Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

desktop pc win vista running slow


  • This topic is locked This topic is locked
2 replies to this topic

#1 rajendra786

rajendra786

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 26 May 2015 - 09:37 PM

pl find log file FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-05-2015
 Ran by User (administrator) on RAJENDRADESKTOP on 26-05-2015 18:09:42
 Running from C:\Users\User\Desktop
 Loaded Profiles: User (Available Profiles: User & Guest)
 Platform: Microsoft® Windows Vista™ Home Premium  (X86) OS Language: English (United States)
 Internet Explorer Version 8 (Default browser: IE)
 Boot Mode: Normal
 Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

 

==================== Processes (Whitelisted) =================

 

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
 (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
 (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
 (Microsoft Corporation) C:\Windows\System32\mobsync.exe
 (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn11\ytbb.exe
 (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
 (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
 (Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acer Tour] => [X]
 HKLM\...\Run: [eRecoveryService] => [X]
 HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4390912 2007-03-01] (Realtek Semiconductor)
 HKLM\...\Run: [] => [X]
 HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-12-03] (Kaspersky Lab ZAO)
 HKLM\...\Run: [dplaysvr] => C:\Users\User\AppData\Local\dplaysvr.exe
 HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
 HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
 HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
 HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-11-08] (Adobe Systems Incorporated)
 Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll [2011-04-24] (Kaspersky Lab ZAO)
 HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\Run: [Acer Tour Reminder] => [X]
 HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\Run: [] => [X]
 HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-04] (Google Inc.)
 HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\Run: [E06AXLRD_11876652] => C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE [301776 2005-06-03] (Microsoft Corporation)
 HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\Run: [LxrAutorun] => C:\Users\User\AppData\Local\Lexar Media\LxrAutorun.exe
 HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-11-02] (Microsoft Corporation)
 HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\MountPoints2: {235b2518-10ae-11df-82ad-0019dbba6b68} - "K:\WD SmartWare.exe" autoplay=true
 HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\MountPoints2: {48788310-bddc-11dc-92d8-0019dbba6b68} - J:\Driver\Files\Drago.exe
 HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\MountPoints2: {616b3188-bd17-11dc-9cc5-0019dbba6b68} - Driver\Files\Drago.exe
 HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\MountPoints2: {7ac3c6b2-9604-11df-a4b4-0019dbba6b68} - F:\AutoRun.exe
 HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\MountPoints2: {873b5664-b863-11de-8bde-0019dbba6b68} - F:\sv8c2bjw.bat
 HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\MountPoints2: {c0c32703-e7c2-11df-9f6a-001e101f0e7d} - F:\AutoRun.exe
 HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\MountPoints2: {cd10956b-8c92-11df-b095-0019dbba6b68} - F:\AutoRun.exe
 HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\MountPoints2: {cd109576-8c92-11df-b095-0019dbba6b68} - K:\AutoRun.exe
 HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\MountPoints2: {ec0fcc62-1522-11df-8001-0019dbba6b68} - F:\Startme.exe
 HKU\S-1-5-18\...\Run: [Acer Tour Reminder] => C:\Acer\AcerTour\Reminder.exe [151552 2007-02-16] (Acer Inc.)
 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk [2015-02-22]
 ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
 ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2009-02-09] (Autodesk, Inc.)
 ShellIconOverlayIdentifiers: [NBHShellExt] -> {8D2223A2-B3C6-4e32-B096-CDD11F628C60} =>  No File
 BootExecute: autocheck autochk /p \??\K:autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
 HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.moneycontrol.com/
 URLSearchHook: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll (Yahoo! Inc.)
 SearchScopes: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
 BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll [2014-07-29] (Yahoo! Inc.)
 BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15] (Adobe Systems Incorporated)
 BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-06-16] (RealPlayer)
 BHO: IE to GetRight Helper -> {31FF080D-12A3-439A-A2EF-4BA95A3148E8} -> C:\Program Files\GetRight\xx2gr.dll [2007-07-18] (Headlight Software, Inc.)
 BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
 BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG8\avgssie.dll No File
 BHO: No Name -> {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} ->  No File
 BHO: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll [2011-04-24] (Kaspersky Lab ZAO)
 BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
 BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation)
 BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} ->  No File
 BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
 BHO: Encarta Web Companion Helper Object -> {955BE0B8-BC85-4CAF-856E-8E0D8B610560} -> C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-03] (Microsoft Corporation)
 BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-06] (Google Inc.)
 BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
 BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-06-19] (Skype Technologies S.A.)
 BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.10.11023.1534\swg.dll [2015-03-06] (Google Inc.)
 BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
 BHO: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll [2011-04-24] (Kaspersky Lab ZAO)
 Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll [2007-02-07] (HiTRUST)
 Toolbar: HKLM - Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-03] (Microsoft Corporation)
 Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll [2014-07-29] (Yahoo! Inc.)
 Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
 Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-06] (Google Inc.)
 Toolbar: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000 -> Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-03] (Microsoft Corporation)
 Toolbar: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
 Toolbar: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000 -> No Name - {EA6BF496-A4A3-40BB-9A5C-A510DB132EE0} -  No File
 Toolbar: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-06] (Google Inc.)
 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
 Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll [2007-10-18] (Microsoft Corporation)
 Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
 Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll [2007-10-18] (Microsoft Corporation)
 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-06-19] (Skype Technologies S.A.)
 Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
 Hosts: There are more than one entry in Hosts. See Hosts section of  Addition.txt
 Tcpip\..\Interfaces\{6126BD18-EB53-46C6-AF31-314B4BCFAA1F}: [NameServer] 212.72.1.186,212.72.23.30

FireFox:
 ========
 FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5tzxolvf.default
 FF Homepage: hxxp://www.nzherald.co.nz/
 FF NetworkProxy: "ftp", "127.0.0.1"
 FF NetworkProxy: "ftp_port", 9666
 FF NetworkProxy: "http", "127.0.0.1"
 FF NetworkProxy: "http_port", 9666
 FF NetworkProxy: "no_proxies_on", "127.0.0.1"
 FF NetworkProxy: "share_proxy_settings", true
 FF NetworkProxy: "socks", "127.0.0.1"
 FF NetworkProxy: "socks_port", 9666
 FF NetworkProxy: "ssl", "127.0.0.1"
 FF NetworkProxy: "ssl_port", 9666
 FF NetworkProxy: "type", 4
 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll [2012-07-02] ()
 FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
 FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
 FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
 FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
 FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
 FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
 FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2009-03-18] (Yahoo! Inc.)
 FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
 FF Plugin: @real.com/nppl3260;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2012-06-16] (RealNetworks, Inc.)
 FF Plugin: @real.com/nprjplug;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2012-06-16] (RealNetworks, Inc.)
 FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-06-16] (RealNetworks, Inc.)
 FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-06-16] (RealNetworks, Inc.)
 FF Plugin: @real.com/nprpplugin;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2012-06-16] (RealPlayer)
 FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
 FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
 FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
 FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
 FF Plugin HKU\S-1-5-21-3241121675-3820270717-1873967838-1000: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-10-20] (Yahoo! Inc.)
 FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5tzxolvf.default\user.js [2013-01-05]
 FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
 FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5tzxolvf.default\searchplugins\alnaddyToolbar.xml [2013-01-05]
 FF Extension: Add Google Search To New Tab Page - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5tzxolvf.default\Extensions\newtabgoogle@graememcc.co.uk.xpi [2015-03-14]
 FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-17]
 FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-05-17]
 FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-05-17]
 FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-05-17]
 FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
 FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2010-02-18]
 FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
 FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-03]
 FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
 FF Extension: Kaspersky Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-03-01]
 FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
 FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012-03-01]
 FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
 FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012-03-01]
 FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
 FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2012-04-08]
 FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
 FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-16]
 FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
 FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-10]
 FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
 FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2010-02-18]

Chrome:
 =======
 CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
 CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-08]
 CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-08]
 CHR Extension: (Alnaddy Chrome Toolbar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfgeoffnibjeoognckaejmoibecgaodo [2013-02-08]
 CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-08]
 CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-08]
 CHR Extension: (Kaspersky URL Advisor) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-02-08]
 CHR Extension: (uTorrentControl3) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcoadpabahabkmdndndlimfikephnoka [2013-02-08]
 CHR Extension: (Virtual Keyboard) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-02-08]
 CHR Extension: (Freemake Video Converter) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-02-08]
 CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-02-08]
 CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-02-08]
 CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-02-08]
 CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-08]
 CHR Extension: (Anti-Banner) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-02-08]
 CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx [2011-04-27]
 CHR HKLM\...\Chrome\Extension: [fcoadpabahabkmdndndlimfikephnoka] - C:\Users\User\AppData\Local\CRE\fcoadpabahabkmdndndlimfikephnoka.crx [2012-06-07]
 CHR HKLM\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx [Not Found]
 CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx [2011-04-27]
 CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2012-04-08]
 CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-06-16]
 CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-06-19]
 CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
 CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx [2011-04-27]
 CHR HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcoadpabahabkmdndndlimfikephnoka] - C:\Users\User\AppData\Local\CRE\fcoadpabahabkmdndndlimfikephnoka.crx [2012-06-07]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [266343 2007-04-05] (CyberLink) []
 S2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2006-12-30] () []
 S2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554352 2007-09-12] (Symantec Corporation)
 S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-12-03] (Kaspersky Lab ZAO)
 S2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-02-07] (HiTRSUT)
 S2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-01-31] (Acer Inc.) []
 S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-04-03] (Macrovision Europe Ltd.) []
 S2 gupdate1c9e5d8b0b2c66a; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-22] (Google Inc.)
 S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) []
 S2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-15] (Hewlett-Packard Company) []
 S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
 S2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
 S2 LxrSII1s; C:\Windows\system32\LxrSII1s.exe [65536 2009-12-30] (Lexar Media, Inc.) []
 S2 PLFlash DeviceIoControl Service; C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe [81920 2008-08-29] (Prolific Technology Inc.) []
 S2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474168 2012-04-22] (Sony Corporation)
 S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] () []
 S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [652800 2010-01-26] (Nokia) []
 S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136 2012-06-19] (Skype Technologies S.A.)
 S3 Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [155344 2011-06-29] (Avanquest Software) []
 S3 usnjsvc; C:\Program Files\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation)
 S2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2009-11-13] (WDC) []
 S2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) []
 R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [265912 2007-01-17] (Microsoft Corporation)
 S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)
 S2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
 S2 LiveUpdate Notice Ex; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2006-11-02] (Microsoft Corporation)
 S3 acfva; C:\Windows\System32\DRIVERS\ACFVA32.sys [87040 2008-07-15] (Conexant Systems Inc.)
 S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [23000 2005-05-31] (IVT Corporation) []
 S3 dgcfltr; C:\Windows\System32\DRIVERS\ACFDCP32.sys [28928 2008-06-16] (Conexant Systems, Inc.)
 R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] ()
 S3 k750mgmt; C:\Windows\System32\DRIVERS\k750mgmt.sys [81728 2008-01-25] (MCCI)
 R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [133208 2011-03-04] (Kaspersky Lab ZAO)
 R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2011-03-04] (Kaspersky Lab ZAO)
 R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [570160 2011-04-20] (Kaspersky Lab)
 R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [23856 2011-03-10] (Kaspersky Lab ZAO)
 R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-02] (Kaspersky Lab)
 R2 LxrSII1d; C:\Windows\System32\Drivers\LxrSII1d.sys [63448 2009-12-30] (Lexar Media, Inc.)
 R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
 R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2009-05-06] (NewTech Infosystems, Inc.) []
 S1 oxser; C:\Windows\System32\DRIVERS\oxser.sys [51169 2003-04-28] (OEM) []
 R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20264 2007-02-07] (HiTRUST)
 R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-02-07] (HiTRUST)
 R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-02-07] (HiTRUST)
 R3 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [56320 2012-11-29] (Dataram, Inc.)
 S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)
 S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)
 S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)
 S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)
 S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)
 S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)
 S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)
 S3 s1029bus; C:\Windows\System32\DRIVERS\s1029bus.sys [90280 2009-05-25] (MCCI Corporation)
 S3 s1029mdfl; C:\Windows\System32\DRIVERS\s1029mdfl.sys [15016 2009-05-25] (MCCI Corporation)
 S3 s1029mdm; C:\Windows\System32\DRIVERS\s1029mdm.sys [122280 2009-05-25] (MCCI Corporation)
 S3 s1029mgmt; C:\Windows\System32\DRIVERS\s1029mgmt.sys [115880 2009-05-25] (MCCI Corporation)
 S3 s1029nd5; C:\Windows\System32\DRIVERS\s1029nd5.sys [26024 2009-05-25] (MCCI Corporation)
 S3 s1029obex; C:\Windows\System32\DRIVERS\s1029obex.sys [111912 2009-05-25] (MCCI Corporation)
 S3 s1029unic; C:\Windows\System32\DRIVERS\s1029unic.sys [116904 2009-05-25] (MCCI Corporation)
 S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [83336 2007-04-03] (MCCI Corporation)
 S3 s116mdfl; C:\Windows\System32\DRIVERS\s116mdfl.sys [15112 2007-04-03] (MCCI Corporation)
 S3 s116mdm; C:\Windows\System32\DRIVERS\s116mdm.sys [108680 2007-04-03] (MCCI Corporation)
 S3 s116mgmt; C:\Windows\System32\DRIVERS\s116mgmt.sys [100488 2007-04-03] (MCCI Corporation)
 S3 s116nd5; C:\Windows\System32\DRIVERS\s116nd5.sys [23176 2007-04-03] (MCCI Corporation)
 S3 s116obex; C:\Windows\System32\DRIVERS\s116obex.sys [98696 2007-04-03] (MCCI Corporation)
 S3 s116unic; C:\Windows\System32\DRIVERS\s116unic.sys [99080 2007-04-03] (MCCI Corporation)
 S3 STV680; C:\Windows\System32\drivers\STV680.sys [105544 2000-11-10] (STMicroelectronics                                          ) []
 R3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1963680 2006-12-06] (Microsoft Corporation)
 S3 w810bus; C:\Windows\System32\DRIVERS\w810bus.sys [58288 2006-02-20] (MCCI)
 S3 w810mgmt; C:\Windows\System32\DRIVERS\w810mgmt.sys [85408 2008-01-25] (MCCI)
 S3 w810obex; C:\Windows\System32\DRIVERS\w810obex.sys [83344 2008-01-25] (MCCI)
 S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
 S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
 U3 navapsvc; No ImagePath
 S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
 S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 U3 SAVRT; No ImagePath
 U1 SAVRTPEL; No ImagePath
 U2 srservice; No ImagePath
 U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-26 17:44 - 2015-05-26 17:50 - 00062188 _____ () C:\Users\User\Desktop\Addition.txt
 2015-05-26 17:42 - 2015-05-26 18:09 - 00031495 _____ () C:\Users\User\Desktop\FRST.txt
 2015-05-26 17:42 - 2015-05-26 18:09 - 00000000 ____D () C:\FRST
 2015-05-26 17:42 - 2015-05-26 17:42 - 01147392 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
 2015-05-26 17:41 - 2015-05-26 17:41 - 00000000 ____D () C:\Users\User\AppData\Local\visi_coupon
 2015-05-26 17:32 - 2015-05-26 17:40 - 00000000 ____D () C:\AdwCleaner
 2015-05-26 17:31 - 2015-05-26 17:31 - 02223104 _____ () C:\Users\User\Desktop\adwcleaner_4.205.exe
 2015-05-23 11:30 - 2015-05-23 11:30 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk
 2015-05-23 11:30 - 2015-05-23 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
 2015-05-23 11:30 - 2015-05-23 11:30 - 00000000 ____D () C:\Program Files\Common Files\Skype
 2015-05-23 11:28 - 2015-05-23 11:29 - 00270578 _____ () C:\Windows\msxml4-KB973688-enu.LOG
 2015-05-23 11:26 - 2009-08-24 16:47 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
 2015-05-17 18:00 - 2015-05-17 18:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
 2015-05-16 15:19 - 2015-05-16 15:21 - 00000000 ____D () C:\Users\User\Desktop\MRP POLICE CLEARANCE N PPT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-26 18:10 - 2008-02-09 21:59 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{C9932585-4C49-4E0E-87CA-85BC4A312B10}.job
 2015-05-26 17:59 - 2006-11-02 16:47 - 00003200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
 2015-05-26 17:59 - 2006-11-02 16:47 - 00003200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
 2015-05-26 17:46 - 2009-07-01 16:14 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 2015-05-26 17:46 - 2009-07-01 16:14 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
 2015-05-26 16:03 - 2008-01-05 21:16 - 01630662 _____ () C:\Windows\WindowsUpdate.log
 2015-05-26 16:03 - 2006-11-02 15:18 - 00000000 ____D () C:\Windows\tracing
 2015-05-26 16:00 - 2011-01-24 06:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
 2015-05-26 15:59 - 2006-11-02 17:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
 2015-05-23 13:02 - 2006-11-02 17:01 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
 2015-05-23 13:00 - 2012-02-04 15:57 - 00009893 _____ () C:\Windows\IE9_main.log
 2015-05-23 11:58 - 2015-01-25 14:54 - 00000000 ____D () C:\Windows\system32\MRT
 2015-05-23 11:45 - 2006-11-02 15:18 - 00000000 ____D () C:\Windows\Microsoft.NET
 2015-05-23 11:30 - 2012-06-29 12:07 - 00000000 ___RD () C:\Program Files\Skype
 2015-05-23 11:30 - 2012-06-29 12:07 - 00000000 ____D () C:\ProgramData\Skype
 2015-05-19 06:12 - 2009-04-18 15:34 - 00000000 ____D () C:\Users\User\AIRLINES
 2015-05-19 05:39 - 2012-06-18 17:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
 2015-05-08 12:57 - 2010-10-07 14:36 - 00000000 ____D () C:\Users\User\Desktop\Ashirwad
 2015-05-07 15:13 - 2006-11-02 14:33 - 00745868 _____ () C:\Windows\system32\PerfStringBackup.INI
 2015-04-30 10:07 - 2006-11-02 14:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Files in the root of some directories =======

2009-03-02 17:47 - 2012-06-18 19:20 - 0000144 _____ () C:\Users\User\AppData\Roaming\default.rss
 2009-03-02 17:47 - 2009-03-02 17:47 - 0000000 _____ () C:\Users\User\AppData\Roaming\downloads.m3u
 2008-02-11 14:38 - 2008-02-11 14:38 - 0087608 _____ () C:\Users\User\AppData\Roaming\inst.exe
 2009-04-15 21:02 - 2009-04-18 15:15 - 0487761 _____ () C:\Users\User\AppData\Roaming\NMM-MetaData.db
 2008-02-11 14:38 - 2008-02-11 14:38 - 0007887 _____ () C:\Users\User\AppData\Roaming\pcouffin.cat
 2008-02-11 14:38 - 2008-02-11 14:38 - 0001144 _____ () C:\Users\User\AppData\Roaming\pcouffin.inf
 2008-02-11 14:38 - 2008-02-11 14:38 - 0000034 _____ () C:\Users\User\AppData\Roaming\pcouffin.log
 2008-02-11 14:38 - 2008-02-11 14:38 - 0047360 _____ (VSO Software) C:\Users\User\AppData\Roaming\pcouffin.sys
 2009-04-30 19:05 - 2009-04-30 19:05 - 0000000 _____ () C:\Users\User\AppData\Roaming\wklnhst.dat
 2008-01-05 09:27 - 2012-02-16 23:59 - 0001356 _____ () C:\Users\User\AppData\Local\d3d9caps.dat
 2008-01-07 17:23 - 2015-02-28 09:04 - 0161792 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 2008-03-18 16:20 - 2008-03-18 16:20 - 0000092 _____ () C:\Users\User\AppData\Local\fusioncache.dat
 2008-01-09 09:23 - 2008-01-09 09:23 - 0004096 ____H () C:\Users\User\AppData\Local\keyfile3.drm
 2012-03-01 12:25 - 2012-03-01 12:25 - 0017408 _____ () C:\Users\User\AppData\Local\WebpageIcons.db
 2010-02-09 20:34 - 2010-02-09 20:34 - 0148736 _____ (Avanquest Software) C:\ProgramData\hpe5198.dll
 2008-01-18 11:40 - 2013-09-27 08:05 - 0011339 _____ () C:\ProgramData\hpzinstall.log
 2009-04-05 14:26 - 2009-04-05 14:28 - 0007271 _____ () C:\ProgramData\LUUnInstall.LiveUpdate

Files to move or delete:
 ====================
 C:\ProgramData\hpe5198.dll

Some files in TEMP:
 ====================
 C:\Users\User\AppData\Local\Temp\DataCard_Setup.exe
 C:\Users\User\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
 C:\Users\User\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
 C:\Users\User\AppData\Local\Temp\jre-8u40-windows-au.exe
 C:\Users\User\AppData\Local\Temp\Quarantine.exe
 C:\Users\User\AppData\Local\Temp\ResetDevice.exe
 C:\Users\User\AppData\Local\Temp\sqlite3.dll
 C:\Users\User\AppData\Local\Temp\_is45E5.exe
 C:\Users\User\AppData\Local\Temp\_is5EF1.exe
 C:\Users\User\AppData\Local\Temp\_is65D3.exe
 C:\Users\User\AppData\Local\Temp\_is933A.exe
 C:\Users\User\AppData\Local\Temp\_isA19C.exe
 C:\Users\User\AppData\Local\Temp\_isAE8.exe
 C:\Users\User\AppData\Local\Temp\_isB75.exe
 C:\Users\User\AppData\Local\Temp\_isC565.exe
 C:\Users\User\AppData\Local\Temp\_isD2F8.exe
 C:\Users\User\AppData\Local\Temp\_isD680.exe
 C:\Users\User\AppData\Local\Temp\{42208092-FFA2-4B4C-B6C0-87A06D786F61}-40.0.2214.115_chrome_installer.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
 C:\Windows\system32\winlogon.exe => File is digitally signed
 C:\Windows\system32\wininit.exe => File is digitally signed
 C:\Windows\system32\svchost.exe => File is digitally signed
 C:\Windows\system32\services.exe => File is digitally signed
 C:\Windows\system32\User32.dll => File is digitally signed
 C:\Windows\system32\userinit.exe => File is digitally signed
 C:\Windows\system32\rpcss.dll => File is digitally signed
 C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

 

***********************

 

addition log file

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-05-2015
 Ran by User at 2015-05-26 18:10:33
 Running from C:\Users\User\Desktop
 Boot Mode: Normal
 ==========================================================

 

==================== Accounts: =============================

Administrator (S-1-5-21-3241121675-3820270717-1873967838-500 - Administrator - Disabled)
 ASPNET (S-1-5-21-3241121675-3820270717-1873967838-1002 - Limited - Enabled)
 Guest (S-1-5-21-3241121675-3820270717-1873967838-501 - Limited - Enabled) => C:\Users\Guest
 User (S-1-5-21-3241121675-3820270717-1873967838-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Nero SoundTrax Help (Version: 4.0.11.0 - Nero AG) Hidden
µTorrent (HKLM\...\uTorrent) (Version: 3.1.3 - )
AC3Filter (remove only) (HKLM\...\AC3Filter) (Version:  - )
 Acer Arcade Live Main Page (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.0.4010 - Acer Inc.)
 Acer DV Magician (HKLM\...\{F6EFFB76-4A07-11DA-9D78-000129760D75}) (Version: 1.2.2810 - Acer Inc.)
 Acer DVDivine (HKLM\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.1.1610 - Acer Inc.)
 Acer eDataSecurity Management (HKLM\...\{AEEAE013-92F1-4515-B278-139F1A692A36}) (Version: 2.5.3032 - HiTRUST Inc.)
 Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.3005 - Acer Inc.)
 Acer ePerformance Management (HKLM\...\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}) (Version: 2.5.3002 - Acer Inc.)
 Acer HomeMedia (HKLM\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 1.3.4010 - Acer Inc.)
 Acer HomeMedia Connect (HKLM\...\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}) (Version: 1.4.4010 - Acer Inc.)
 Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 4.01.20070419 - Acer Inc.)
 Acer SlideShow DVD (HKLM\...\{41581EF5-45A7-11DA-9D78-000129760D75}) (Version: 1.2.2810 - Acer Inc.)
 Acer Tour (HKLM\...\{94389919-B0AA-4882-9BE8-9F0B004ECA35}) (Version: 2.0.1001 - Acer Inc.)
 Acer VideoMagician (HKLM\...\{F79A208D-D929-11D9-9D77-000129760D75}) (Version: 1.3.1610 - Acer Inc.)
 Acrobat X Suite (HKLM\...\{3F41BA46-09C3-4500-96D7-DC4390AD0124}) (Version: 1.0 - Adobe Systems Incorporated)
 Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
 Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
 Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
 Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
 Adobe Acrobat 6.0 Professional - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000001}) (Version: 006.000.000 - Adobe Systems)
 Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
 Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated)
 Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.3.300.262 - Adobe Systems Incorporated)
 Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
 Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version:  3.0 - )
 Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
 Any DVD Converter Professional 3.5.7 (HKLM\...\Any DVD Converter Professional_is1) (Version:  - Any-DVD-Converter.com)
 Any Video Converter 2.7.3 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
 Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
 Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
 Aquatica 3 (HKLM\...\Aquatica3) (Version:  - )
 ATI Catalyst Install Manager (HKLM\...\{9F827E95-123C-EAA5-6CCD-9D9E8FC2A80E}) (Version: 3.0.710.0 - ATI Technologies, Inc.)
 Audio DVD Creator 1.9.1.0 (HKLM\...\Audio DVD Creator_is1) (Version:  - Goland Tech Ltd.)
 AutoCAD 2010 - English (HKLM\...\AutoCAD 2010 - English) (Version: 18.0.55.0 - Autodesk)
 AutoCAD 2010 - English (Version: 18.0.55.0 - Autodesk) Hidden
 AutoCAD 2010 Language Pack - English (Version: 18.0.55.0 - Autodesk) Hidden
 AutoCAD Electrical 2008 (HKLM\...\AutoCAD Electrical 2008) (Version: 5.0.60.2 - Autodesk)
 AutoCAD Electrical 2008 (Version: 5.0.60.2 - Autodesk) Hidden
 Autodesk Backburner 2008.1 (HKLM\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2008.1 - Autodesk, Inc.)
 Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
 Boris Graffiti (HKLM\...\{262BF2CD-601D-4F43-919C-4B00B1D1F338}) (Version: 5.20.200 - Boris FX, Inc.)
 BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
 ccc-core-static (Version: 2009.0203.2228.40314 - ATI) Hidden
 Chronicle Encyclopedia of History (HKLM\...\Chronicle Encyclopedia of History) (Version:  - )
 Computer Alarm Clock (HKLM\...\Computer Alarm Clock) (Version:  - )
 ConvertXtoDVD 2.2.3.258h (HKLM\...\{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1) (Version: 2.2.3.258h - VSO-Software SARL)
 Creative Modem Blaster PCI DI5663 (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_201514F1) (Version:  - )
 dBpoweramp [Audio Info] Codec (HKLM\...\dBpoweramp [Audio Info] Codec) (Version: Release 1 - Illustrate)
 dBpowerAMP AAC Codec (HKLM\...\dBpowerAMP AAC Codec) (Version:  - )
 dBpoweramp AAC Encoder (HKLM\...\dBpoweramp AAC Encoder) (Version:  - )
 dBpowerAMP FLAC Codec (HKLM\...\dBpowerAMP FLAC Codec) (Version:  - )
 dBpoweramp m4a Codec (HKLM\...\dBpoweramp m4a Codec) (Version: Release 8 - Illustrate)
 dBpoweramp m4b Audio book Encoder (HKLM\...\dBpoweramp m4b Audio book Encoder) (Version:  - )
 dBpowerAMP Monkeys Audio Codec (HKLM\...\dBpowerAMP Monkeys Audio Codec) (Version:  - )
 dBpowerAMP Mp3 (MPEG Suite 2000 CLI) (HKLM\...\dBpowerAMP Mp3 (MPEG Suite 2000 CLI)) (Version:  - )
 dBpowerAMP Music Converter (HKLM\...\dBpowerAMP Music Converter) (Version:  - )
 dBpowerAMP Ogg Vorbis Codec (HKLM\...\dBpowerAMP Ogg Vorbis Codec) (Version:  - )
 dBpowerAMP Shorten Codec (HKLM\...\dBpowerAMP Shorten Codec) (Version:  - )
 dBpowerAMP Skin Designer (HKLM\...\dBpowerAMP Skin Designer) (Version:  - )
 Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
 Digital Media Converter 2.78 (HKLM\...\Digital Media Converter_is1) (Version:  - Deskshare Inc.)
 Disc2Phone (HKLM\...\{6E65247F-58F9-41CA-BE69-0316F7907170}) (Version: 1.3.0.106 - Sony Media Software)
 DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.0.0 - DivX, Inc.)
 DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.0.0 - DivX, Inc.)
 DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
 DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
 DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.0.0.19 - DivX, Inc.)
 dMC Power Pack (HKLM\...\dMC Power Pack) (Version:  - )
 DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
 DolbyFiles (Version: 2.0 - Nero AG) Hidden
 Dorling Kindersley XP Update (HKLM\...\{D9D76D84-F59D-43AA-B302-6B36CE1DE9F1}) (Version: 1.00.0000 - GSP)
 Driver Genius Professional Edition (HKLM\...\Driver Genius Professional Edition_is1) (Version:  - Driver-Soft Inc.)
 DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
 DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
 DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1319 - CyberLink Corporation)
 dvdSanta 4.50 (HKLM\...\dvdSanta 4.50 - Make your own DVD movies!_is1) (Version:  - ZY Computing, Inc)
 Easy DVD Rip (HKLM\...\Easy DVD Rip) (Version:  - )
 EPSON PhotoQuicker3.0 (HKLM\...\{1F363A3E-92D8-4C24-B84F-487DA22BEE3E}) (Version:  - )
 EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
 eSobi v2 (HKLM\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.0.00111 - esobi Inc.)
 eSobi v2 (Version: 2.0.0.00111 - esobi Inc.) Hidden
 Eyewitness Encyclopedia of Nature 2.0 (HKLM\...\Eyewitness Encyclopedia of Nature 2.0) (Version:  - )
 Eyewitness History of the World 3.0 (HKLM\...\{DB4C2E4D-F2F8-4B14-A299-6A54B29B45FF}) (Version: 3.0 - )
 FastView Image Viewer (HKLM\...\FastView Image Viewer) (Version:  - )
 FBX Plugin 2009.0 for Max 2009 (HKLM\...\FBX Plugin 2009.0 for Max 2009) (Version:  - )
 Foxit Phantom (HKLM\...\Foxit Phantom) (Version: 2.2.2.1108 - Foxit Software Company)
 Freemake Video Converter version 3.0.2 (HKLM\...\Freemake Video Converter_is1) (Version: 3.0.2 - Ellora Assets Corporation)
 GetRight (HKLM\...\GetRight Pro_is1) (Version:  - Headlight Software, Inc.)
 Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
 Google Earth (HKLM\...\{2EAF7E61-068E-11DF-953C-005056806466}) (Version: 5.1.7938.4346 - Google)
 Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
 Google Talk (remove only) (HKLM\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
 Google Talk (remove only) (HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
 Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
 Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
 Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
 Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
 GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
 HijackThis 1.99.1 (HKLM\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
 Hijackthis 1.99.1 (HKLM\...\Hijackthis_is1) (Version:  - Soeperman Enterprises Ltd)
 Home Media Server 4.2.0.38 (HKLM\...\Home Media Server 4.2.0.38) (Version:  - Universal Electronics, Inc.)
 HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
 HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
 HP Scanjet G2710 (HKLM\...\{15220096-5EA9-4C53-89ED-ADBD38BCA32C}) (Version: 13.0 - HP)
 HP Scanjet G2710 (HKLM\...\{26D127FF-C0BF-4387-8AF7-242F59D9D9D8}) (Version: 13.0 - HP)
 HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
 HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
 hpg2710 (Version: 13.0.0.0 - Hewlett-Packard) Hidden
 HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
 HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
 ImageForge version 3.60 (HKLM\...\ImageForge version 3.60_is1) (Version:  - )
 ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
 Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
 Kaspersky Internet Security 2012 (HKLM\...\InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}) (Version: 12.0.0.374 - Kaspersky Lab)
 Kaspersky Internet Security 2012 (Version: 12.0.0.374 - Kaspersky Lab) Hidden
 Kybtec World Clock 3.3.1.1 (HKLM\...\{25D4A6A6-BFBF-49AF-89CA-635A468B0515}) (Version: 1.0.0 - Kybtec Software)
 Landscapes Screen Saver (HKLM\...\Landscapes) (Version:  - Made with Softdisk's Screen Saver Studio)
 LifeGlobe Goldfish Aquarium 2.0 (HKLM\...\LifeGlobe Goldfish Aquarium 2.0_is1) (Version: 2.0 - Prolific Publishing, Inc.)
 LightScribe  1.4.136.1 (Version: 1.4.136.1 - http://www.lightscribe.com) Hidden
 LiveUpdate 3.2 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
 LiveUpdate Notice (Symantec Corporation) (HKLM\...\{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}) (Version: 1.4.5 - Symantec Corporation)
 Macromedia Shockwave Player (HKLM\...\Macromedia Shockwave Player) (Version:  - )
 Magic Bullet Looks Studio (HKLM\...\Magic Bullet Looks Studio) (Version:  - )
 Media Go (HKLM\...\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}) (Version: 1.1.237 - Sony)
 Menu Templates - Starter Kit (Version: 9.0.4.0 - Nero AG) Hidden
 Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
 Microsoft .NET Framework 1.1 Hotfix (KB929729) (HKLM\...\M929729) (Version:  - )
 Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
 Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
 Microsoft Encarta Premium 2006 DVD (HKLM\...\{06040081-3E21-46D6-9A91-D927BA08F41D}) (Version: 2006 - Microsoft Corporation)
 Microsoft LifeCam (HKLM\...\{06C32EA0-4A22-4919-979A-8700715865B8}) (Version: 1.30.175.0 - Microsoft)
 Microsoft Money Plus (HKLM\...\Money2008b) (Version: 17 - Microsoft)
 Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
 Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
 Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
 Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
 Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version:  - )
 Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
 Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
 MiniMinder 7.29 (HKLM\...\MiniMinder_is1) (Version: 7.29 - vellosoft)
 MKV Player 2.0.1 (HKLM\...\MKV Player_is1) (Version:  - vsevensoft.com)
 MKVToolNix 5.6.0 (HKLM\...\MKVToolNix) (Version: 5.6.0 - Moritz Bunkus)
 MotionDV STUDIO 6.0E LE for DV (HKLM\...\{4C41DF54-F78D-404E-9E71-29EF5A00F1E9}) (Version:  - Matsubleepa Electric Industrial Co., Ltd.)
 Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version:  - )
 Movie Templates - Pack 1 (Version: 9.0.4.0 - Nero AG) Hidden
 Movie Templates - Starter Kit (Version: 9.0.4.0 - Nero AG) Hidden
 Mozilla Firefox 38.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
 Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
 MP3 Sound Cutter 1.40 (HKLM\...\MP3 Sound Cutter 1.40) (Version:  - )
 MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
 MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
 MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
 MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
 MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
 MyPhoneExplorer (HKLM\...\MPE) (Version: 1.7.1 - F.J. Wechselberger)
 Nero 9 (HKLM\...\{3821e15f-f1fb-409d-bd47-26066ca5017e}) (Version:  - Nero AG)
 Nero BackItUp 4 (HKLM\...\{0c3f141c-6035-43fb-8621-b391cf394839}) (Version:  - Nero AG)
 Nokia Connectivity Cable Driver (HKLM\...\{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}) (Version: 7.1.27.0 - Nokia)
 Nokia Download! (HKLM\...\{65A14D7B-6CEA-4E79-9311-D1ED8BF5C1C9}) (Version: 2.1.11.0 - Nokia)
 Nokia Map Loader (HKLM\...\{03528A01-7E5E-4C5F-94DF-1D8012E969EF}) (Version: 1.3.0 - Nokia)
 Nokia Nseries Video Manager (HKLM\...\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}) (Version: 1.1.12.4 - Nokia)
 Nokia Ovi Suite (HKLM\...\Nokia Ovi Suite) (Version: 2.1.0.87 - Nokia)
 Nokia Ovi Suite (Version: 2.1.0.87 - Nokia) Hidden
 Nokia Ovi Suite Software Updater (HKLM\...\{BA63348B-143D-4CAC-A355-3879402ED781}) (Version: 02.04.003.40902 - Nokia Corporation)
 Nokia Photos (HKLM\...\{A2F7A1E8-0162-413E-948C-05D34331C265}) (Version: 1.1.106 - Nokia)
 Nokia Software Updater (HKLM\...\{2FA28330-2028-4033-BD10-425C87EB4D54}) (Version: 01.04.035.32590 - Nokia Corporation)
 NTI Backup NOW! 4.7 (HKLM\...\{67ADE9AF-5CD9-4089-8825-55DE4B366799}) (Version: 4 - NewTech Infosystems)
 NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
 NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
 OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
 Oman Mobile Broadband (HKLM\...\Oman Mobile Broadband) (Version: 16.001.06.01.436 - Huawei Technologies Co.,Ltd)
 Orb (HKLM\...\Orb) (Version: 2.2007.0828.1100 - Orb Networks)
 Orca (HKLM\...\{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}) (Version: 3.1.3790.0000 - Microsoft Corporation)
 Ovi Desktop Sync Engine (Version: 1.2.254.0 - Nokia) Hidden
 OviMPlatform (Version: 2.6.86.0 - Nokia) Hidden
 PC Connectivity Solution (HKLM\...\{481C9A00-91AC-4065-870C-BD4E28186E5A}) (Version: 10.5.1.0 - Nokia)
 PHOTORECOVERY® for Digital Media  (HKLM\...\PHOTORECOVERY) (Version:  - )
 Pinnacle Instant DVD Recorder (HKLM\...\{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}) (Version: 2.5.0.090 - Pinnacle Systems)
 Pinnacle Studio 12 (HKLM\...\{D041EB9E-890A-4098-8F94-51DA194AC72A}) (Version: 12.0.0.6163 - Team V.R)
 Pinnacle Studio 12 Ultimate Plugins (HKLM\...\{D1860E6E-520E-4380-8433-E58E8F88B473}) (Version: 12.0.0.0 - Pinnacle Systems)
 Pinnacle Video Driver (HKLM\...\{5EB90C06-964F-4195-B83E-BD7E55C88415}) (Version: 12.00.0017 - Pinnacle Systems)
 PlayMemories Home (HKLM\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.3.00.04221 - Sony Corporation)
 PlayStation®Network Downloader (HKLM\...\{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}) (Version: 1.02.00005 - Sony Computer Entertainment Inc.)
 PlayStation®Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 2.0.8.03595 - Sony Computer Entertainment Inc.)
 PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation)
 PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version:  - )
 Primo (Version: 1.00.0000 - Your Company Name) Hidden
 QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
 QuickTime Alternative 1.30 (HKLM\...\QuicktimeAlt_is1) (Version: 1.30 - )
 RAMDisk (HKLM\...\{51682D1A-7FFF-44B4-960F-447C0F63E90D}) (Version: 4.0.1.9 - Dataram, Inc.)
 RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
 RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks)
 Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5377 - Realtek Semiconductor Corp.)
 RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
 Runtime (Version: 1.00.0000 - Your Company Name) Hidden
 Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
 SereneScreen Marine Aquarium 2 (HKLM\...\SereneScreen Marine Aquarium 2_is1) (Version: 2.0 - Prolific Publishing, Inc.)
 Shockwave 7.0.3 Player (HKLM\...\Shockwave 7.0.3 Player) (Version:  - )
 Skins (Version: 2009.0203.2228.40314 - ATI) Hidden
 Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.0.10297 - Skype Technologies S.A.)
 Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
 SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
 Sony Ericsson Device Data (Version: 1.0.32 - Sony Ericsson) Hidden
 Sony Ericsson Drivers (Version: 1.0.28 - Sony Ericsson) Hidden
 Sony Ericsson Media Manager 1.2 (HKLM\...\{9EB1504E-FD95-4BCD-8E93-B4039F59C469}) (Version: 1.2.610 - Sony Ericsson)
 Sony Ericsson PC Companion 2.02.002 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.02.002 - Sony Ericsson)
 Sony Ericsson PC Suite (HKLM\...\{D6BF6477-8369-489F-8DE6-3731F4B88560}) (Version: 2.10.46 - )
 Sony Ericsson PC Suite (Version: 2.10.37 - Sony Ericsson) Hidden
 Sony USB Driver (HKLM\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: 2.00 - Sony Corporation)
 SoundTrax (Version: 4.0.11.0 - Nero AG) Hidden
 TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer)
 The Ultimate Human Body 3 (HKLM\...\{EFD0FDED-2E86-4002-B2A7-612F93CEF08F}) (Version: 1.1 - )
 TimeLeft (HKLM\...\TIMELEFT3_is1) (Version: 3.32 - NesterSoft Inc.)
 Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
 Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
 Update Service (HKLM\...\Update Service) (Version: 2.10.2.53 - Sony Ericsson Mobile Communications AB)
 USB ACF Modem (HKLM\...\CNXT_MODEM_USB_ACF) (Version: 2.0.17.50 - Conexant)
 USB CAMERA ST (HKLM\...\USB CAMERA ST) (Version:  - )
 VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
 VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
 VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
 Vista Manager (HKLM\...\{4E79AC14-1F0A-4044-B069-126EDCD2308F}) (Version: 1.4.5 - Yamicsoft)
 Visviva Animation Player (HKLM\...\Visviva Animation Player) (Version:  - )
 VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
 Volts (HKLM\...\Volts) (Version: 4.00 - Dolphins Software)
 WD Link (HKLM\...\WD Link) (Version: 1.00.03 - Western Digital)
 WD SmartWare (HKLM\...\{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}) (Version: 1.2.0.8 - Western Digital)
 WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
 Windows Driver Package - Nokia Modem  (02/15/2007 3.1) (HKLM\...\0C5EDC3653FED5B121F464339EAC12534D253B25) (Version: 02/15/2007 3.1 - Nokia)
 Windows Driver Package - Nokia Modem  (02/15/2007 3.1) (HKLM\...\B726756F5B5A5AA9D798B399386FC6205A45F19E) (Version: 02/15/2007 3.1 - Nokia)
 Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
 Windows Live installer (HKLM\...\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}) (Version: 12.0.1471.1025 - Microsoft Corporation)
 Windows Live Messenger (HKLM\...\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}) (Version: 8.5.1302.1018 - Microsoft Corporation)
 Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
 WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
 WinZip 14.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
 World of Warcraft FREE Trial (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
 xat.com Image Optimizer (HKLM\...\xat.com Image Optimizer) (Version:  - )
 Xilisoft DVD Ripper Ultimate SE (HKLM\...\Xilisoft DVD Ripper Ultimate SE) (Version: 7.1.0.20120222 - Xilisoft)
 XviD & MP3 Codec Pack (remove only) (HKLM\...\XviD & MP3 Codec Pack_is1) (Version:  - )
 XviD MPEG-4 Video Codec (HKLM\...\XviD_is1) (Version: XviD-1.0.3-20122004 - XviD Team (Koepi))
 Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
 Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
 Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
 CustomCLSID: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000_Classes\CLSID\{28B7AA99-C0F9-4C47-995E-8A8D729603A1}\localserver32 -> C:\Program Files\Autodesk\Acade 2008\acad.exe (Autodesk, Inc.)
 CustomCLSID: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
 CustomCLSID: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000_Classes\CLSID\{6AB55F46-2523-4701-A912-B226F46252BA}\localserver32 -> C:\Program Files\Autodesk\Acade 2008\acad.exe (Autodesk, Inc.)
 CustomCLSID: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000_Classes\CLSID\{6CE4B8A6-4DB5-4F63-8013-1197503692EF}\InprocServer32 -> C:\Users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\YBPAddon_2.9.8.dll (Yahoo! Inc.)
 CustomCLSID: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
 CustomCLSID: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000_Classes\CLSID\{7AABBB95-79BE-4C0F-8024-EB6AF271231C}\localserver32 -> C:\Program Files\Autodesk\Acade 2008\acad.exe (Autodesk, Inc.)
 CustomCLSID: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
 CustomCLSID: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
 CustomCLSID: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
 CustomCLSID: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2010\acadficn.dll (Autodesk, Inc.)

==================== Restore Points =========================

10-03-2015 17:24:24 Scheduled Checkpoint
 12-03-2015 17:47:33 Scheduled Checkpoint
 13-03-2015 13:17:29 Scheduled Checkpoint
 16-03-2015 17:10:29 Scheduled Checkpoint
 20-03-2015 08:02:03 Scheduled Checkpoint
 04-04-2015 09:32:42 Scheduled Checkpoint
 15-04-2015 19:22:14 Scheduled Checkpoint
 17-04-2015 20:45:15 Scheduled Checkpoint
 07-05-2015 16:56:04 Scheduled Checkpoint
 17-05-2015 19:04:05 Scheduled Checkpoint
 23-05-2015 11:28:03 Windows Update
 26-05-2015 17:03:58 Scheduled Checkpoint

==================== Hostscontent: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 14:23 - 2009-04-23 09:24 - 00000814 ___RH C:\Windows\system32\Drivers\etc\hosts
 127.0.0.1 nero.com
 127.0.0.1 www.nero.com
 127.0.0.1 activate.nero.com
 127.0.0.1 www.activate.nero.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {014100E7-92B8-4063-88F8-D732D92A524F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3241121675-3820270717-1873967838-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
 Task: {13F71420-F8A9-489F-B1EC-C93E2A8143E0} - System32\Tasks\Express Files Updater => C:\Program Files\ExpressFiles\EFupdater.exe <==== ATTENTION
 Task: {5DF7920B-A44E-4C33-B06C-ABB373504B9C} - System32\Tasks\{4A929044-8EC9-4288-AAAA-6D2B8719B82B} => pcalua.exe -a E:\setup.exe -d E:\
 Task: {687BB0A3-E69F-404D-A708-F54D9E4F91B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
 Task: {B883978A-2C4A-460C-9429-801EC80E61C4} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - User => C:\Program Files\Windows Calendar\wincal.exe [2008-01-18] (Microsoft Corporation)
 Task: {C2B1BC30-3505-43E8-B0A1-7C212113DA6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
 Task: {CF145E39-35F2-47BF-A3C6-24910A52CCD6} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3241121675-3820270717-1873967838-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
 Task: {CF301C82-2C97-42FD-B377-7E2DD797F371} - System32\Tasks\NeroLiveEpgUpdate-User-PC_User => C:\Program Files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-01] (Nero AG)
 Task: {E7FDCD15-DB92-4327-88A3-4AF10D28D278} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 Task: C:\Windows\Tasks\NeroLiveEpgUpdate-User-PC_User.job => C:\Program Files\Nero\Nero 9\Nero Live\NeroLive.exe
 Task: C:\Windows\Tasks\User_Feed_Synchronization-{C9932585-4C49-4E0E-87CA-85BC4A312B10}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0B9D8E22
 AlternateDataStreams: C:\ProgramData\TEMP:242231A9
 AlternateDataStreams: C:\ProgramData\TEMP:8FF81EB0
 AlternateDataStreams: C:\ProgramData\TEMP:C1F4198F
 AlternateDataStreams: C:\ProgramData\TEMP:FB1B13D8

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\onlinesbi.com -> hxxps://www.onlinesbi.com
 IE trusted site: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\yahoo.com -> yahoo.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
 DNS Servers: 212.72.1.186 - 212.72.23.30

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Al-Ufuq Internet Timer.LNK => C:\Windows\pss\Al-Ufuq Internet Timer.LNK.CommonStartup
 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BlueSoleil.lnk => C:\Windows\pss\BlueSoleil.lnk.CommonStartup
 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk => C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^E_SPSU01.lnk => C:\Windows\pss\E_SPSU01.lnk.CommonStartup
 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk => C:\Windows\pss\GetRight - Tray Icon.lnk.CommonStartup
 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GetRight.lnk => C:\Windows\pss\GetRight.lnk.CommonStartup
 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nokia Nseries PC Suite.lnk => C:\Windows\pss\Nokia Nseries PC Suite.lnk.CommonStartup
 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PCM Media Sharing.lnk => C:\Windows\pss\PCM Media Sharing.lnk.CommonStartup
 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup
 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk => C:\Windows\pss\WDSmartWare.lnk.CommonStartup
 MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MiniMinder.lnk => C:\Windows\pss\MiniMinder.lnk.Startup
 MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
 MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk => C:\Windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup
 MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PMB Media Check Tool.lnk => C:\Windows\pss\PMB Media Check Tool.lnk.Startup
 MSCONFIG\startupreg: Acer Empowering Technology Monitor => C:\Acer\Empowering Technology\SysMonitor.exe
 MSCONFIG\startupreg: Acer Tour Reminder => C:\Acer\AcerTour\Reminder.exe
 MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
 MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
 MSCONFIG\startupreg: ALUAlert => C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
 MSCONFIG\startupreg: Computer Alarm Clock => C:\PROGRA~1\COMPUT~1\cac.exe
 MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
 MSCONFIG\startupreg: dplaysvr => C:\Users\User\AppData\Local\dplaysvr.exe
 MSCONFIG\startupreg: E06AXLRD_11778590 => "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
 MSCONFIG\startupreg: E06AXLRD_1797771 => "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
 MSCONFIG\startupreg: E06AXLRD_22555934 => "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
 MSCONFIG\startupreg: E06AXLRD_26008642 => "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
 MSCONFIG\startupreg: E06AXLRD_30992796 => "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
 MSCONFIG\startupreg: E06AXLRD_31995758 => "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
 MSCONFIG\startupreg: E06AXLRD_32938113 => "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
 MSCONFIG\startupreg: E06AXLRD_44915932 => "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
 MSCONFIG\startupreg: E06AXLRD_52618622 => "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
 MSCONFIG\startupreg: E06AXLRD_5453170 => "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
 MSCONFIG\startupreg: E06AXLRD_5880629 => "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
 MSCONFIG\startupreg: E06AXLRD_8202766 => "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
 MSCONFIG\startupreg: eDataSecurity Loader => C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
 MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
 MSCONFIG\startupreg: ExpressFiles => "C:\Program Files\ExpressFiles\ExpressFiles.exe" -tray
 MSCONFIG\startupreg: googletalk => C:\Program Files\Google\Google Talk\googletalk.exe /autostart
 MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
 MSCONFIG\startupreg: HDD Regenerator => C:\Program Files\HDD Regenerator\HDD Regenerator.exe
 MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
 MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
 MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} =>
 MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
 MSCONFIG\startupreg: JFSW2Launch => C:\Users\User\AppData\Roaming\Transcend\JFSW2\JFSW2Launch.exe
 MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
 MSCONFIG\startupreg: LifeCam => "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
 MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
 MSCONFIG\startupreg: MsnMsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
 MSCONFIG\startupreg: NBKeyScan => "C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
 MSCONFIG\startupreg: NokiaMServer => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
 MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
 MSCONFIG\startupreg: PDA Autoupdater. => C:\Angel PDA\PDA Autoupdater.exe
 MSCONFIG\startupreg: PDAMessageFetcher => C:\Angel PDA\PDAMessageFetcher.exe
 MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
 MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
 MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
 MSCONFIG\startupreg: Rynga => "C:\Program Files\Rynga.com\Rynga\Rynga.exe" -nosplash -minimized
 MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
 MSCONFIG\startupreg: SMSERIAL => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
 MSCONFIG\startupreg: Sony Ericsson PC Companion => "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
 MSCONFIG\startupreg: Sony Ericsson PC Suite => "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
 MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
 MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
 MSCONFIG\startupreg: Symantec PIF AlertEng => "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
 MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\realplayer\update\realsched.exe"  -osboot
 MSCONFIG\startupreg: VX1000 => C:\Windows\vVX1000.exe
 MSCONFIG\startupreg: WarReg_PopUp => C:\Acer\WR_PopUp\WarReg_PopUp.exe
 MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
 MSCONFIG\startupreg: Yahoo Messengger =>
 MSCONFIG\startupreg: Yahoo! Pager => "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
 FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
 FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
 FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
 FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
 FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
 FirewallRules: [{BFE33219-B01F-48DF-8094-1756B2826AC5}] => (Allow) C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe
 FirewallRules: [{CBD0CBA4-66E1-4E55-B1E3-BDC0499F90B3}] => (Allow) C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe
 FirewallRules: [{F1931013-26ED-4DF4-BBC3-D6ACBC1FA22B}] => (Allow) C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe
 FirewallRules: [{B425947F-BF97-46C2-858B-AC85F622C67F}] => (Allow) C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe
 FirewallRules: [{8340E11A-07C8-4CD6-B3EA-DEE597870B6D}] => (Allow) C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe
 FirewallRules: [{75996BDB-E1F8-4FFE-A535-32F6C62029F7}] => (Allow) C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe
 FirewallRules: [{DEBE4D9E-0694-4B17-BA0B-05332238DAA0}] => (Allow) C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe
 FirewallRules: [{93136840-18D2-4E4F-ADF5-9EC1796A44E7}] => (Allow) C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe
 FirewallRules: [{CB0C21E7-C294-42EE-9705-54EE792D5004}] => (Allow) C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE
 FirewallRules: [{5B3D42B8-5972-4E5F-9032-7332C70F9214}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
 FirewallRules: [{FE376EE1-8C63-4E51-82D2-8291462CBC8C}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
 FirewallRules: [{B0CA0FC2-3590-4AAF-A476-98DB437A9281}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe
 FirewallRules: [{C8EA3CD9-C2BE-44E1-AC40-60D9FD4ADF58}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe
 FirewallRules: [{341943D6-3E53-4FA4-846F-6C7556178984}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe
 FirewallRules: [{5650DA7E-564D-4990-B3DD-90355F259205}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe
 FirewallRules: [{569F425A-2687-4EDA-AA4B-816EBCE84462}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
 FirewallRules: [{AB29661F-AE12-4D65-AAC8-E2A60F3FE72D}] => (Allow) svchost.exe
 FirewallRules: [{F2145C35-54DA-420D-913E-DF85F8A54234}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
 FirewallRules: [{1E0A0F6F-3A50-4364-9821-B96466D8D830}] => (Allow) C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
 FirewallRules: [{622AD7C9-60B1-4E77-90AA-D0C7E204E32D}] => (Allow) C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
 FirewallRules: [{682B0B94-3146-4D76-AEE5-274315AEB1D7}] => (Allow) C:\Program Files\Autodesk\Backburner\monitor.exe
 FirewallRules: [{B05D538B-CE2A-438E-95D3-E944ED2DD70D}] => (Allow) C:\Program Files\Autodesk\Backburner\monitor.exe
 FirewallRules: [{C76EC563-1B79-4028-8501-4BD7351DB73B}] => (Allow) C:\Program Files\Autodesk\Backburner\manager.exe
 FirewallRules: [{978CEAA8-352B-4011-AE8C-824652422E22}] => (Allow) C:\Program Files\Autodesk\Backburner\manager.exe
 FirewallRules: [{165AFA96-4E49-4D4E-A4B5-C0E7A59D651D}] => (Allow) C:\Program Files\Autodesk\Backburner\server.exe
 FirewallRules: [{7C12414A-7CE2-4955-AA5F-3BEFC7A138B7}] => (Allow) C:\Program Files\Autodesk\Backburner\server.exe
 FirewallRules: [{925CFA8D-D88D-4A0F-AA8E-F090FC7EAAD6}] => (Allow) C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe
 FirewallRules: [{E15AC1C0-4F8A-453C-8DEB-92A8984433DD}] => (Allow) C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe
 FirewallRules: [{888DA967-7CDD-4DCD-9505-22E8F6D9FEF3}] => (Allow) C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe
 FirewallRules: [{21F1765C-67F6-49EE-8B30-9DA67CB98D27}] => (Allow) C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe
 FirewallRules: [{47F1B3EE-47D3-4C5D-9629-945C88180548}] => (Allow) C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe
 FirewallRules: [{91508F26-024A-4C7E-9A18-8B92824DB2F2}] => (Allow) C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe
 FirewallRules: [{D49BE039-8EF5-4BFD-BBF8-48295F8E0659}] => (Allow) C:\Program Files\Google\Google Talk\googletalk.exe
 FirewallRules: [{F01BAC53-FAA0-4FD9-9E46-7FDCFA00F349}] => (Allow) C:\Program Files\Google\Google Talk\googletalk.exe
 FirewallRules: [TCP Query User{6E8F9196-0677-4B4B-B178-F85697583E18}C:\program files\ringasia4\rnas4fone.exe] => (Block) C:\program files\ringasia4\rnas4fone.exe
 FirewallRules: [UDP Query User{175B0430-C934-403D-9FC5-757C4D684A22}C:\program files\ringasia4\rnas4fone.exe] => (Block) C:\program files\ringasia4\rnas4fone.exe
 FirewallRules: [{9BFAE88D-2354-47A8-B554-DCBFC1B32543}] => (Allow) C:\Program Files\Orb Networks\Orb\bin\Orb.exe
 FirewallRules: [{377C6117-5527-426A-9E76-B5549AE76AE4}] => (Allow) C:\Program Files\Orb Networks\Orb\bin\Orb.exe
 FirewallRules: [{DB4EE14F-7BF1-438B-BC4A-4FCB1F036717}] => (Allow) C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
 FirewallRules: [{6BC08671-C5B3-4773-8972-B3E401DC25F8}] => (Allow) C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
 FirewallRules: [{4DA566E1-44E1-4AFD-A3A8-FF97A27A0504}] => (Allow) C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe
 FirewallRules: [{05D0FDF3-04BA-4C69-BFA3-13AEAAED4CCE}] => (Allow) C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe
 FirewallRules: [{6F4EEBCA-FA4F-4602-AA40-782530D5F9A4}] => (Allow) C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe
 FirewallRules: [{5C5FB57F-5F71-4403-9255-44B87A14ECAA}] => (Allow) C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe
 FirewallRules: [{3B753BBD-C686-4A8A-B4E7-5B4EBDB18048}] => (Allow) C:\Program Files\Orb Networks\Orb\bin\xmltv.exe
 FirewallRules: [{EDAEBF88-422D-4AD0-827F-0F7E4365DEB3}] => (Allow) C:\Program Files\Orb Networks\Orb\bin\xmltv.exe
 FirewallRules: [{1B13D6EC-0BD3-4515-8E2C-69E92A9A2F30}] => (Allow) C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe
 FirewallRules: [{AAD14350-12BF-450E-A46F-D79C8DB6CC10}] => (Allow) C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe
 FirewallRules: [TCP Query User{9C05C00C-6FFD-47B3-941D-00A1BF40E0CF}C:\program files\common files\ahead\nero web\setupx.exe] => (Allow) C:\program files\common files\ahead\nero web\setupx.exe
 FirewallRules: [UDP Query User{CC294C2A-464F-45B4-974C-66A35F91AB4F}C:\program files\common files\ahead\nero web\setupx.exe] => (Allow) C:\program files\common files\ahead\nero web\setupx.exe
 FirewallRules: [{A590A440-FBEA-495E-BEE7-8453C3B3DAF7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
 FirewallRules: [{EFD28FDD-8F8A-4F21-B588-571CA7A327F0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
 FirewallRules: [{E4E25153-7C6E-412F-95AF-5BE6F150AA1E}] => (Allow) C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe
 FirewallRules: [{C9F187CE-6C1E-4A2F-B31A-497A69D457AD}] => (Allow) C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe
 FirewallRules: [{4328C824-1544-4817-B5E5-4B6C8879C009}] => (Allow) C:\Program Files\Rynga.com\Rynga\Rynga.exe
 FirewallRules: [{24F20A13-D6D3-4EE2-A197-1A159992C787}] => (Allow) C:\Program Files\Rynga.com\Rynga\Rynga.exe
 FirewallRules: [{E884517D-7B10-4DD9-B925-6C7C2EC786C9}] => (Allow) C:\Program Files\Sony Ericsson\Update Service\Update Service.exe
 FirewallRules: [{52BDD609-E230-43B9-9DC2-DDBC747D559B}] => (Allow) C:\Program Files\Sony Ericsson\Update Service\Update Service.exe
 FirewallRules: [{BEC9C213-A4D3-4D99-B1E2-521DFB717D10}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
 FirewallRules: [{527C1DF3-C6DD-440F-858A-F1322B2E1237}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
 FirewallRules: [{23BE3657-4CE7-4332-A8C9-679164DF3533}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
 FirewallRules: [{288C7C71-E6D1-4ACE-8B56-6A737BF62A4A}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
 FirewallRules: [{3AEDEA47-DD55-4DBA-8DF8-129CD970AE8A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
 FirewallRules: [{BE07D3FC-524B-4BA6-A736-5F0320F684CC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
 FirewallRules: [{FC99A1E9-D6B0-475B-9C2C-5C08B3112F5A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
 FirewallRules: [{C1DC31D8-86AD-438A-9F37-9E33D4915209}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
 FirewallRules: [{046C6F2E-82C1-42E0-8D3D-0B8E1A7E6B8F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
 FirewallRules: [{8A4FADA1-2ADF-44B4-9FC9-317F57E691BE}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
 FirewallRules: [{D2E7B382-857D-46F9-8A6F-DF74C6CDD699}] => (Allow) C:\Users\User\Desktop\Xilisoft_DVD_Ripper_Ultimate_5_0_51_0925_downloader_2171b.exe
 FirewallRules: [{4E20E443-DD11-4EDF-B302-0F1B4788098B}] => (Allow) C:\Users\User\Desktop\Xilisoft_DVD_Ripper_Ultimate_5_0_51_0925_downloader_2171b.exe
 FirewallRules: [{4BCC0317-952A-4FD5-A401-B4B6282CF1BB}] => (Allow) C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LDZSLH1C\Xilisoft_DVD_Ripper_Ultimate_5_0_51_0925_downloader_2171b[1].exe
 FirewallRules: [{7BB99CEE-FE01-4FA0-BC03-BA7AEA5D3E84}] => (Allow) C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LDZSLH1C\Xilisoft_DVD_Ripper_Ultimate_5_0_51_0925_downloader_2171b[1].exe
 FirewallRules: [{50EEE80E-F635-44B4-A2B3-D61AF780A1B8}] => (Allow) C:\Program Files\ExpressFiles\ExpressFiles.exe
 FirewallRules: [{7F3943A1-88A9-4A5B-AFDA-A051F190170B}] => (Allow) C:\Program Files\ExpressFiles\ExpressFiles.exe
 FirewallRules: [{5D979F6E-982B-47B9-BA0A-45F8FD4D6609}] => (Allow) C:\Program Files\ExpressFiles\ExpressDL.exe
 FirewallRules: [{99ED2A12-10C5-4A06-9167-ACFEED6E63A2}] => (Allow) C:\Program Files\ExpressFiles\ExpressDL.exe
 FirewallRules: [{106DF7B7-BAC2-4943-B227-21962D600DC9}] => (Allow) C:\Users\User\AppData\Local\Temp\~os96D3.tmp\rlvknlg.exe
 FirewallRules: [{5E3ADE9C-B282-4884-BDAA-D470DD27D275}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 FirewallRules: [{DE00F5F8-BA00-43F1-8A75-EB9365856074}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 FirewallRules: [{3A7777F8-F048-4DAA-9A1C-F028AD12597F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
 FirewallRules: [{EE8F6084-EECC-4DB9-B79A-0BE841355091}] => (Allow) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
 FirewallRules: [{48212E2F-CE16-47C0-B766-401CB1EF02E4}] => (Allow) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
 FirewallRules: [{3FCE6D3E-3F31-4E82-A7CA-08FCE8454E20}] => (Allow) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
 FirewallRules: [{84DC0753-9140-41DF-991F-33133B374A64}] => (Allow) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
 FirewallRules: [{09F4DFE4-3278-4DEA-B506-D6B9182DBF9C}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
 FirewallRules: [{37017C13-FAA6-4829-89D5-9A722B7C07D8}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
 FirewallRules: [{56DCE0C8-2081-4D68-9AEC-6C15912F9B48}] => (Allow) C:\Program Files\RelevantKnowledge\rlvknlg.exe
 FirewallRules: [{9994466B-79A2-4C2A-9AE4-8BFAF442EBE5}] => (Allow) C:\Program Files\RelevantKnowledge\rlvknlg.exe
 FirewallRules: [{BC4FD5EE-696D-40FA-86CC-6FD6256A62CC}] => (Allow) C:\Users\User\AppData\Local\Temp\~osE418.tmp\rlvknlg.exe
 FirewallRules: [{88ACC368-6B8A-4372-BDEB-9B3AB1C78E3D}] => (Allow) C:\Users\User\AppData\Local\Temp\~osCA9F.tmp\rlvknlg.exe
 FirewallRules: [{71604F5B-1DB9-43BE-B9C6-AFA60CAAC09B}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
 FirewallRules: [{C44E844A-2F7E-4AF8-9645-3767001FAAFC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
 FirewallRules: [{F4A1720B-E461-4415-BF78-53C72338D120}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
 FirewallRules: [{F0C4749E-EB53-411B-BEB2-10504A642DC7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
 FirewallRules: [{2B33AE31-E61C-448F-805E-3998ADE7E5EE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
 FirewallRules: [{A644CA76-A584-4E5D-BA6E-39D3A9472115}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe] => Enabled:eDSfsu
 StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\encryption.exe] => Enabled:encryption
 StandardProfile\AuthorizedApplications: [C:\Acer\Empowering Technology\eDataSecurity\decryption.exe] => Enabled:decryption
 StandardProfile\AuthorizedApplications: [C:\Angel PDA\Angel PDA 4.exe] => Enabled:Angel PDA
 StandardProfile\AuthorizedApplications: [C:\Angel PDA\PDA Autoupdater.exe] => Enabled:PDA Autoupdater.exe
 StandardProfile\AuthorizedApplications: [C:\ODIN\DIET\DietOdin.exe] => Enabled:Diet Odin 9.1.0.5
 StandardProfile\AuthorizedApplications: [C:\TradeAnywhere\TradeAnywhere.exe] => Enabled:TradeAnywhere.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
 ==================
 Error: (05/26/2015 04:04:27 PM) (Source: Automatic LiveUpdate Scheduler) (EventID: 101) (User: NT AUTHORITY)
 Description: Information Level: error

Initialization of the COM subsystem failed. Error code: 0x80004005

Error: (05/23/2015 00:58:37 PM) (Source: Application Error) (EventID: 1000) (User: )
 Description: Faulting application iexplore.exe, version 8.0.6001.18702, time stamp 0x49b3ad2e, faulting module mshtml.dll, version 8.0.6001.18702, time stamp 0x49b3aeb3, exception code 0xc0000005, fault offset 0x00265067,
 process id 0x14c0, application start time 0xiexplore.exe0.

Error: (05/23/2015 00:33:50 PM) (Source: Automatic LiveUpdate Scheduler) (EventID: 101) (User: NT AUTHORITY)
 Description: Information Level: error

Initialization of the COM subsystem failed. Error code: 0x80004005

Error: (05/23/2015 00:06:34 PM) (Source: usbperf) (EventID: 2004) (User: )
 Description: Usbperf data collection failed. Collect function called with usupported Query Type.

Error: (05/23/2015 00:00:41 PM) (Source: usbperf) (EventID: 2004) (User: )
 Description: Usbperf data collection failed. Collect function called with usupported Query Type.

Error: (05/23/2015 11:58:21 AM) (Source: usbperf) (EventID: 2004) (User: )
 Description: Usbperf data collection failed. Collect function called with usupported Query Type.

Error: (05/23/2015 11:58:09 AM) (Source: Perflib) (EventID: 1008) (User: )
 Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (05/23/2015 11:58:08 AM) (Source: Perflib) (EventID: 1010) (User: )
 Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (05/23/2015 11:58:08 AM) (Source: Perflib) (EventID: 1008) (User: )
 Description: DFSRC:\Windows\System32\DfsrPerf.dll4

Error: (05/23/2015 11:20:02 AM) (Source: Application Error) (EventID: 1000) (User: )
 Description: Faulting application iexplore.exe, version 8.0.6001.18702, time stamp 0x49b3ad2e, faulting module mshtml.dll, version 8.0.6001.18702, time stamp 0x49b3aeb3, exception code 0xc0000005, fault offset 0x0013e9c6,
 process id 0x1618, application start time 0xiexplore.exe0.

System errors:
 =============
 Error: (05/26/2015 04:00:59 PM) (Source: DCOM) (EventID: 10005) (User: )
 Description: 1068upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (05/26/2015 03:59:14 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
 Description: The print spooler failed to share printer Epson Stylus Photo 810 (M) with shared resource name Epson Stylus Photo 810 (M). Error 2114. The printer cannot be used by others on the network.

Error: (05/26/2015 03:59:14 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
 Description: The print spooler failed to share printer Foxit Phantom Printer with shared resource name Foxit Phantom Printer. Error 2114. The printer cannot be used by others on the network.

Error: (05/26/2015 03:59:14 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
 Description: The print spooler failed to share printer HP Deskjet 3920/3940 with shared resource name HP Deskjet 39203940. Error 2114. The printer cannot be used by others on the network.

Error: (05/26/2015 03:57:48 PM) (Source: ACPI) (EventID: 6) (User: )
 Description: IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 6, function 0.
 Please contact your system vendor for technical assistance.

Error: (05/26/2015 03:57:48 PM) (Source: ACPI) (EventID: 6) (User: )
 Description: IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 2, function 0.
 Please contact your system vendor for technical assistance.

Error: (05/23/2015 00:30:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
 Description: Windows Media Player Network Sharing ServiceUPnP Device Host%%1068

Error: (05/23/2015 00:30:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
 Description: UPnP Device HostSSDP Discovery%%1058

Error: (05/23/2015 00:30:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
 Description: i8042prt

Error: (05/23/2015 00:30:25 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
 Description: Diagnostic Service Host

Microsoft Office:
 =========================
 Error: (10/26/2009 09:41:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
 Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 114 seconds with 60 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
 ===================================
   Date: 2015-05-26 18:09:50.962
   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-26 18:09:50.852
   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-26 18:09:50.759
   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-26 18:09:50.665
   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-26 18:09:50.509
   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-26 18:09:50.431
   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-26 18:09:50.338
   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-26 18:09:50.228
   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-26 17:49:15.551
   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-26 17:49:15.473
   Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Genuine Intel® CPU 2140 @ 1.60GHz
 Percentage of memory in use: 54%
 Total physical RAM: 2045.88 MB
 Available physical RAM: 925.43 MB
 Total Pagefile: 4325 MB
 Available Pagefile: 3360.45 MB
 Total Virtual: 2047.88 MB
 Available Virtual: 1924.61 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:111.7 GB) (Free:11.51 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 Drive d: (DATA) (Fixed) (Total:111.43 GB) (Free:51.87 GB) NTFS
 Drive f: () (Fixed) (Total:0.04 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
 Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 08A606E7)
 Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
 Partition 2: (Active) - (Size=111.7 GB) - (Type=06)
 Partition 3: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
 Disk: 1 (Size: 40 MB) (Disk ID: 585D5A07)
 Partition 1: (Active) - (Size=40 MB) - (Type=0B)

==================== End of log ============================



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:08 PM

Posted 28 May 2015 - 07:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
CloseProcesses:

HKLM\...\Run: [Acer Tour] => [X]
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [] => [X]
HKLM\...\Run: [dplaysvr] => C:\Users\User\AppData\Local\dplaysvr.exe
HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\Run: [Acer Tour Reminder] => [X]
HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [NBHShellExt] -> {8D2223A2-B3C6-4e32-B096-CDD11F628C60} =>  No File
URLSearchHook: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll (Yahoo! Inc.)
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll [2014-07-29] (Yahoo! Inc.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG8\avgssie.dll No File
BHO: No Name -> {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} ->  No File
BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} ->  No File
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll [2014-07-29] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKU\S-1-5-21-3241121675-3820270717-1873967838-1000 -> No Name - {EA6BF496-A4A3-40BB-9A5C-A510DB132EE0} -  No File
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5tzxolvf.default\user.js [2013-01-05]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-05-17]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-05-17]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-05-17]
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2012-04-08]
CHR Extension: (Freemake Video Converter) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-02-08]
CHR HKLM\...\Chrome\Extension: [fcoadpabahabkmdndndlimfikephnoka] - C:\Users\User\AppData\Local\CRE\fcoadpabahabkmdndndlimfikephnoka.crx [2012-06-07]
CHR HKLM\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2012-04-08]
CHR HKU\S-1-5-21-3241121675-3820270717-1873967838-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcoadpabahabkmdndndlimfikephnoka] - C:\Users\User\AppData\Local\CRE\fcoadpabahabkmdndndlimfikephnoka.crx [2012-06-07]
S2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S2 LiveUpdate Notice Ex; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U3 navapsvc; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U3 SAVRT; No ImagePath
U1 SAVRTPEL; No ImagePath
U2 srservice; No ImagePath
U3 TlntSvr; No ImagePath
C:\Users\User\AppData\Local\dplaysvr.exe
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
C:\Users\User\AppData\Local\CRE\fcoadpabahabkmdndndlimfikephnoka.crx
C:\Program Files\Freemake
C:\Users\User\AppData\Local\CRE\fcoadpabahabkmdndndlimfikephnoka.crx

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:08 PM

Posted 02 June 2015 - 07:31 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users