Jump to content

Tojan.agent.fufv


Recommended Posts

MBAM found two instances of this on my computer, it was connected with the uninstaller for Winrar. I've run a good few scans using both MBAM and Avast, including boot time scans and the deepest scans I can possibly do since downloading this program and nothing was ever detected until now. I've had the program for a few months.

 

I'm curious how this was either missed or how it attached itself to the uninstaller, or whether it was a false positive? Should I now be changing all my log in info?

 

I also can't find Winrar in the add/remove programs options anymore, I'd like the option to be rid of the whole program if necessary, but it doesn't seem to be as straightforward as I'd like.

 

Any help and advice gratefully received :)

 

P.s I attached a copy of the log that found the infection, I'm not sure if this is useful or not but I'd rather post it and it be useless than someone need it and it be missing.

 

mbam-log-2013-10-06 (13-42-36).txt

Link to post
Share on other sites

See if you can remove the application with RevoUninstaller..

 

download and install Revo Uninstaller Free

 

  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • When prompted click on Yes and then on next.
  • Put a check on any folders that are found and select delete
  • When prompted select yes then on next
  • Once done click Finish.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Owner (administrator) on OWNER-PC on 06-10-2013 16:05:22
Running from C:\Users\Owner\Downloads
Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-09-02] (Realtek Semiconductor)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
MountPoints2: {3fe43a68-bd8f-11de-bf9b-001fc6719ae5} - J:\AutoRun.exe
MountPoints2: {3fe43a97-bd8f-11de-bf9b-001fc6719ae5} - J:\AutoRun.exe
MountPoints2: {737119b6-be37-11de-9272-806e6f6e6963} - J:\AutoRun.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Conime] - C:\Windows\SysWOW64\conime.exe [69120 2009-04-11] (Microsoft Corporation)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.talktalk.co.uk
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {11111111-22222-3333-4444-5555555} URL = http://www.talktalk.co.uk/search/results.html?query={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2pdscrqf.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2pdscrqf.default\searchplugins\talktalk-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: British English Dictionary - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2pdscrqf.default\Extensions\en-GB@dictionaries.addons.mozilla.org
FF Extension: HTTPS-Everywhere - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2pdscrqf.default\Extensions\https-everywhere@eff.org
FF Extension: Bullguard Virus Scan - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2pdscrqf.default\Extensions\virusscan@bullguard.com
FF Extension: horntracker - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2pdscrqf.default\Extensions\horntracker@horntracker.com.xpi
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2pdscrqf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

S3 adiusbaw; C:\Windows\System32\DRIVERS\adiusbawx64.sys [166936 2007-01-10] (Analog Devices Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [59144 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-02] ()
R2 VBoxDRV; F:\VirtualBox\Portable-VirtualBox\app64\drivers\VBoxDrv\VBoxDrv.sys [237840 2013-04-12] (Oracle Corporation)
R2 VBoxDRV; F:\VirtualBox\Portable-VirtualBox\app64\drivers\VBoxDrv\VBoxDrv.sys [237840 2013-04-12] (Oracle Corporation)
R2 VBoxUSBMon; F:\VirtualBox\Portable-VirtualBox\app64\drivers\USB\filter\VBoxUSBMon.sys [120080 2013-04-12] (Oracle Corporation)
R2 VBoxUSBMon; F:\VirtualBox\Portable-VirtualBox\app64\drivers\USB\filter\VBoxUSBMon.sys [120080 2013-04-12] (Oracle Corporation)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-06 16:04 - 2013-10-06 16:04 - 00000000 ____D C:\FRST
2013-10-06 16:03 - 2013-10-06 16:03 - 01954124 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2013-10-06 15:52 - 2013-10-06 15:52 - 00001099 _____ C:\Users\Owner\Desktop\Revo Uninstaller.lnk
2013-10-06 15:52 - 2013-10-06 15:52 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-10-06 15:51 - 2013-10-06 15:51 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Owner\Desktop\revosetup.exe
2013-10-06 15:49 - 2013-10-06 15:49 - 00001160 _____ C:\Users\Owner\Desktop\checkup.txt
2013-10-06 15:42 - 2013-10-06 15:42 - 00891167 _____ C:\Users\Owner\Desktop\SecurityCheck.exe
2013-10-06 14:37 - 2013-10-06 14:37 - 00000330 _____ C:\Windows\PFRO.log
2013-10-05 15:42 - 2013-10-05 15:42 - 00000000 ____D C:\Users\Owner\Downloads\Games
2013-09-29 20:32 - 2013-09-29 20:32 - 00000262 _____ C:\Users\Owner\Desktop\subsinfo.txt
2013-09-28 14:27 - 2013-09-28 14:30 - 00000000 ____D C:\Users\Owner\Desktop\New Folder
2013-09-19 13:42 - 2013-09-19 13:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-13 19:30 - 2013-09-13 19:30 - 00000000 ____D C:\Windows\PCHEALTH
2013-09-13 19:16 - 2013-08-08 03:03 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 19:16 - 2013-08-03 05:30 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 19:16 - 2013-08-03 05:28 - 05731328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 19:16 - 2013-08-03 05:28 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-13 19:16 - 2013-08-03 05:27 - 07051776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 19:16 - 2013-08-03 05:27 - 00377856 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 19:16 - 2013-08-03 05:26 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-09-13 19:16 - 2013-08-03 05:24 - 01177600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 19:16 - 2013-08-03 05:22 - 06119424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 19:16 - 2013-08-03 05:22 - 03625984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 19:16 - 2013-08-03 05:22 - 00479744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-13 19:16 - 2013-08-03 05:22 - 00271872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 19:16 - 2013-08-03 05:21 - 00019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\corpol.dll
2013-09-13 19:16 - 2013-07-16 10:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-13 19:16 - 2013-07-16 05:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2013-09-13 19:15 - 2013-08-03 05:31 - 01032192 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 19:15 - 2013-08-03 05:30 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-13 19:15 - 2013-08-03 05:28 - 01129984 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-09-13 19:15 - 2013-08-03 05:28 - 00623104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 19:15 - 2013-08-03 05:28 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 19:15 - 2013-08-03 05:27 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-13 19:15 - 2013-08-03 05:27 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-13 19:15 - 2013-08-03 05:27 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-13 19:15 - 2013-08-03 05:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 19:15 - 2013-08-03 05:24 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-13 19:15 - 2013-08-03 05:23 - 00671232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2013-09-13 19:15 - 2013-08-03 05:22 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 19:15 - 2013-08-03 05:22 - 00380928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-09-13 19:15 - 2013-08-03 05:22 - 00193024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-09-13 19:15 - 2013-08-03 05:22 - 00180736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-13 19:15 - 2013-08-03 05:22 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 19:15 - 2013-08-03 03:59 - 00485376 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-13 19:15 - 2013-08-03 03:32 - 00389632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-09-13 19:15 - 2013-08-03 03:21 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 19:15 - 2013-08-03 03:05 - 01383424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-09 14:50 - 2013-09-09 14:46 - 01200937 _____ C:\Windows\unins000.exe
2013-09-08 21:06 - 2013-09-08 21:06 - 00000000 ____D C:\Users\Owner\Downloads\Estpolis Biographies (Lufia, Lufia II OST)

==================== One Month Modified Files and Folders =======

2013-10-06 16:04 - 2013-10-06 16:04 - 00000000 ____D C:\FRST
2013-10-06 16:03 - 2013-10-06 16:03 - 01954124 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2013-10-06 16:01 - 2011-03-17 22:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
2013-10-06 15:52 - 2013-10-06 15:52 - 00001099 _____ C:\Users\Owner\Desktop\Revo Uninstaller.lnk
2013-10-06 15:52 - 2013-10-06 15:52 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-10-06 15:51 - 2013-10-06 15:51 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Owner\Desktop\revosetup.exe
2013-10-06 15:49 - 2013-10-06 15:49 - 00001160 _____ C:\Users\Owner\Desktop\checkup.txt
2013-10-06 15:42 - 2013-10-06 15:42 - 00891167 _____ C:\Users\Owner\Desktop\SecurityCheck.exe
2013-10-06 15:18 - 2013-08-08 10:13 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-06 14:42 - 2013-06-16 12:09 - 01114963 _____ C:\Windows\WindowsUpdate.log
2013-10-06 14:37 - 2013-10-06 14:37 - 00000330 _____ C:\Windows\PFRO.log
2013-10-06 14:37 - 2013-09-02 12:46 - 00000284 _____ C:\Windows\Tasks\Driver Booster Update.job
2013-10-06 14:37 - 2013-08-08 10:13 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-06 14:37 - 2008-12-03 15:49 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-10-06 14:37 - 2006-11-02 16:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-06 14:37 - 2006-11-02 16:22 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-06 14:37 - 2006-11-02 16:22 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-06 14:35 - 2006-11-02 16:42 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-06 14:34 - 2013-05-18 08:33 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-10-06 12:28 - 2008-09-05 18:51 - 00002950 _____ C:\Windows\System32\Tasks\{ABAC9E7F-C64B-410C-88F6-98FC1280260C}
2013-10-06 12:27 - 2013-09-02 12:46 - 00003216 _____ C:\Windows\System32\Tasks\Driver Booster Scan
2013-10-06 12:27 - 2013-09-02 12:46 - 00002560 _____ C:\Windows\System32\Tasks\Driver Booster Update
2013-10-06 12:26 - 2008-12-27 13:21 - 00003964 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3F422734-28DA-4D06-88E2-ACECFAB07FC0}
2013-10-06 12:26 - 2008-12-27 13:21 - 00000418 ____H C:\Windows\Tasks\User_Feed_Synchronization-{3F422734-28DA-4D06-88E2-ACECFAB07FC0}.job
2013-10-06 12:25 - 2013-03-10 19:56 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-10-05 15:51 - 2011-03-01 11:27 - 00054568 _____ C:\Windows\system32\spsys.log
2013-10-05 15:42 - 2013-10-05 15:42 - 00000000 ____D C:\Users\Owner\Downloads\Games
2013-10-05 12:29 - 2013-06-23 13:23 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Media Player Classic
2013-10-05 12:29 - 2011-04-26 17:16 - 00000000 ____D C:\Program Files\CCleaner
2013-09-30 09:19 - 2012-11-19 19:58 - 00005240 _____ C:\Users\Owner\Desktop\Fleet priority list.txt
2013-09-29 20:32 - 2013-09-29 20:32 - 00000262 _____ C:\Users\Owner\Desktop\subsinfo.txt
2013-09-29 09:31 - 2012-09-15 12:28 - 00000000 ____D C:\Users\Owner\Downloads\Misc
2013-09-28 14:30 - 2013-09-28 14:27 - 00000000 ____D C:\Users\Owner\Desktop\New Folder
2013-09-28 13:59 - 2006-11-02 13:46 - 00705244 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-27 15:44 - 2013-05-12 15:38 - 00000000 ____D C:\Users\Owner\Documents\ezvid
2013-09-27 15:44 - 2008-12-03 15:16 - 00038400 _____ C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-26 17:45 - 2010-08-28 15:00 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2013-09-26 17:44 - 2012-08-04 18:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-26 17:44 - 2012-06-13 13:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-19 17:52 - 2012-04-26 14:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-19 13:42 - 2013-09-19 13:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-13 19:50 - 2006-11-02 16:21 - 00369296 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 19:42 - 2013-07-21 16:03 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 19:40 - 2006-11-02 13:35 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-13 19:39 - 2010-11-13 13:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 19:35 - 2006-11-02 13:34 - 00000219 _____ C:\Windows\win.ini
2013-09-13 19:30 - 2013-09-13 19:30 - 00000000 ____D C:\Windows\PCHEALTH
2013-09-13 16:28 - 2010-12-19 13:35 - 00000000 ____D C:\Users\Owner\Desktop\Shortcuts
2013-09-12 20:22 - 2008-12-26 21:24 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-12 16:09 - 2013-08-08 08:16 - 00002017 _____ C:\Users\Owner\Desktop\PC stuffys I wants.txt
2013-09-09 14:50 - 2013-05-12 15:38 - 00135369 _____ C:\Windows\unins000.dat
2013-09-09 14:50 - 2013-05-12 15:37 - 00000000 ____D C:\Program Files (x86)\ezvid
2013-09-09 14:46 - 2013-09-09 14:50 - 01200937 _____ C:\Windows\unins000.exe
2013-09-08 21:06 - 2013-09-08 21:06 - 00000000 ____D C:\Users\Owner\Downloads\Estpolis Biographies (Lufia, Lufia II OST)

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-06 15:09

==================== End Of Log ============================

Link to post
Share on other sites

Open CCleaner select > Tools > Start up > Context Menu Tab. That will open the Context menu. Highlight the WinRar entry > select > disable, same again then Delete...

 

Next,

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download Zoek.zip from here www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop.

 

Double click zip file and extract to your  Desktop:

 

 

Zoekd.jpg

 

 

you will now have 3 versions of the tool on the Desktop:

 

 

Zoeke.jpg

 

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html[/url

 

Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open:

 

 

Zoekb.jpg

 

 

Copy and paste the following script from the code box and paste into the field.

 

 

Process;emptyclsid;firefoxlook;FFdefaultsChromelook;CHRdefaults;autoclean;iedefaults;filesrcm;startupall;silentrunners;

 

 

Select the "Run Script" tab. The following window will open:

 

 

 

Zoekc.jpg

 

 

 

Please be patient and do not use the PC when the scan is in progress.

 

When complete you maybe asked to re-boot your PC, if so please do

 

Zoekf.jpg

 

Post the produced log in your next reply…..

 

Let me know if CCleaner works, also post logs from FRST and Zoek...

 

Kevin

fixlist.txt

Link to post
Share on other sites

Thanks for the help so far Kevin, CCleaner worked wonderfully :)

 

FIxlog -

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by Owner at 2013-10-06 16:56:46 Run:1
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Task: {E9DCE896-75B7-4F45-8D58-07846CC4B60A} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2013-08-30] (IObit)
Task: C:\Windows\Tasks\Driver Booster Update.job => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
C:\Program Files (x86)\IObit
C:\Program Files (x86)\WinRAR
End

*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E9DCE896-75B7-4F45-8D58-07846CC4B60A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9DCE896-75B7-4F45-8D58-07846CC4B60A} => Key deleted successfully.
C:\Windows\System32\Tasks\Driver Booster Scan => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scan => Key deleted successfully.
C:\Windows\Tasks\Driver Booster Update.job => Moved successfully.
C:\Program Files (x86)\IObit => Moved successfully.
C:\Program Files (x86)\WinRAR => Moved successfully.

==== End of Fixlog ====

 

Zoek -

Zoek.exe Version 4.0.0.4 Updated 27-September-2013
Tool run by Owner on 06/10/2013 at 17:01:52.44.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Owner\Desktop\zoek.exe [script inserted]

==== System Restore Info ======================

06/10/2013 17:02:28 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Owner\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2pdscrqf.default

user.js not found
---- Lines ask.com removed from prefs.js ----

user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

---- Lines ask.com modified from prefs.js ----


---- Lines crossrider removed from prefs.js ----


---- Lines crossrider modified from prefs.js ----


---- Lines Search-Results removed from prefs.js ----


---- Lines Search-Results modified from prefs.js ----


---- FireFox user.js and prefs.js backups ----

prefs_102013_1707_.backup

==== Deleting Files \ Folders ======================

"C:\Users\Owner\AppData\Local\{6C30D079-B4F3-40EE-9666-FBFA86BE64C4}" deleted
"C:\Users\Owner\WMIDiag.vbs" deleted
"C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2pdscrqf.default\searchplugins\talktalk-search.xml" deleted
"C:\Program Files (x86)\Coupon Companion Plugin" deleted
"C:\Program Files (x86)\PC Speed Up" deleted
"C:\Users\Owner\AppData\Local\Updater21804" deleted
"C:\Users\Owner\AppData\Local\Coupon Companion Plugin" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2013-09-09 13:50:24    0108B01A11F9DBEFFA1793D93326B454    1200937    ----a-w-    C:\Windows\unins000.exe
====== C:\Users\Owner\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2013-10-06 14:52:19    --------    d-----w-    C:\Program Files (x86)\VS Revo Group
======= C: =====
====== C:\Users\Owner\AppData\Roaming ======
2013-10-06 14:52:19    --------    d-----w-    C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
====== C:\Users\Owner ======
2013-10-06 15:03:14    D1526222FC4394CA4AD5A78327627D1B    1954124    ----a-w-    C:\Users\Owner\Downloads\FRST64.exe
2013-10-06 14:51:19    4F99CAE27FFD46712E65C21444AACDFC    2623656    ----a-w-    C:\Users\Owner\Desktop\revosetup.exe
2013-09-30 23:06:02    122A32A068A76C220AD47B3C2780407C    1263104    ----a-w-    C:\Users\Owner\Desktop\Z-Analyse.exe

====== C: exe-files ==
2013-10-06 15:03:14    D1526222FC4394CA4AD5A78327627D1B    1954124    ----a-w-    C:\Users\Owner\Downloads\FRST64.exe
2013-10-06 14:52:20    761102A9B90EC601E8B3071120063D74    87550    ----a-w-    C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
2013-10-06 14:51:19    4F99CAE27FFD46712E65C21444AACDFC    2623656    ----a-w-    C:\Users\Owner\Desktop\revosetup.exe
2013-10-06 12:18:25    046447A4F4455DEC05A234831DC1457D    1123680    ----a-w-    C:\Program Files (x86)\Google\Update\Install\{BF10B7DB-8545-40D5-A110-50B67845316E}\30.0.1599.69_30.0.1599.66_chrome_updater.exe
2013-10-06 12:18:25    046447A4F4455DEC05A234831DC1457D    1123680    ----a-w-    C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\30.0.1599.69\30.0.1599.69_30.0.1599.66_chrome_updater.exe
2013-09-30 23:06:02    122A32A068A76C220AD47B3C2780407C    1263104    ----a-w-    C:\Users\Owner\Desktop\Z-Analyse.exe
=== C: other files ==
2013-10-06 15:01:34    CBF9C44A4C35599989CA8BDA97DDC586    77    ----a-w-    C:\Users\Owner\AppData\Local\Temp\uttAC76.tmp.bat
2013-09-30 13:02:08    C89FFD7270A07F8026CEB6FE4E83DBA0    10279290    ----a-w-    C:\Users\Owner\Downloads\Programs\TL-WR841ND_EasySetupAssistant.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-21-536007661-2891304337-924664781-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Conime"="%windir%\system32\conime.exe"
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Akamai NetSession Interface"
"hkey"="HKCU"
"command"="\"C:\\Users\\Owner\\AppData\\Local\\Akamai\\netsession_win.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BCSSync"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EKStatusMonitor]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EKStatusMonitor"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Kodak\\AiO\\StatusMonitor\\EKStatusMonitor.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Owner\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes' Anti-Malware]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Malwarebytes' Anti-Malware"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamgui.exe\" /starttray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Sidebar"
"hkey"="HKCU"
"command"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Xvid]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Xvid"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Xvid\\CheckUpdate.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Kodak AiO Network Discovery Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Kodak AiO Status Monitor Service]


==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/08/2013 10:13]
C:\Windows\tasks\User_Feed_Synchronization-{3F422734-28DA-4D06-88E2-ACECFAB07FC0}.job --ah----- [undetermined Task]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2pdscrqf.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- British English Dictionary - %ProfilePath%\extensions\en-GB@dictionaries.addons.mozilla.org
- HTTPS-Everywhere - %ProfilePath%\extensions\https-everywhere@eff.org
- Bullguard Virus Scan - %ProfilePath%\extensions\virusscan@bullguard.com
- HornTracker - %ProfilePath%\extensions\horntracker@horntracker.com.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2pdscrqf.default
E5AF72B7353FF8D431A7C463A4229524    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll -    Shockwave Flash
14CD860D11E8BB5AB7E192A9062CB432    - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2pdscrqf.default\extensions\virusscan@bullguard.com\plugins\npbgvscan.dll -    BullGuard Virus Scan
AB87EEFFD18F2BAAFC274E7075EA6C67    - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -    Windows Presentation Foundation / Windows Presentation Foundation


==== Chrome Look ======================

Google Docs - Owner - Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Owner - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Owner - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Last updated at time on date - Owner - Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - Owner - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Chrome In-App Payments service - Owner - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Owner - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512  Url="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"
{11111111-22222-3333-4444-5555555} TalkTalk Search Url="http://www.talktalk.co.uk/search/results.html?query={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully

==== Silent Runners ======================

"Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
ehTray.exe = C:\Windows\ehome\ehTray.exe [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
Windows Defender = C:\Program Files\Windows Defender\MSASCui.exe -hide
RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
Conime = %windir%\system32\conime.exe [MS]
avast = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [AVAST Software]
BCSSync = "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\(Default) = (no title provided)
  -> {HKLM...CLSID} = avast! Online Security
                   \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [AVAST Software]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Groove GFS Browser Helper
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
  -> {HKLM...Wow...CLSID} = Groove GFS Browser Helper
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
  -> {HKLM...CLSID} = Office Document Cache Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS]
  -> {HKLM...Wow...CLSID} = Office Document Cache Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Groove GFS Browser Helper
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
  -> {HKLM...Wow...CLSID} = Groove GFS Browser Helper
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = (no title provided)
  -> {HKLM...Wow...CLSID} = avast! Online Security
                         \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
  -> {HKLM...CLSID} = Office Document Cache Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS]
  -> {HKLM...Wow...CLSID} = Office Document Cache Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
  -> {HKLM...CLSID} = avast
                   \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]

Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7}
  -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
  -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399}
  -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619}
  -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
  -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7}
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399}
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619}
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class
  -> {HKLM...CLSID} = DesktopContext Class
                   \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM...CLSID} = Microsoft Office Metadata Handler
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension
  -> {HKLM...CLSID} = Workspaces
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
  -> {HKLM...CLSID} = ImageExtractorShellExt Class
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]

{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
  -> {HKLM...CLSID} = CInfoTipShellExt Class
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper
  -> {HKLM...CLSID} = Groove GFS Browser Helper
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

{6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler
  -> {HKLM...CLSID} = Groove GFS Context Menu Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar
  -> {HKLM...CLSID} = Groove Folder Synchronization
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

{16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder)
  -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
  -> {HKLM...CLSID} = Groove GFS Stub Execution Hook
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

{A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler
  -> {HKLM...CLSID} = Groove GFS Stub Icon Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub)
  -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

{920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
  -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
  -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

{99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
  -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

{387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler
  -> {HKLM...CLSID} = Groove XML Icon Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} = Nameext
  -> {HKLM...CLSID} = Enterprise Projects
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL [MS]

{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS]

{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension
  -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension
                   \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation]

{5BD933E7-F18F-4D3B-A16B-B1A40B04764E} = KodakPrintShellExtensionNative
  -> {HKLM...CLSID} = KodakPrintShellExtensionNative
                   \InProcServer32\(Default) = C:\Program Files (x86)\Kodak\AiO\Center\Inkjet.ShellExtension.Native_Win64.dll [Eastman Kodak Company]

{472083B0-C522-11CF-8763-00608CC02F24} = avast
  -> {HKLM...CLSID} = avast
                   \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]

{c5aec3ec-e812-4677-a9a7-4fee1f9aa000} = Icaros Thumbnail Provider
  -> {HKLM...CLSID} = Icaros Thumbnail Provider
                   \InProcServer32\(Default) = C:\Program Files\K-Lite Codec Pack x64\Icaros\IcarosThumbnailProvider.dll [Tabibito Technology]

{0c08e2bb-d10b-4cc9-b1b3-701f5be9d6ec} = IcarosPropertyHandler
  -> {HKLM...CLSID} = IcarosPropertyHandler.IcarosPropertyHandler
                   \InProcServer32\(Default) = mscoree.dll [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{00020d75-0000-0000-c000-000000000046} = Microsoft Outlook Desktop Icon Handler
  -> {HKLM...Wow...CLSID} = Microsoft Outlook
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\MLSHEXT.DLL [MS]

{640167b4-59b0-47a6-b335-a6b3c0695aea} = Portable Media Devices
  -> {HKLM...Wow...CLSID} = Portable Media Devices
                         \InProcServer32\(Default) = C:\Windows\system32\audiodev.dll [file not found]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\OFFICE11\msohev.dll [MS]

{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension
  -> {HKLM...Wow...CLSID} = Workspaces
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM...Wow...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL [MS]

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
  -> {HKLM...Wow...CLSID} = ImageExtractorShellExt Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]

{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
  -> {HKLM...Wow...CLSID} = CInfoTipShellExt Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper
  -> {HKLM...Wow...CLSID} = Groove GFS Browser Helper
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

{6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler
  -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar
  -> {HKLM...Wow...CLSID} = Groove Folder Synchronization
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

{16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder)
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
  -> {HKLM...Wow...CLSID} = Groove GFS Stub Execution Hook
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

{A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler
  -> {HKLM...Wow...CLSID} = Groove GFS Stub Icon Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub)
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

{920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

{99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

{387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler
  -> {HKLM...Wow...CLSID} = Groove XML Icon Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
  -> {HKLM...Wow...CLSID} = Outlook File Icon Extension
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{472083B0-C522-11CF-8763-00608CC02F24} = avast
  -> {HKLM...Wow...CLSID} = avast
                         \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension
  -> {HKLM...Wow...CLSID} = WinRAR
                         \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext.dll [file not found]

{c5aec3ec-e812-4677-a9a7-4fee1f9aa000} = Icaros Thumbnail Provider
  -> {HKLM...Wow...CLSID} = Icaros Thumbnail Provider
                         \InProcServer32\(Default) = C:\Program Files (x86)\K-Lite Codec Pack\Icaros\IcarosThumbnailProvider.dll [Tabibito Technology]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
  -> {HKLM...CLSID} = Groove GFS Stub Execution Hook
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
  -> {HKLM...CLSID} = Groove GFS Stub Execution Hook
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945}
  -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
  -> {HKLM...CLSID} = avast
                   \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]
  -> {HKLM...Wow...CLSID} = avast
                         \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM...CLSID} = Groove GFS Context Menu Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
  -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\Wow6432Node\*\shellex\ContextMenuHandlers\

avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
  -> {HKLM...CLSID} = avast
                   \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]
  -> {HKLM...Wow...CLSID} = avast
                         \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM...CLSID} = Groove GFS Context Menu Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
  -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
  -> {HKLM...CLSID} = avast
                   \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]
  -> {HKLM...Wow...CLSID} = avast
                         \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM...CLSID} = Groove GFS Context Menu Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
  -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\Wow6432Node\AllFilesystemObjects\shellex\ContextMenuHandlers\

00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
  -> {HKLM...CLSID} = avast
                   \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]
  -> {HKLM...Wow...CLSID} = avast
                         \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM...CLSID} = Groove GFS Context Menu Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
  -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM...CLSID} = Groove GFS Context Menu Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
  -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\Wow6432Node\Directory\shellex\ContextMenuHandlers\

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM...CLSID} = Groove GFS Context Menu Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
  -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}
  -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension
                   \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM...CLSID} = Groove GFS Context Menu Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
  -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\Wow6432Node\Directory\Background\shellex\ContextMenuHandlers\

NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}
  -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension
                   \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM...CLSID} = Groove GFS Context Menu Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
  -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
  -> {HKLM...Wow...CLSID} = PDF Shell Extension
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Wow6432Node\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
  -> {HKLM...Wow...CLSID} = PDF Shell Extension
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
  -> {HKLM...CLSID} = avast
                   \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]
  -> {HKLM...Wow...CLSID} = avast
                         \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [file not found]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM...Wow...CLSID} = WinRAR
                         \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext.dll [file not found]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM...CLSID} = Groove GFS Context Menu Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
  -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\Wow6432Node\Folder\shellex\ContextMenuHandlers\

avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
  -> {HKLM...CLSID} = avast
                   \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]
  -> {HKLM...Wow...CLSID} = avast
                         \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [file not found]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM...Wow...CLSID} = WinRAR
                         \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext.dll [file not found]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM...CLSID} = Groove GFS Context Menu Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
  -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [file not found]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM...Wow...CLSID} = WinRAR
                         \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext.dll [file not found]

HKLM\SOFTWARE\Classes\Wow6432Node\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [file not found]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM...Wow...CLSID} = WinRAR
                         \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext.dll [file not found]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
Wallpaper = C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
SCRNSAVE.EXE = C:\Windows\system32\Aurora.scr [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSRipCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.RipCD
InvokeVerb = Rip
HKLM\SOFTWARE\Classes\WMP.RipCD\shell\Rip\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /RipAudioCD "%L"  [MS]

MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L"  [MS]

MSWMPBurnDataDVDArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnDVD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnDVD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:DVDWrite /Device:"%L"  [MS]


Windows Sidebar Gadgets: {++}
------------------------

C:\Users\Owner\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CCPU.Gadget"
"C:%5CUsers%5COwner%5CAppData%5CLocal%5CMicrosoft%5CWindows%20Sidebar%5CGadgets%5CNetwork_Meter_V8.1.gadget"
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CShared%20Gadgets%5CaswSidebar.gadget"


Non-disabled Scheduled Tasks: {++}
-----------------------------

C:\Windows\System32\Tasks
avast! Emergency Update -> (HIDDEN!) launches: C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [AVAST Software]
CCleanerSkipUAC ->  launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd]
GoogleUpdateTaskMachineCore ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
User_Feed_Synchronization-{3F422734-28DA-4D06-88E2-ACECFAB07FC0} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS]

C:\Windows\System32\Tasks\ASUS
ASUS RegRun Loader ->  launches: C:\Program Files (x86)\ASUS\AASP\1.01.02\AsLoader.exe -Run [ASUSTeK Computer Inc.]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) ->  launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
  -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
  -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask ->  launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask-Roam ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator ->  launches: %SystemRoot%\System32\wsqmcons.exe [MS]
OptinNotification ->  launches: %SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0 [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ManualDefrag ->  launches: %windir%\system32\defrag.exe \\?\Volume{87b6b9af-7a8b-11dd-9f4c-806e6f6e6963}\ [MS]
ScheduledDefrag ->  launches: %windir%\system32\defrag.exe -c -i -g [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ehDRMInit ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
mcupdate ->  launches: %SystemRoot%\ehome\mcupdate $(Arg0) -gc [MS]
OCURActivate ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery [MS]
UpdateRecordPath ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart ->  launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
  -> {HKLM...CLSID} = HotStart User Agent
                   \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]
TMM ->  launches: {35EF4182-F900-4632-B072-8639E4478A61}
  -> {HKLM...CLSID} = Transient Multi-Monitor Manager
                   \InProcServer32\(Default) = C:\Windows\System32\TMM.dll [MS]
  -> {HKLM...Wow...CLSID} = Transient Multi-Monitor Manager
                         \InProcServer32\(Default) = C:\Windows\System32\TMM.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove ->  launches: %windir%\system32\lpremove.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService ->  launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
  -> {HKLM...CLSID} = Microsoft PlaySoundService Class
                   \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
  -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
                         \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection
NAPStatus UI ->  launches: {f09878a1-4652-4292-aa63-8c7d4fd7648f}
  -> {HKLM...CLSID} = Nap ITask Handler Implementation
                   \InProcServer32\(Default) = C:\Windows\System32\QAgent.dll [MS]
  -> {HKLM...Wow...CLSID} = Nap ITask Handler Implementation
                         \InProcServer32\(Default) = C:\Windows\System32\QAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RACAgent -> (HIDDEN!) launches: %windir%\system32\RacAgent.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Shell
CrawlStartPages ->  launches: {51653423-e62d-4ff7-894a-dabb2b8e21e2}
  -> {HKLM...CLSID} = CrawlStartPages Task Handler
                   \InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS]
  -> {HKLM...Wow...CLSID} = CrawlStartPages Task Handler
                         \InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager ->  launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
  -> {HKLM...CLSID} = GadgetsManager Class
                   \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR ->  launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 ->  launches: rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 ->  launches: rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]
WSHReset -> (HIDDEN!) launches: %systemroot%\system32\netsh.exe interface tcp set heuristic wsh=default [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
  -> {HKLM...CLSID} = MsCtfMonitor task handler
                   \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
  -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
                         \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig ->  launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
  -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
  -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
                         \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting ->  launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wired
GatherWiredInfo ->  launches: %windir%\system32\gatherWiredInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Wireless
GatherWirelessInfo ->  launches: %windir%\system32\gatherWirelessInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows Defender
MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} = (no title provided)
  -> {HKLM...CLSID} = avast! Online Security
                   \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [AVAST Software]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} = (no title provided)
  -> {HKLM...Wow...CLSID} = avast! Online Security
                         \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software]

Explorer Bars

HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = Se&nd to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
  -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS]

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = OneNote Lin&ked Notes
MenuText = OneNote Lin&ked Notes
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
  -> {HKLM...CLSID} = Linked Notes button
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = Se&nd to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
  -> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [MS]

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = OneNote Lin&ked Notes
MenuText = OneNote Lin&ked Notes
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
  -> {HKLM...Wow...CLSID} = Linked Notes button
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
avast! Antivirus, avast! Antivirus, "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [AVAST Software]
MBAMScheduler, MBAMScheduler, "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [Malwarebytes Corporation]
NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" [NVIDIA Corporation]
XMouseButton Launcher, XMouseButton Launcher, C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [Highresolution Enterprises]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> PEVSystemStart, Service

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> PEVSystemStart, Service


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
KODAK All-in-One Printer\Driver = EKAiO2MON.dll [Eastman Kodak Company]




==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Owner\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Owner\AppData\Local\Mozilla\Firefox\Profiles\2pdscrqf.default\Cache emptied successfully
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2pdscrqf.default\personas\cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Owner\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on 06/10/2013 at 17:14:07.76 ======================
 

Link to post
Share on other sites

Run Malwarebytes, check for updates then run a Quick scan, post that log..

 

Next,

 

Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

 

  • The file will be randomly named
  • Reboot to safe mode
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning
     
    drwebselect.JPG
     
  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats
     
    drwebfolders.JPG
     
  • Press start scan
  • The scan will now commence
     
    drwebscan.JPG
     
  • Once the scan has finished click open report
     
    drwebscancomplete.JPG
     
  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop

 

This log will be excessive, Attach it to your next reply…

 

Let me know how your system is responding, also what issues/concerns remain...

 

Kevin

Link to post
Share on other sites

Yes always good practice to change any/all passwords after an infection has been cleared. Also passwords should always be changed on a regular basis, never just set a password and leave as is....

 

Run this final scan to check security, java, adobe etc...

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

I'll get right on the changing of passwords. Again, many thanks :)

 

 Results of screen317's Security Check version 0.99.74  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
 Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player     11.8.800.168  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (24.0)
 Google Chrome 30.0.1599.66  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSASCui.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Windows Defender MSASCui.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

Link to post
Share on other sites

It will be beneficial to upgrade Internet Explorer from the current version you are using, go to the following link and follow the instructions:

 

http://www.microsoft.com/en-gb/download/internet-explorer-9-details.aspx

 

Next,

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Next,

 

Go here www.adobe.com/shockwave/welcome/ and have Adobe Flashplayer checked. Accept new version if required.

There maybe an offer of Google Chrome etc, untick those options if offered...

 

Let me know if those steps complete ok, also if any remaining issues or concerns...

Link to post
Share on other sites

Ok, as nothing was installed just a matter of deleting tools we`ve used from the Desktop or the Downloads folder, plus any produced logs.

 

If all is ok with no issues here are some tips to reduce the potential for malware infection in the future:

 

Make proper use of your antivirus and firewall

 

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

 

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

 

Install and use WinPatrol from here http://www.winpatrol.com/download.html  This will inform you of any attempted unauthorized changes to your system.

 

WinPatrol features explained here http://www.winpatrol.com/features.html

 

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)

If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

 

Use a safer web browser

 

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

 

FireFox http://www.mozilla.com/en-US/,

 

Opera http://www.opera.com/, and

 

Chrome http://www.google.com/chrome.

 

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

 

These browser add-ons will help to make your browser safer:

 

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

 

Available for Firefox and Internet Explorer.

 

Green to go,

Yellow for caution, and

Red to stop.

 

 

Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

 

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:

http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

 

Here a couple of links by two security experts that will give some excellent tips and advice.

 

So how did I get infected in the first place by Tony Klein from here: http://www.spywareinfoforum.com/index.php?/topic/60955-so-how-did-i-get-infected-in-the-first-place/

 

How to prevent Malware by Miekiemoes from here: http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

 

Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

 

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

 

Let me know when its OK to close out your thread....

 

Take care,

 

Kevin

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.