.40 (HKLM\...\MP3 Sound Cutter 1.40) (Version:  - )
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.7.1 - F.J. Wechselberger)
Nero 9 (HKLM\...\{3821e15f-f1fb-409d-bd47-26066ca5017e}) (Version:  - Nero AG)
Nero BackItUp 4 (HKLM\...\{0c3f141c-6035-43fb-8621-b391cf394839}) (Version:  - Nero AG)
Nokia Connectivity Cable Driver (HKLM\...\{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}) (Version: 7.1.27.0 - Nokia)
Nokia Download! (HKLM\...\{65A14D7B-6CEA-4E79-9311-D1ED8BF5C1C9}) (Version: 2.1.11.0 - Nokia)
Nokia Map Loader (HKLM\...\{03528A01-7E5E-4C5F-94DF-1D8012E969EF}) (Version: 1.3.0 - Nokia)
Nokia Nseries Video Manager (HKLM\...\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}) (Version: 1.1.12.4 - Nokia)
Nokia Ovi Suite (HKLM\...\Nokia Ovi Suite) (Version: 2.1.0.87 - Nokia)
Nokia Ovi Suite (Version: 2.1.0.87 - Nokia) Hidden
Nokia Ovi Suite Software Updater (HKLM\...\{BA63348B-143D-4CAC-A355-3879402ED781}) (Version: 02.04.003.40902 - Nokia Corporation)
Nokia Photos (HKLM\...\{A2F7A1E8-0162-413E-948C-05D34331C265}) (Version: 1.1.106 - Nokia)
Nokia Software Updater (HKLM\...\{2FA28330-2028-4033-BD10-425C87EB4D54}) (Version: 01.04.035.32590 - Nokia Corporation)
NTI Backup NOW! 4.7 (HKLM\...\{67ADE9AF-5CD9-4089-8825-55DE4B366799}) (Version: 4 - NewTech Infosystems)
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Oman Mobile Broadband (HKLM\...\Oman Mobile Broadband) (Version: 16.001.06.01.436 - Huawei Technologies Co.,Ltd)
Orb (HKLM\...\Orb) (Version: 2.2007.0828.1100 - Orb Networks)
Orca (HKLM\...\{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}) (Version: 3.1.3790.0000 - Microsoft Corporation)
Ovi Desktop Sync Engine (Version: 1.2.254.0 - Nokia) Hidden
OviMPlatform (Version: 2.6.86.0 - Nokia) Hidden
PC Connectivity Solution (HKLM\...\{481C9A00-91AC-4065-870C-BD4E28186E5A}) (Version: 10.5.1.0 - Nokia)
PHOTORECOVERY® for Digital Media  (HKLM\...\PHOTORECOVERY) (Version:  - )
Pinnacle Instant DVD Recorder (HKLM\...\{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}) (Version: 2.5.0.090 - Pinnacle Systems)
Pinnacle Studio 12 (HKLM\...\{D041EB9E-890A-4098-8F94-51DA194AC72A}) (Version: 12.0.0.6163 - Team V.R)
Pinnacle Studio 12 Ultimate Plugins (HKLM\...\{D1860E6E-520E-4380-8433-E58E8F88B473}) (Version: 12.0.0.0 - Pinnacle Systems)
Pinnacle Video Driver (HKLM\...\{5EB90C06-964F-4195-B83E-BD7E55C88415}) (Version: 12.00.0017 - Pinnacle Systems)
PlayMemories Home (HKLM\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.3.00.04221 - Sony Corporation)
PlayStation®Network Downloader (HKLM\...\{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}) (Version: 1.02.00005 - Sony Computer Entertainment Inc.)
PlayStation®Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 2.0.8.03595 - Sony Computer Entertainment Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version:  - )
Primo (Version: 1.00.0000 - Your Company Name) Hidden
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
QuickTime Alternative 1.30 (HKLM\...\QuicktimeAlt_is1) (Version: 1.30 - )
RAMDisk (HKLM\...\{51682D1A-7FFF-44B4-960F-447C0F63E90D}) (Version: 4.0.1.9 - Dataram, Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5377 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Runtime (Version: 1.00.0000 - Your Company Name) Hidden
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
SereneScreen Marine Aquarium 2 (HKLM\...\SereneScreen Marine Aquarium 2_is1) (Version: 2.0 - Prolific Publishing, Inc.)
Shockwave 7.0.3 Player (HKLM\...\Shockwave 7.0.3 Player) (Version:  - )
Skins (Version: 2009.0203.2228.40314 - ATI) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.0.10297 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony Ericsson Device Data (Version: 1.0.32 - Sony Ericsson) Hidden
Sony Ericsson Drivers (Version: 1.0.28 - Sony Ericsson) Hidden
Sony Ericsson Media Manager 1.2 (HKLM\...\{9EB1504E-FD95-4BCD-8E93-B4039F59C469}) (Version: 1.2.610 - Sony Ericsson)
Sony Ericsson PC Companion 2.02.002 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.02.002 - Sony Ericsson)
Sony Ericsson PC Suite (HKLM\...\{D6BF6477-8369-489F-8DE6-3731F4B88560}) (Version: 2.10.46 - )
Sony Ericsson PC Suite (Version: 2.10.37 - Sony Ericsson) Hidden
Sony USB Driver (HKLM\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: 2.00 - Sony Corporation)
SoundTrax (Version: 4.0.11.0 - Nero AG) Hidden
TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer)
The Ultimate Human Body 3 (HKLM\...\{EFD0FDED-2E86-4002-B2A7-612F93CEF08F}) (Version: 1.1 - )
TimeLeft (HKLM\...\TIMELEFT3_is1) (Version: 3.32 - NesterSoft Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Service (HKLM\...\Update Service) (Version: 2.10.2.53 - Sony Ericsson Mobile Communications AB)
USB ACF Modem (HKLM\...\CNXT_MODEM_USB_ACF) (Version: 2.0.17.50 - Conexant)
USB CAMERA ST (HKLM\...\USB CAMERA ST) (Version:  - )
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Vista Manager (HKLM\...\{4E79AC14-1F0A-4044-B069-126EDCD2308F}) (Version: 1.4.5 - Yamicsoft)
Visviva Animation Player (HKLM\...\Visviva Animation Player) (Version:  - )
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Volts (HKLM\...\Volts) (Version: 4.00 - Dolphins Software)
WD Link (HKLM\...\WD Link) (Version: 1.00.03 - Western Digital)
WD SmartWare (HKLM\...\{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}) (Version: 1.2.0.8 - Western Digital)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Driver Package - Nokia Modem  (02/15/2007 3.1) (HKLM\...\0C5EDC3653FED5B121F464339EAC12534D253B25) (Version: 02/15/2007 3.1 - Nokia)
Windows Driver Package - Nokia Modem  (02/15/2007 3.1) (HKLM\...\B726756F5B5A5AA9D798B399386FC6205A45F19E) (Version: 02/15/2007 3.1 - Nokia)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live installer (HKLM\...\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}) (Version: 12.0.1471.1025 - Microsoft Corporation)
Windows Live Messenger (HKLM\...\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}) (Version: 8.5.1302.1018 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip 14.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
World of Warcraft FREE Trial (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
xat.com Image Optimizer (HKLM\...\xat.com Image Optimizer) (Version:  - )
Xilisoft DVD Ripper Ultimate SE (HKLM\...\Xilisoft DVD Ripper Ultimate SE) (Version: 7.1.0.20120222 - Xilisoft)
XviD & MP3 Codec Pack (remove only) (HKLM\...\XviD & MP3 Codec Pack_is1) (Version:  - )
XviD MPEG-4 Video Codec (HKLM\...\XviD_is1) (Version: XviD-1.0.3-20122004 - XviD Team (Koepi))
Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000_Classes\CLSID\{28B7AA99-C0F9-4C47-995E-8A8D729603A1}\localserver32 -> C:\Program Files\Autodesk\Acade 2008\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000_Classes\CLSID\{6AB55F46-2523-4701-A912-B226F46252BA}\localserver32 -> C:\Program Files\Autodesk\Acade 2008\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000_Classes\CLSID\{6CE4B8A6-4DB5-4F63-8013-1197503692EF}\InprocServer32 -> C:\Users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\YBPAddon_2.9.8.dll (Yahoo! Inc.)
CustomCLSID: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000_Classes\CLSID\{7AABBB95-79BE-4C0F-8024-EB6AF271231C}\localserver32 -> C:\Program Files\Autodesk\Acade 2008\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2010\acadficn.dll (Autodesk, Inc.)

==================== Restore Points =========================

10-03-2015 17:24:24 Scheduled Checkpoint
12-03-2015 17:47:33 Scheduled Checkpoint
13-03-2015 13:17:29 Scheduled Checkpoint
16-03-2015 17:10:29 Scheduled Checkpoint
20-03-2015 08:02:03 Scheduled Checkpoint
04-04-2015 09:32:42 Scheduled Checkpoint
15-04-2015 19:22:14 Scheduled Checkpoint
17-04-2015 20:45:15 Scheduled Checkpoint
07-05-2015 16:56:04 Scheduled Checkpoint
17-05-2015 19:04:05 Scheduled Checkpoint
23-05-2015 11:28:03 Windows Update
26-05-2015 17:03:58 Scheduled Checkpoint

==================== Hostscontent: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 14:23 - 2009-04-23 09:24 - 00000814 ___RH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 nero.com
127.0.0.1 www.nero.com
127.0.0.1 activate.nero.com
127.0.0.1 www.activate.nero.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {014100E7-92B8-4063-88F8-D732D92A524F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3241121675-3820270717-1873967838-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {13F71420-F8A9-489F-B1EC-C93E2A8143E0} - System32\Tasks\Express Files Updater => C:\Program Files\ExpressFiles\EFupdater.exe <==== ATTENTION
Task: {5DF7920B-A44E-4C33-B06C-ABB373504B9C} - System32\Tasks\{4A929044-8EC9-4288-AAAA-6D2B8719B82B} => pcalua.exe -a E:\setup.exe -d E:\
Task: {687BB0A3-E69F-404D-A708-F54D9E4F91B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {B883978A-2C4A-460C-9429-801EC80E61C4} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - User => C:\Program Files\Windows Calendar\wincal.exe [2008-01-18] (Microsoft Corporation)
Task: {C2B1BC30-3505-43E8-B0A1-7C212113DA6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {CF145E39-35F2-47BF-A3C6-24910A52CCD6} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3241121675-3820270717-1873967838-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {CF301C82-2C97-42FD-B377-7E2DD797F371} - System32\Tasks\NeroLiveEpgUpdate-User-PC_User => C:\Program Files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-01] (Nero AG)
Task: {E7FDCD15-DB92-4327-88A3-4AF10D28D278} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NeroLiveEpgUpdate-User-PC_User.job => C:\Program Files\Nero\Nero 9\Nero Live\NeroLive.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{C9932585-4C49-4E0E-87CA-85BC4A312B10}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0B9D8E22
AlternateDataStreams: C:\ProgramData\TEMP:242231A9
AlternateDataStreams: C:\ProgramData\TEMP:8FF81EB0
AlternateDataStreams: C:\ProgramData\TEMP:C1F4198F
AlternateDataStreams: C:\ProgramData\TEMP:FB1B13D8

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\onlinesbi.com -> hxxps://www.onlinesbi.com
IE trusted site: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\yahoo.com -> yahoo.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 212.72.1.186 - 212.72.23.30

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Al-Ufuq Internet Timer.LNK => C:\Windows\pss\Al-Ufuq Internet Timer.LNK.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BlueSoleil.lnk => C:\Windows\pss\BlueSoleil.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk => C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^E_SPSU01.lnk => C:\Windows\pss\E_SPSU01.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk => C:\Windows\pss\GetRight - Tray Icon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GetRight.lnk => C:\Windows\pss\GetRight.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nokia Nseries PC Suite.lnk => C:\Windows\pss\Nokia Nseries PC Suite.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PCM Media Sharing.lnk => C:\Windows\pss\PCM Media Sharing.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk => C:\Windows\pss\WDSmartWare.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MiniMinder.lnk => C:\Windows\pss\MiniMinder.lnk.Startup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk => C:\Windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PMB Media Check Tool.lnk => C:\Windows\pss\PMB Media Check Tool.lnk.Startup
MSCONFIG\startupreg: Acer Empowering Technology Monitor => C:\Acer\Empowering Technology\SysMonitor.exe
MSCONFIG\startupreg: Acer Tour Reminder => C:\Acer\AcerTour\Reminder.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: ALUAlert => C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
MSCONFIG\startupreg: Computer Alarm Clock => C:\PROGRA~1\COMPUT~1\cac.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: dplaysvr => C:\Users\User\AppData\Local\dplaysvr.exe
MSCONFIG\startupreg: E06AXLRD_11778590 => "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
MSCONFIG\startupreg: E06AXLRD_1797771 => "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
MSCONFIG\startupreg: E06AXLRD_22555934 => "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
MSCONFIG\startupreg: E06AXLRD_26008642 => "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
MSCONFIG\startupreg: E06AXLRD_30992796 => "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
MSCONFIG\startupreg: E06AXLRD_31995758 => "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
MSCONFIG\startupreg: E06AXLRD_32938113 => "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
MSCONFIG\startupreg: E06AXLRD_44915932 => "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
MSCONFIG\startupreg: E06AXLRD_52618622 => "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
MSCONFIG\startupreg: E06AXLRD_5453170 => "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
MSCONFIG\startupreg: E06AXLRD_5880629 => "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
MSCONFIG\startupreg: E06AXLRD_8202766 => "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
MSCONFIG\startupreg: eDataSecurity Loader => C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: ExpressFiles => "C:\Program Files\ExpressFiles\ExpressFiles.exe" -tray
MSCONFIG\startupreg: googletalk => C:\Program Files\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HDD Regenerator => C:\Program Files\HDD Regenerator\HDD Regenerator.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} =>
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: JFSW2Launch => C:\Users\User\AppData\Roaming\Transcend\JFSW2\JFSW2Launch.exe
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: LifeCam => "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MsnMsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
MSCONFIG\startupreg: NokiaMServer => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
MSCONFIG\startupreg: PDA Autoupdater. => C:\Angel PDA\PDA Autoupdater.exe
MSCONFIG\startupreg: PDAMessageFetcher => C:\Angel PDA\PDAMessageFetcher.exe
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: Rynga => "C:\Program Files\Rynga.com\Rynga\Rynga.exe" -nosplash -minimized
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SMSERIAL => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
MSCONFIG\startupreg: Sony Ericsson PC Companion => "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Sony Ericsson PC Suite => "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Symantec PIF AlertEng => "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\realplayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: VX1000 => C:\Windows\vVX1000.exe
MSCONFIG\startupreg: WarReg_PopUp => C:\Acer\WR_PopUp\WarReg_PopUp.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: Yahoo Messengger =>
MSCONFIG\startupreg: Yahoo! Pager => "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{BFE33219-B01F-48DF-8094-1756B2826AC5}] => (Allow) C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe
FirewallRules: [{CBD0CBA4-66E1-4E55-B1E3-BDC0499F90B3}] => (Allow) C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe
FirewallRules: [{F1931013-26ED-4DF4-BBC3-D6ACBC1FA22B}] => (Allow) C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe
FirewallRules: [{B425947F-BF97-46C2-858B-AC85F622C67F}] => (Allow) C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe
FirewallRules: [{8340E11A-07C8-4CD6-B3EA-DEE597870B6D}] => (Allow) C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe
FirewallRules: [{75996BDB-E1F8-4FFE-A535-32F6C62029F7}] => (Allow) C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe
FirewallRules: [{DEBE4D9E-0694-4B17-BA0B-05332238DAA0}] => (Allow) C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe
FirewallRules: [{93136840-18D2-4E4F-ADF5-9EC1796A44E7}] => (Allow) C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe
FirewallRules: [{CB0C21E7-C294-42EE-9705-54EE792D5004}] => (Allow) C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE
FirewallRules: [{5B3D42B8-5972-4E5F-9032-7332C70F9214}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{FE376EE1-8C63-4E51-82D2-8291462CBC8C}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{B0CA0FC2-3590-4AAF-A476-98DB437A9281}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{C8EA3CD9-C2BE-44E1-AC40-60D9FD4ADF58}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{341943D6-3E53-4FA4-846F-6C7556178984}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{5650DA7E-564D-4990-B3DD-90355F259205}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{569F425A-2687-4EDA-AA4B-816EBCE84462}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{AB29661F-AE12-4D65-AAC8-E2A60F3FE72D}] => (Allow) svchost.exe
FirewallRules: [{F2145C35-54DA-420D-913E-DF85F8A54234}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{1E0A0F6F-3A50-4364-9821-B96466D8D830}] => (Allow) C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
FirewallRules: [{622AD7C9-60B1-4E77-90AA-D0C7E204E32D}] => (Allow) C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
FirewallRules: [{682B0B94-3146-4D76-AEE5-274315AEB1D7}] => (Allow) C:\Program Files\Autodesk\Backburner\monitor.exe
FirewallRules: [{B05D538B-CE2A-438E-95D3-E944ED2DD70D}] => (Allow) C:\Program Files\Autodesk\Backburner\monitor.exe
FirewallRules: [{C76EC563-1B79-4028-8501-4BD7351DB73B}] => (Allow) C:\Program Files\Autodesk\Backburner\manager.exe
FirewallRules: [{978CEAA8-352B-4011-AE8C-824652422E22}] => (Allow) C:\Program Files\Autodesk\Backburner\manager.exe
FirewallRules: [{165AFA96-4E49-4D4E-A4B5-C0E7A59D651D}] => (Allow) C:\Program Files\Autodesk\Backburner\server.exe
FirewallRules: [{7C12414A-7CE2-4955-AA5F-3BEFC7A138B7}] => (Allow) C:\Program Files\Autodesk\Backburner\server.exe
FirewallRules: [{925CFA8D-D88D-4A0F-AA8E-F090FC7EAAD6}] => (Allow) C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe
FirewallRules: [{E15AC1C0-4F8A-453C-8DEB-92A8984433DD}] => (Allow) C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe
FirewallRules: [{888DA967-7CDD-4DCD-9505-22E8F6D9FEF3}] => (Allow) C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe
FirewallRules: [{21F1765C-67F6-49EE-8B30-9DA67CB98D27}] => (Allow) C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe
FirewallRules: [{47F1B3EE-47D3-4C5D-9629-945C88180548}] => (Allow) C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe
FirewallRules: [{91508F26-024A-4C7E-9A18-8B92824DB2F2}] => (Allow) C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe
FirewallRules: [{D49BE039-8EF5-4BFD-BBF8-48295F8E0659}] => (Allow) C:\Program Files\Google\Google Talk\googletalk.exe
FirewallRules: [{F01BAC53-FAA0-4FD9-9E46-7FDCFA00F349}] => (Allow) C:\Program Files\Google\Google Talk\googletalk.exe
FirewallRules: [TCP Query User{6E8F9196-0677-4B4B-B178-F85697583E18}C:\program files\ringasia4\rnas4fone.exe] => (Block) C:\program files\ringasia4\rnas4fone.exe
FirewallRules: [UDP Query User{175B0430-C934-403D-9FC5-757C4D684A22}C:\program files\ringasia4\rnas4fone.exe] => (Block) C:\program files\ringasia4\rnas4fone.exe
FirewallRules: [{9BFAE88D-2354-47A8-B554-DCBFC1B32543}] => (Allow) C:\Program Files\Orb Networks\Orb\bin\Orb.exe
FirewallRules: [{377C6117-5527-426A-9E76-B5549AE76AE4}] => (Allow) C:\Program Files\Orb Networks\Orb\bin\Orb.exe
FirewallRules: [{DB4EE14F-7BF1-438B-BC4A-4FCB1F036717}] => (Allow) C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
FirewallRules: [{6BC08671-C5B3-4773-8972-B3E401DC25F8}] => (Allow) C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
FirewallRules: [{4DA566E1-44E1-4AFD-A3A8-FF97A27A0504}] => (Allow) C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe
FirewallRules: [{05D0FDF3-04BA-4C69-BFA3-13AEAAED4CCE}] => (Allow) C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe
FirewallRules: [{6F4EEBCA-FA4F-4602-AA40-782530D5F9A4}] => (Allow) C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe
FirewallRules: [{5C5FB57F-5F71-4403-9255-44B87A14ECAA}] => (Allow) C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe
FirewallRules: [{3B753BBD-C686-4A8A-B4E7-5B4EBDB18048}] => (Allow) C:\Program Files\Orb Networks\Orb\bin\xmltv.exe
FirewallRules: [{EDAEBF88-422D-4AD0-827F-0F7E4365DEB3}] => (Allow) C:\Program Files\Orb Networks\Orb\bin\xmltv.exe
FirewallRules: [{1B13D6EC-0BD3-4515-8E2C-69E92A9A2F30}] => (Allow) C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe
FirewallRules: [{AAD14350-12BF-450E-A46F-D79C8DB6CC10}] => (Allow) C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe
FirewallRules: [TCP Query User{9C05C00C-6FFD-47B3-941D-00A1BF40E0CF}C:\program files\common files\ahead\nero web\setupx.exe] => (Allow) C:\program files\common files\ahead\nero web\setupx.exe
FirewallRules: [UDP Query User{CC294C2A-464F-45B4-974C-66A35F91AB4F}C:\program files\common files\ahead\nero web\setupx.exe] => (Allow) C:\program files\common files\ahead\nero web\setupx.exe
FirewallRules: [{A590A440-FBEA-495E-BEE7-8453C3B3DAF7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EFD28FDD-8F8A-4F21-B588-571CA7A327F0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E4E25153-7C6E-412F-95AF-5BE6F150AA1E}] => (Allow) C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe
FirewallRules: [{C9F187CE-6C1E-4A2F-B31A-497A69D457AD}] => (Allow) C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe
FirewallRules: [{4328C824-1544-4817-B5E5-4B6C8879C009}] => (Allow) C:\Program Files\Rynga.com\Rynga\Rynga.exe
FirewallRules: [{24F20A13-D6D3-4EE2-A197-1A159992C787}] => (Allow) C:\Program Files\Rynga.com\Rynga\Rynga.exe
FirewallRules: [{E884517D-7B10-4DD9-B925-6C7C2EC786C9}] => (Allow) C:\Program Files\Sony Ericsson\Update Service\Update Service.exe
FirewallRules: [{52BDD609-E230-43B9-9DC2-DDBC747D559B}] => (Allow) C:\Program Files\Sony Ericsson\Update Service\Update Service.exe
FirewallRules: [{BEC9C213-A4D3-4D99-B1E2-521DFB717D10}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{527C1DF3-C6DD-440F-858A-F1322B2E1237}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{23BE3657-4CE7-4332-A8C9-679164DF3533}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{288C7C71-E6D1-4ACE-8B56-6A737BF62A4A}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{3AEDEA47-DD55-4DBA-8DF8-129CD970AE8A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{BE07D3FC-524B-4BA6-A736-5F0320F684CC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{FC99A1E9-D6B0-475B-9C2C-5C08B3112F5A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{C1DC31D8-86AD-438A-9F37-9E33D4915209}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{046C6F2E-82C1-42E0-8D3D-0B8E1A7E6B8F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{8A4FADA1-2ADF-44B4-9FC9-317F57E691BE}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{D2E7B382-857D-46F9-8A6F-DF74C6CDD699}] => (Allow) C:\Users\User\Desktop\Xilisoft_DVD_Ripper_Ultimate_5_0_51_0925_downloader_2171b.exe
FirewallRules: [{4E20E443-DD11-4EDF-B302-0F1B4788098B}] => (Allow) C:\Users\User\Desktop\Xilisoft_DVD_Ripper_Ultimate_5_0_51_0925_downloader_2171b.exe
FirewallRules: [{4BCC0317-952A-4FD5-A401-B4B6282CF1BB}] => (Allow) C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LDZSLH1C\Xilisoft_DVD_Ripper_Ultimate_5_0_51_0925_downloader_2171b[1].exe
FirewallRules: [{7BB99CEE-FE01-4FA0-BC03-BA7AEA5D3E84}] => (Allow) C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LDZSLH1C\Xilisoft_DVD_Ripper_Ultimate_5_0_51_0925_downloader_2171b[1].exe
FirewallRules: [{50EEE80E-F635-44B4-A2B3-D61AF780A1B8}] => (Allow) C:\Program Files\ExpressFiles\ExpressFiles.exe
FirewallRules: [{7F3943A1-88A9-4A5B-AFDA-A051F190170B}] => (Allow) C:\Program Files\ExpressFiles\ExpressFiles.exe
FirewallRules: [{5D979F6E-982B-47B9-BA0A-45F8FD4D6609}] => (Allow) C:\Program Files\ExpressFiles\ExpressDL.exe
FirewallRules: [{99ED2A12-10C5-4A06-9167-ACFEED6E63A2}] => (Allow) C:\Program Files\ExpressFiles\ExpressDL.exe
FirewallRules: [{106DF7B7-BAC2-4943-B227-21962D600DC9}] => (Allow) C:\Users\User\AppData\Local\Temp\~os96D3.tmp\rlvknlg.exe
FirewallRules: [{5E3ADE9C-B282-4884-BDAA-D470DD27D275}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DE00F5F8-BA00-43F1-8A75-EB9365856074}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3A7777F8-F048-4DAA-9A1C-F028AD12597F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{EE8F6084-EECC-4DB9-B79A-0BE841355091}] => (Allow) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{48212E2F-CE16-47C0-B766-401CB1EF02E4}] => (Allow) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{3FCE6D3E-3F31-4E82-A7CA-08FCE8454E20}] => (Allow) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{84DC0753-9140-41DF-991F-33133B374A64}] => (Allow) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{09F4DFE4-3278-4DEA-B506-D6B9182DBF9C}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [{37017C13-FAA6-4829-89D5-9A722B7C07D8}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [{56DCE0C8-2081-4D68-9AEC-6C15912F9B48}] => (Allow) C:\Program Files\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{9994466B-79A2-4C2A-9AE4-8BFAF442EBE5}] => (Allow) C:\Program Files\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{BC4FD5EE-696D-40FA-86CC-6FD6256A62CC}] => (Allow) C:\Users\User\AppData\Local\Temp\~osE418.tmp\rlvknlg.exe
FirewallRules: [{88ACC368-6B8A-4372-BDEB-9B3AB1C78E3D}] => (Allow) C:\Users\User\AppData\Local\Temp\~osCA9F.tmp\rlvknlg.exe
FirewallRules: [{71604F5B-1DB9-43BE-B9C6-AFA60CAAC09B}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{C44E844A-2F7E-4AF8-9645-3767001FAAFC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F4A1720B-E461-4415-BF78-53C72338D120}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F0C4749E-EB53-411B-BEB2-10504A642DC7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2B33AE31-E61C-448F-805E-3998ADE7E5EE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A644CA76-A584-4E5D-BA6E-39D3A9472115}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe] => Enabled:eDSfsu
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\encryption.exe] => Enabled:encryption
StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\decryption.exe] => Enabled:decryption
StandardProfile\AuthorizedApplications: [C:\Angel PDA\Angel PDA 4.exe] => Enabled:Angel PDA
StandardProfile\AuthorizedApplications: [C:\Angel PDA\PDA Autoupdater.exe] => Enabled:PDA Autoupdater.exe
StandardProfile\AuthorizedApplications: [C:\ODIN\DIET\DietOdin.exe] => Enabled:Diet Odin 9.1.0.5
StandardProfile\AuthorizedApplications: [C:\TradeAnywhere\TradeAnywhere.exe] => Enabled:TradeAnywhere.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/26/2015 04:04:27 PM) (Source: Automatic LiveUpdate Scheduler) (EventID: 101) (User: NT AUTHORITY)
Description: Information Level: error

Initialization of the COM subsystem failed. Error code: 0x80004005

Error: (05/23/2015 00:58:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, time stamp 0x49b3ad2e, faulting module mshtml.dll, version 8.0.6001.18702, time stamp 0x49b3aeb3, exception code 0xc0000005, fault offset 0x00265067,
process id 0x14c0, application start time 0xiexplore.exe0.

Error: (05/23/2015 00:33:50 PM) (Source: Automatic LiveUpdate Scheduler) (EventID: 101) (User: NT AUTHORITY)
Description: Information Level: error

Initialization of the COM subsystem failed. Error code: 0x80004005

Error: (05/23/2015 00:06:34 PM) (Source: usbperf) (EventID: 2004) (User: )
Description: Usbperf data collection failed. Collect function called with usupported Query Type.

Error: (05/23/2015 00:00:41 PM) (Source: usbperf) (EventID: 2004) (User: )
Description: Usbperf data collection failed. Collect function called with usupported Query Type.

Error: (05/23/2015 11:58:21 AM) (Source: usbperf) (EventID: 2004) (User: )
Description: Usbperf data collection failed. Collect function called with usupported Query Type.

Error: (05/23/2015 11:58:09 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (05/23/2015 11:58:08 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (05/23/2015 11:58:08 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: DFSRC:\Windows\System32\DfsrPerf.dll4

Error: (05/23/2015 11:20:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, time stamp 0x49b3ad2e, faulting module mshtml.dll, version 8.0.6001.18702, time stamp 0x49b3aeb3, exception code 0xc0000005, fault offset 0x0013e9c6,
process id 0x1618, application start time 0xiexplore.exe0.

System errors:
=============
Error: (05/26/2015 04:00:59 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (05/26/2015 03:59:14 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Epson Stylus Photo 810 (M) with shared resource name Epson Stylus Photo 810 (M). Error 2114. The printer cannot be used by others on the network.

Error: (05/26/2015 03:59:14 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Foxit Phantom Printer with shared resource name Foxit Phantom Printer. Error 2114. The printer cannot be used by others on the network.

Error: (05/26/2015 03:59:14 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer HP Deskjet 3920/3940 with shared resource name HP Deskjet 39203940. Error 2114. The printer cannot be used by others on the network.

Error: (05/26/2015 03:57:48 PM) (Source: ACPI) (EventID: 6) (User: )
Description: IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 6, function 0.
Please contact your system vendor for technical assistance.

Error: (05/26/2015 03:57:48 PM) (Source: ACPI) (EventID: 6) (User: )
Description: IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 2, function 0.
Please contact your system vendor for technical assistance.

Error: (05/23/2015 00:30:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows Media Player Network Sharing ServiceUPnP Device Host%%1068

Error: (05/23/2015 00:30:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: UPnP Device HostSSDP Discovery%%1058

Error: (05/23/2015 00:30:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt

Error: (05/23/2015 00:30:25 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Diagnostic Service Host

Microsoft Office:
=========================
Error: (10/26/2009 09:41:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 114 seconds with 60 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2015-05-26 18:09:50.962
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-26 18:09:50.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-26 18:09:50.759
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-26 18:09:50.665
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-26 18:09:50.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-26 18:09:50.431
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-26 18:09:50.338
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-26 18:09:50.228
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-26 17:49:15.551
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-26 17:49:15.473
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Genuine Intel® CPU 2140 @ 1.60GHz
Percentage of memory in use: 54%
Total physical RAM: 2045.88 MB
Available physical RAM: 925.43 MB
Total Pagefile: 4325 MB
Available Pagefile: 3360.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.61 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:111.7 GB) (Free:11.51 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:111.43 GB) (Free:51.87 GB) NTFS
Drive f: () (Fixed) (Total:0.04 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 08A606E7)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=111.7 GB) - (Type=06)
Partition 3: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 40 MB) (Disk ID: 585D5A07)
Partition 1: (Active) - (Size=40 MB) - (Type=0B)

==================== End of log ============================



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 26 May 2015 - 12:58 PM

Sorry but we do not service 2 computers on the same topic.

Start a new topic for this new computer and post the logs.

When done post in this topic the url and I will expedite the matter.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 01 June 2015 - 06:59 AM

Are you still with me?

#11 rajendra786

rajendra786
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 01 June 2015 - 08:53 AM

yes , had been busy and shall revert with yr suggestion for my other desktop pc which I hardly use and is at my other location



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 07 June 2015 - 08:37 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users