Jump to content

I want to remove "joywallet malware" from my PC


Recommended Posts

"joywallet malware" on PC which Malwarebytes premium edition has not removed, would appreciate some help please.

 

Accessing Google Chrome settings will not remove "joywallet", below is what I find in Google Settings Extensions.

 


(jollywallet 2.0.7

jollywallet makes you money by giving you cash back when shopping thousands of online merchants Permissions


 


ID: jiekonljbeipfklhchhdjddejaennfnl

(This extension is managed and cannot be removed or disabled.)

Inspect views: background page)



 

Many Thanks

 

Martin7365

Addition.txt

FRST_26-08-2014_19-16-47.txt

Link to post
Share on other sites

  • Staff

Hello Martin7365, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Please backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
     

======================================================
 
STEP 1
BY4dvz9.png.pagespeed.ce.cpqHQmQDB6.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 2
xE3feWj5.png.pagespeed.ic.JE3sJIzHrn.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 3
xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================

STEP 4
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • AdwCleaner[s0].txt
  • JRT.txt
  • FRST.txt
  • Addition.txt
Link to post
Share on other sites

Hi Adam, thanks for helping me on this problem.

 

AdwCleaner Program Run as requested (ok)

 

JRT Program displayed the black box, enter any key to activate scan, the Progress Bars displayed for 2 seconds and disappeared. I waited a few minutes but this program failed to complete, no error messages. I tried again and same thing happened.

However after going back to Google settings/Extensions the malware jollywallet has now gone. The Adware cleaner did bring up one item on its scan and I removed it (Optimiser Pro).

It seems my issue has been solved with your kind help, thank you Adam

 

Kind Regards, Martin

Link to post
Share on other sites

   # AdwCleaner v3.308 - Report created 26/08/2014 at 22:05:27

# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Martin - FAMILY-PC
# Running from : C:\Users\Martin\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : 70e6ca8c
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\ProgramData\Iminent
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\getlyrics
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\Iminent
Folder Deleted : C:\Program Files (x86)\MyWebSearch
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\ShopSave Toolbar
Folder Deleted : C:\Program Files (x86)\xVidly
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Program Files\DomaIQ Uninstaller
Folder Deleted : C:\Users\Callum\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Callum\AppData\Local\iMesh
Folder Deleted : C:\Users\Callum\AppData\Local\WSE Rocket
Folder Deleted : C:\Users\Callum\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Callum\AppData\LocalLow\findr
Folder Deleted : C:\Users\Callum\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Callum\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Callum\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Callum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Deleted : C:\Users\Callum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Conor\AppData\Local\Conduit
Folder Deleted : C:\Users\Conor\AppData\Local\Temp\findr
Folder Deleted : C:\Users\Conor\AppData\Local\Temp\mt_ffx
Folder Deleted : C:\Users\Conor\AppData\Local\Temp\pccustubinstaller
Folder Deleted : C:\Users\Conor\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Conor\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Conor\AppData\LocalLow\findr
Folder Deleted : C:\Users\Conor\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Conor\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Conor\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Conor\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Conor\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Conor\AppData\Roaming\hotspot shield
Folder Deleted : C:\Users\Conor\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Conor\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\Conor\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Conor\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Conor\AppData\Roaming\ValueApps
Folder Deleted : C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Deleted : C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\Users\Julie\AppData\Local\Conduit
Folder Deleted : C:\Users\Julie\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Julie\AppData\LocalLow\findr
Folder Deleted : C:\Users\Julie\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Julie\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Martin\AppData\Local\Conduit
Folder Deleted : C:\Users\Martin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Martin\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Martin\AppData\Roaming\Iminent
Folder Deleted : C:\Users\Martin\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\Martin\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Martin\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Callum\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Folder Deleted : C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Folder Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Folder Deleted : C:\Users\Callum\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Folder Deleted : C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Folder Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Folder Deleted : C:\Users\Callum\AppData\Local\Google\Chrome\User Data\Default\Extensions\fagpjgjmoaccgkkpjeoinehnoaimnbla
Folder Deleted : C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fagpjgjmoaccgkkpjeoinehnoaimnbla
Folder Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fagpjgjmoaccgkkpjeoinehnoaimnbla
Folder Deleted : C:\Users\Callum\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopfcgphfmlgalncbfagpgcgonmfmcb
Folder Deleted : C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopfcgphfmlgalncbfagpgcgonmfmcb
Folder Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopfcgphfmlgalncbfagpgcgonmfmcb
[!] Folder Deleted : C:\Users\Callum\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopfcgphfmlgalncbfagpgcgonmfmcb
[!] Folder Deleted : C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopfcgphfmlgalncbfagpgcgonmfmcb
[!] Folder Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopfcgphfmlgalncbfagpgcgonmfmcb
[!] Folder Deleted : C:\Users\Callum\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopfcgphfmlgalncbfagpgcgonmfmcb
[!] Folder Deleted : C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopfcgphfmlgalncbfagpgcgonmfmcb
[!] Folder Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopfcgphfmlgalncbfagpgcgonmfmcb
[!] Folder Deleted : C:\Users\Callum\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopfcgphfmlgalncbfagpgcgonmfmcb
[!] Folder Deleted : C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopfcgphfmlgalncbfagpgcgonmfmcb
[!] Folder Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopfcgphfmlgalncbfagpgcgonmfmcb
File Deleted : C:\Users\Conor\AppData\Local\CRE\ajopfcgphfmlgalncbfagpgcgonmfmcb.crx
File Deleted : C:\END
File Deleted : C:\Users\Callum\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk
File Deleted : C:\Users\Callum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
File Deleted : C:\Users\Callum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Callum\Desktop\iMesh.lnk
File Deleted : C:\Users\Callum\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\Callum\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\Callum\Desktop\Sync Folder.lnk
File Deleted : C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.golsearch.com_0.localstorage
File Deleted : C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.golsearch.com_0.localstorage-journal
File Deleted : C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www2.delta-search.com_0.localstorage
File Deleted : C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www2.delta-search.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fagpjgjmoaccgkkpjeoinehnoaimnbla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\onpejdpfebeopffobknkodakfphdelnh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ajopfcgphfmlgalncbfagpgcgonmfmcb
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\pricemeterd_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\pricemeterd_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Softonic_downloader_steam_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Softonic_downloader_steam_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\vopackage_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\vopackage_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKCU\Software\5d28ddeb46dbe10
Key Deleted : HKLM\SOFTWARE\5d28ddeb46dbe10
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3240727
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dayz_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dayz_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_surgeon-simulator-2013_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_surgeon-simulator-2013_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220122252255}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155255555}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166256655}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440144254455}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E720452-B472-4954-B7AA-33069EB53906}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{463B0ED4-8AFA-404B-90E7-4063A0708050}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AFB130D4-7DD2-41EB-A9AD-4C90414657F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155255555}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166256655}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\MyWebSearch
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\LyricsContainer
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\AdvertisingSupport
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Delta
Key Deleted : HKLM\SOFTWARE\FocusInteractive
Key Deleted : HKLM\SOFTWARE\Fun Web Products
Key Deleted : HKLM\SOFTWARE\FunWebProducts
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\MyWebSearch
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Video Converter
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Imesh
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NST
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16455
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\Callum\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=1012&systemid=1&v=n13124-392&apn_uid=3371520152514143&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
Deleted [search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=c14831b8-667f-4ed6-9408-e25df5aa9b55&SearchSource=58&CUI=&UM=5&UP=SP56E0DF4B-8AFE-4DE0-828F-08395451BF13&q={searchTerms}&SSPV=
Deleted [startup_urls] : hxxp://www.trovi.com/?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=c14831b8-667f-4ed6-9408-e25df5aa9b55&SearchSource=55&CUI=&UM=5&UP=SP56E0DF4B-8AFE-4DE0-828F-08395451BF13&SSPV=
Deleted [Extension] : abfmigjiaapipflmopkaaooigcjjdojh
Deleted [Extension] : ajopfcgphfmlgalncbfagpgcgonmfmcb
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Deleted [Extension] : fagpjgjmoaccgkkpjeoinehnoaimnbla
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
[ File : C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN95720436308183087&ctid=CT3240727&UM=2
Deleted [search Provider] : hxxp://www.yd.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=64C700FF2EB6EB10&affID=119556&tt=040713_rdrctful&tsp=4937
Deleted [search Provider] : hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_din2g&mntrId=64C700FF2EB6EB10&affID=119556&tt=040713_rdrctful&tsp=4937
Deleted [search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=1012&systemid=1&v=n13124-392&apn_uid=3371520152514143&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
Deleted [Extension] : abfmigjiaapipflmopkaaooigcjjdojh
Deleted [Extension] : ajopfcgphfmlgalncbfagpgcgonmfmcb
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Deleted [Extension] : fagpjgjmoaccgkkpjeoinehnoaimnbla
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
 
[ File : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Extension] : abfmigjiaapipflmopkaaooigcjjdojh
Deleted [Extension] : ajopfcgphfmlgalncbfagpgcgonmfmcb
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Deleted [Extension] : fagpjgjmoaccgkkpjeoinehnoaimnbla
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
[ File : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Extension] : ajopfcgphfmlgalncbfagpgcgonmfmcb
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Deleted [Extension] : fagpjgjmoaccgkkpjeoinehnoaimnbla
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : jiekonljbeipfklhchhdjddejaennfnl
Deleted [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
 
*************************
 
AdwCleaner[R0].txt - [35442 octets] - [26/08/2014 21:52:43]
AdwCleaner[s0].txt - [34444 octets] - [26/08/2014 22:05:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [34505 octets] ##########
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014

Ran by Martin (administrator) on FAMILY-PC on 26-08-2014 22:54:08

Running from C:\Users\Martin\Downloads

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe

(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\zune\ZuneLauncher.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

(Microsoft Corporation) C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe

() C:\Program Files (x86)\wrapper_inst\file_to_run.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe

(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcupdate.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Zune Launcher] => C:\zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)

HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)

HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)

HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

HKU\.DEFAULT\...\Policies\system: [LogonHoursAction] 2

HKU\.DEFAULT\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\Run: [] => [X]

HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)

HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\Run: [VoiceMaster] => [X]

HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)

HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\Run: [Driver Restore] => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe /applicationMode:systemTray /showWelcome:false

HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\Run: [skyDrive] => C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040 2014-08-24] (Microsoft Corporation)

HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\Policies\Explorer: [NoFolderOptions] 0

HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\MountPoints2: D - D:\Launch.exe

HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\MountPoints2: {cc559e94-5585-11e1-9a14-1c6f65c60541} - H:\LaunchU3.exe -a

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

GroupPolicyUsers\S-1-5-21-2497641722-1424367119-3422776657-1005\User: Group Policy restriction detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC81038EBBF0ACF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - {B0C31C54-4775-48C9-9045-7D46E172A44B} URL = 

SearchScopes: HKLM-x32 - {9EC485FA-C11E-474E-8E6F-DD5C55EFC99C} URL = 

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - No Name - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} -  No File

DPF: HKLM-x32 {444785F1-DE89-4295-863A-D46C3A781394} http://webplayer.unity3d.com/download_webplayer/UnityWebPlayer.cab

DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File

Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File

Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File

Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @otee.dk/UnityWebPlayer -> C:\Program Files (x86)\OverTheEdge\Unity\WebPlayer\loader\npUnityWeb32.dll (OverTheEdge I/S)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: electronicarts.com/GameFacePlugin -> C:\Users\Martin\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

FF HKLM-x32\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension

FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2011-06-05]

FF HKLM-x32\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST

FF Extension: Norton Safe Web Lite Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST [2014-08-26]

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-04-20]

FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension

FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-06-05]

 

Chrome: 

=======

CHR HomePage: Default -> 

CHR StartupUrls: Default -> "https://www.google.co.uk/"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-09]

CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-09]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]

CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-20]

CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-20]

CHR Extension: (Hush  private bookmarking) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjmoaenjknbdehbiaeeijcppnljflkff [2014-08-25]

CHR Extension: (Google Wallet) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]

CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-20]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

CHR HKLM-x32\...\Chrome\Extension: [oedoknoijoakeplhlghdcggkclkbmaje] - C:\Users\Callum\AppData\Local\PriceMeter Express\PriceMeterExpress.crx [2014-06-28]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 BFBackupUtilityService; C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe [320888 2010-04-28] (BUFFALO INC.)

R2 BFBackupUtilityVSSService; C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe [359288 2010-04-28] (BUFFALO INC.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)

R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)

R2 NSL; C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation)

R2 pcregservice; C:\Program Files (x86)\wrapper_inst\file_to_run.exe [31344 2013-09-20] ()

R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1886488 2014-06-23] (Trusteer Ltd.)

S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)

S4 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [632832 2011-03-21] (Nokia) [File not signed]

S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)

S3 WMZuneComm; C:\zune\WMZuneComm.exe [306400 2011-08-05] (Microsoft Corporation)

S3 ZuneNetworkSvc; C:\zune\ZuneNss.exe [8277728 2011-08-05] (Microsoft Corporation)

S3 ZuneWlanCfgSvc; C:\zune\ZuneWlanCfgSvc.exe [467680 2011-08-05] (Microsoft Corporation)

R3 WinHttpAutoProxySvc; winhttp.dll [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R0 bftpdskc64; C:\Windows\System32\drivers\bftpdskc64.sys [67712 2010-01-12] (BUFFALO INC.)

S3 bftpusbx64; C:\Windows\System32\drivers\bftpusbx64.sys [20608 2010-01-18] (BUFFALO INC.)

R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [167048 2011-08-09] (Symantec Corporation)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)

S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2011-09-13] ()

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-26] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)

R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)

R1 RapportCerberus_69108; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69108.sys [631128 2014-06-30] ()

R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299736 2014-06-23] (Trusteer Ltd.)

R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358616 2014-06-23] (Trusteer Ltd.)

R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414296 2014-06-23] (Trusteer Ltd.)

S3 SaiH8000; C:\Windows\System32\DRIVERS\SaiH8000.sys [178560 2008-04-04] (Saitek)

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)

S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]

S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]

S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]

S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]

S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]

S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-26 22:35 - 2014-08-26 22:35 - 01016261 _____ (Thisisu) C:\Users\Martin\Downloads\JRT (1).exe

2014-08-26 22:17 - 2014-08-26 22:17 - 00000000 ____D () C:\Windows\ERUNT

2014-08-26 22:15 - 2014-08-26 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2014-08-26 21:53 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-08-26 21:51 - 2014-08-26 22:07 - 00000000 ____D () C:\AdwCleaner

2014-08-26 21:49 - 2014-08-26 21:51 - 01364531 _____ () C:\Users\Martin\Downloads\AdwCleaner.exe

2014-08-26 20:29 - 2014-08-26 20:29 - 00000000 ____D () C:\Users\Martin\Downloads\Autoruns

2014-08-26 20:28 - 2014-08-26 20:28 - 00511306 _____ () C:\Users\Martin\Downloads\Autoruns.zip

2014-08-26 19:52 - 2014-08-26 22:14 - 00000000 ____D () C:\Users\Martin\Documents\pc1

2014-08-26 19:47 - 2014-08-26 19:47 - 00110240 _____ () C:\Users\Martin\pc1.txt

2014-08-26 19:44 - 2014-08-26 19:47 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Notepad++

2014-08-26 19:16 - 2014-08-26 19:16 - 00057052 _____ () C:\Users\Martin\Downloads\Addition.txt

2014-08-26 19:15 - 2014-08-26 22:54 - 00026584 _____ () C:\Users\Martin\Downloads\FRST.txt

2014-08-26 19:14 - 2014-08-26 22:54 - 00000000 ____D () C:\FRST

2014-08-26 19:12 - 2014-08-26 19:14 - 02103296 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe

2014-08-26 12:42 - 2014-08-26 12:42 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam_premium.exe

2014-08-26 11:41 - 2014-08-26 22:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-26 11:41 - 2014-08-26 12:43 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-26 11:41 - 2014-08-26 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-26 11:41 - 2014-08-26 12:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-26 11:41 - 2014-08-26 11:41 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-26 11:41 - 2014-05-12 08:19 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-08-26 11:41 - 2014-05-12 08:19 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-08-26 11:41 - 2014-05-12 08:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-08-26 11:22 - 2014-08-26 11:22 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-26 11:07 - 2014-08-26 11:07 - 00003110 _____ () C:\Windows\System32\Tasks\{48F43E3A-9C7A-4535-87A1-033D6EE7FF1F}

2014-08-26 11:06 - 2014-08-26 11:06 - 00003092 _____ () C:\Windows\System32\Tasks\{9D4A2211-7B31-4A21-8019-D4F06E80C889}

2014-08-26 11:05 - 2014-08-26 11:06 - 00000000 ____D () C:\Users\Martin\.nbi

2014-08-26 10:44 - 2014-08-26 10:44 - 00000004 _____ () C:\Users\Martin\AppData\Roaming\appdataFr2.bin

2014-08-26 10:16 - 2014-08-26 10:16 - 00000000 ___HD () C:\OneDriveTemp

2014-08-25 16:49 - 2014-08-25 16:49 - 01296096 _____ (VideoPerformer) C:\Users\Martin\Downloads\VideoPerformerSetup.exe

2014-08-25 16:39 - 2014-08-25 16:39 - 00000000 ___RD () C:\Users\Martin\Documents\HP Photo Creations

2014-08-25 16:39 - 2014-08-25 16:39 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Visan

2014-08-25 16:38 - 2014-08-25 16:38 - 02959504 _____ (Hewlett-Packard ) C:\Users\Martin\Downloads\hpusetup.exe

2014-08-25 16:38 - 2014-08-25 16:38 - 00000000 ____D () C:\Windows\Hewlett-Packard

2014-08-25 15:48 - 2014-08-25 15:48 - 00000000 ____D () C:\Users\Martin\AppData\Local\{BBD73DC1-3AF5-4DC4-AEFD-1DF4104BFCA8}

2014-08-25 15:46 - 2014-08-25 15:46 - 00000000 ____D () C:\ProgramData\ShoppingDealFactory

2014-08-25 09:47 - 2014-08-25 09:47 - 00000000 ____D () C:\ProgramData\ffd8e8a8a13f665b

2014-08-24 16:14 - 2014-08-26 22:26 - 00000340 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job

2014-08-24 16:14 - 2014-08-24 16:14 - 00003350 _____ () C:\Windows\System32\Tasks\HP Photo Creations Communicator

2014-08-24 16:13 - 2014-08-24 16:13 - 43243608 _____ (HP) C:\Users\Martin\Downloads\hpphotocreations.exe

2014-08-24 15:48 - 2014-08-25 16:39 - 00000000 ____D () C:\ProgramData\HP Photo Creations

2014-08-24 15:48 - 2014-08-25 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

2014-08-24 15:48 - 2014-08-24 16:14 - 00002172 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk

2014-08-24 15:48 - 2014-08-24 16:14 - 00000000 ____D () C:\ProgramData\Visan

2014-08-24 15:48 - 2014-08-24 15:48 - 00002248 _____ () C:\Users\Public\Desktop\HP Photosmart 6520 series.lnk

2014-08-24 15:48 - 2014-08-24 15:48 - 00001180 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 6520 series.lnk

2014-08-24 15:48 - 2014-08-24 15:48 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\HpUpdate

2014-08-24 15:48 - 2014-08-24 15:48 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations

2014-08-24 15:48 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMAF11.dll

2014-08-24 15:47 - 2014-08-24 15:48 - 00000000 ____D () C:\Program Files (x86)\HP

2014-08-24 15:47 - 2014-08-24 15:47 - 00000057 _____ () C:\ProgramData\Ament.ini

2014-08-24 15:47 - 2014-08-24 15:47 - 00000000 ____D () C:\Program Files\HP

2014-08-24 15:45 - 2014-08-24 15:45 - 72558696 _____ () C:\Users\Martin\Downloads\PS6520_1315-1.exe

2014-08-24 15:42 - 2014-08-24 16:16 - 00000000 ____D () C:\Users\Martin\AppData\Local\HP

2014-08-24 15:40 - 2014-08-24 15:47 - 00000000 ____D () C:\ProgramData\HP

2014-07-29 15:33 - 2014-07-29 16:12 - 00000000 ____D () C:\Users\Callum\Documents\Flight Simulator Files

2014-07-28 19:18 - 2014-07-28 19:18 - 06580602 _____ () C:\Users\Martin\Downloads\Windows6.1-KB2731771-x64 (3).msu

2014-07-28 19:18 - 2014-07-28 19:18 - 04904874 _____ () C:\Users\Martin\Downloads\Windows6.1-KB2731771-x86.msu

2014-07-28 19:14 - 2014-07-28 19:15 - 55915216 _____ (Microsoft Corporation) C:\Users\Martin\Downloads\IE11-Windows6.1-x64-en-us.exe

2014-07-28 18:22 - 2014-07-28 18:22 - 01005568 _____ (Microsoft Corporation) C:\Users\Martin\Downloads\dotNetFx45_Full_setup.exe

2014-07-28 10:26 - 2014-07-28 10:26 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-07-28 10:26 - 2014-07-28 10:26 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-07-28 10:26 - 2014-07-28 10:26 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-07-28 10:26 - 2014-07-28 10:26 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-07-28 10:26 - 2014-07-28 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-28 10:23 - 2014-07-28 10:23 - 31012264 _____ (Oracle Corporation) C:\Users\Martin\Downloads\jre-7u65-windows-x64.exe

2014-07-28 10:23 - 2014-07-28 10:23 - 31012264 _____ (Oracle Corporation) C:\Users\Martin\Downloads\jre-7u65-windows-x64 (1).exe

2014-07-28 10:14 - 2014-07-28 10:14 - 00000000 ____D () C:\ProgramData\VS

2014-07-27 20:57 - 2014-07-27 20:57 - 00056375 _____ () C:\Users\Callum\Downloads\EuroTruckSimulator2_1_10_1_setup.exe.torrent

2014-07-27 20:47 - 2014-07-27 20:47 - 00516296 _____ (Popeller, sl) C:\Users\Callum\Downloads\Euro Truck Simulator 2 (7).exe

2014-07-27 20:43 - 2014-07-27 20:43 - 00516296 _____ (Popeller, sl) C:\Users\Callum\Downloads\Euro Truck Simulator 2 (6).exe

2014-07-27 20:42 - 2014-07-27 20:42 - 00516296 _____ (Popeller, sl) C:\Users\Callum\Downloads\Euro Truck Simulator 2 (5).exe

2014-07-27 20:38 - 2014-07-27 20:38 - 00516296 _____ (Popeller, sl) C:\Users\Callum\Downloads\Euro Truck Simulator 2 (4).exe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-26 22:54 - 2014-08-26 19:15 - 00026584 _____ () C:\Users\Martin\Downloads\FRST.txt

2014-08-26 22:54 - 2014-08-26 19:14 - 00000000 ____D () C:\FRST

2014-08-26 22:44 - 2014-08-26 11:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-26 22:44 - 2014-03-31 17:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-08-26 22:35 - 2014-08-26 22:35 - 01016261 _____ (Thisisu) C:\Users\Martin\Downloads\JRT (1).exe

2014-08-26 22:26 - 2014-08-24 16:14 - 00000340 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job

2014-08-26 22:19 - 2011-05-23 19:38 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-08-26 22:17 - 2014-08-26 22:17 - 00000000 ____D () C:\Windows\ERUNT

2014-08-26 22:17 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-26 22:17 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-26 22:15 - 2014-08-26 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2014-08-26 22:15 - 2014-04-20 15:58 - 00001844 _____ () C:\Users\Public\Desktop\BT NetProtect Plus.lnk

2014-08-26 22:14 - 2014-08-26 19:52 - 00000000 ____D () C:\Users\Martin\Documents\pc1

2014-08-26 22:12 - 2011-04-19 22:16 - 01367181 _____ () C:\Windows\WindowsUpdate.log

2014-08-26 22:10 - 2013-03-31 14:42 - 00000000 ___RD () C:\Users\Martin\SkyDrive

2014-08-26 22:09 - 2011-05-23 19:38 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-08-26 22:09 - 2010-11-21 04:47 - 02452066 _____ () C:\Windows\PFRO.log

2014-08-26 22:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-26 22:09 - 2009-07-14 05:51 - 00182475 _____ () C:\Windows\setupact.log

2014-08-26 22:07 - 2014-08-26 21:51 - 00000000 ____D () C:\AdwCleaner

2014-08-26 22:07 - 2013-07-08 13:30 - 00000000 ____D () C:\Users\Conor\AppData\Local\CRE

2014-08-26 21:51 - 2014-08-26 21:49 - 01364531 _____ () C:\Users\Martin\Downloads\AdwCleaner.exe

2014-08-26 21:46 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-08-26 21:05 - 2013-11-23 13:27 - 00290150 _____ () C:\Windows\IE11_main.log

2014-08-26 20:29 - 2014-08-26 20:29 - 00000000 ____D () C:\Users\Martin\Downloads\Autoruns

2014-08-26 20:28 - 2014-08-26 20:28 - 00511306 _____ () C:\Users\Martin\Downloads\Autoruns.zip

2014-08-26 19:47 - 2014-08-26 19:47 - 00110240 _____ () C:\Users\Martin\pc1.txt

2014-08-26 19:47 - 2014-08-26 19:44 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Notepad++

2014-08-26 19:47 - 2011-04-19 22:16 - 00000000 ____D () C:\Users\Martin

2014-08-26 19:16 - 2014-08-26 19:16 - 00057052 _____ () C:\Users\Martin\Downloads\Addition.txt

2014-08-26 19:14 - 2014-08-26 19:12 - 02103296 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe

2014-08-26 18:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat

2014-08-26 13:46 - 2011-06-07 19:43 - 00000000 ____D () C:\Users\Martin\AppData\Local\CrashDumps

2014-08-26 13:45 - 2013-09-20 22:03 - 00000000 ____D () C:\Program Files\wrapper_inst

2014-08-26 12:43 - 2014-08-26 11:41 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-26 12:43 - 2014-08-26 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-26 12:43 - 2014-08-26 11:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-26 12:42 - 2014-08-26 12:42 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam_premium.exe

2014-08-26 11:41 - 2014-08-26 11:41 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-26 11:22 - 2014-08-26 11:22 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-26 11:14 - 2013-09-20 22:02 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-08-26 11:10 - 2011-04-21 16:52 - 00000000 ____D () C:\ProgramData\Norton

2014-08-26 11:07 - 2014-08-26 11:07 - 00003110 _____ () C:\Windows\System32\Tasks\{48F43E3A-9C7A-4535-87A1-033D6EE7FF1F}

2014-08-26 11:06 - 2014-08-26 11:06 - 00003092 _____ () C:\Windows\System32\Tasks\{9D4A2211-7B31-4A21-8019-D4F06E80C889}

2014-08-26 11:06 - 2014-08-26 11:05 - 00000000 ____D () C:\Users\Martin\.nbi

2014-08-26 10:44 - 2014-08-26 10:44 - 00000004 _____ () C:\Users\Martin\AppData\Roaming\appdataFr2.bin

2014-08-26 10:19 - 2014-03-31 17:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-08-26 10:19 - 2012-04-09 11:30 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-08-26 10:19 - 2012-01-28 13:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-08-26 10:16 - 2014-08-26 10:16 - 00000000 ___HD () C:\OneDriveTemp

2014-08-25 16:49 - 2014-08-25 16:49 - 01296096 _____ (VideoPerformer) C:\Users\Martin\Downloads\VideoPerformerSetup.exe

2014-08-25 16:39 - 2014-08-25 16:39 - 00000000 ___RD () C:\Users\Martin\Documents\HP Photo Creations

2014-08-25 16:39 - 2014-08-25 16:39 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Visan

2014-08-25 16:39 - 2014-08-24 15:48 - 00000000 ____D () C:\ProgramData\HP Photo Creations

2014-08-25 16:38 - 2014-08-25 16:38 - 02959504 _____ (Hewlett-Packard ) C:\Users\Martin\Downloads\hpusetup.exe

2014-08-25 16:38 - 2014-08-25 16:38 - 00000000 ____D () C:\Windows\Hewlett-Packard

2014-08-25 16:38 - 2014-08-24 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

2014-08-25 15:48 - 2014-08-25 15:48 - 00000000 ____D () C:\Users\Martin\AppData\Local\{BBD73DC1-3AF5-4DC4-AEFD-1DF4104BFCA8}

2014-08-25 15:46 - 2014-08-25 15:46 - 00000000 ____D () C:\ProgramData\ShoppingDealFactory

2014-08-25 15:25 - 2014-07-23 10:26 - 00000000 ____D () C:\Users\Martin\Documents\Visual Studio 2010

2014-08-25 09:47 - 2014-08-25 09:47 - 00000000 ____D () C:\ProgramData\ffd8e8a8a13f665b

2014-08-25 09:30 - 2011-04-21 17:37 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-08-24 17:35 - 2013-08-16 14:27 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-24 17:22 - 2011-04-21 21:18 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-24 16:21 - 2014-04-20 15:55 - 00000000 ____D () C:\Program Files (x86)\McAfee

2014-08-24 16:16 - 2014-08-24 15:42 - 00000000 ____D () C:\Users\Martin\AppData\Local\HP

2014-08-24 16:14 - 2014-08-24 16:14 - 00003350 _____ () C:\Windows\System32\Tasks\HP Photo Creations Communicator

2014-08-24 16:14 - 2014-08-24 15:48 - 00002172 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk

2014-08-24 16:14 - 2014-08-24 15:48 - 00000000 ____D () C:\ProgramData\Visan

2014-08-24 16:13 - 2014-08-24 16:13 - 43243608 _____ (HP) C:\Users\Martin\Downloads\hpphotocreations.exe

2014-08-24 15:48 - 2014-08-24 15:48 - 00002248 _____ () C:\Users\Public\Desktop\HP Photosmart 6520 series.lnk

2014-08-24 15:48 - 2014-08-24 15:48 - 00001180 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 6520 series.lnk

2014-08-24 15:48 - 2014-08-24 15:48 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\HpUpdate

2014-08-24 15:48 - 2014-08-24 15:48 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations

2014-08-24 15:48 - 2014-08-24 15:47 - 00000000 ____D () C:\Program Files (x86)\HP

2014-08-24 15:47 - 2014-08-24 15:47 - 00000057 _____ () C:\ProgramData\Ament.ini

2014-08-24 15:47 - 2014-08-24 15:47 - 00000000 ____D () C:\Program Files\HP

2014-08-24 15:47 - 2014-08-24 15:40 - 00000000 ____D () C:\ProgramData\HP

2014-08-24 15:45 - 2014-08-24 15:45 - 72558696 _____ () C:\Users\Martin\Downloads\PS6520_1315-1.exe

2014-08-24 15:40 - 2009-07-14 06:13 - 00880170 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-24 15:27 - 2014-04-20 15:35 - 00000000 ____D () C:\Program Files\Common Files\McAfee

2014-08-24 15:18 - 2014-04-20 15:49 - 00002182 _____ () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk

2014-08-13 14:48 - 2013-09-20 18:29 - 00000000 ____D () C:\Users\Conor\AppData\Local\PMB Files

2014-08-13 14:21 - 2011-12-04 13:02 - 00000000 ____D () C:\Users\Conor\AppData\Roaming\Skype

2014-08-13 14:20 - 2014-07-05 21:00 - 00000000 ____D () C:\Users\Conor\AppData\Local\Battle.net

2014-08-13 13:27 - 2014-07-05 21:00 - 00000000 ____D () C:\Program Files (x86)\Battle.net

2014-08-08 18:53 - 2014-07-05 21:01 - 00000000 ____D () C:\Program Files (x86)\Hearthstone

2014-08-08 18:41 - 2011-06-02 10:51 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-07-31 09:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-07-29 16:12 - 2014-07-29 15:33 - 00000000 ____D () C:\Users\Callum\Documents\Flight Simulator Files

2014-07-28 20:28 - 2011-04-22 10:15 - 00000000 ____D () C:\Program Files\Google

2014-07-28 20:28 - 2011-04-22 10:15 - 00000000 ____D () C:\Program Files (x86)\Google

2014-07-28 19:18 - 2014-07-28 19:18 - 06580602 _____ () C:\Users\Martin\Downloads\Windows6.1-KB2731771-x64 (3).msu

2014-07-28 19:18 - 2014-07-28 19:18 - 04904874 _____ () C:\Users\Martin\Downloads\Windows6.1-KB2731771-x86.msu

2014-07-28 19:16 - 2013-05-27 21:06 - 00540570 _____ () C:\Windows\IE10_main.log

2014-07-28 19:15 - 2014-07-28 19:14 - 55915216 _____ (Microsoft Corporation) C:\Users\Martin\Downloads\IE11-Windows6.1-x64-en-us.exe

2014-07-28 19:05 - 2011-04-23 18:20 - 00000000 ____D () C:\ProgramData\Google

2014-07-28 19:05 - 2011-04-23 18:03 - 00000000 ____D () C:\Users\Martin\AppData\Local\Google

2014-07-28 18:59 - 2014-07-23 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express

2014-07-28 18:52 - 2012-11-20 10:14 - 00000000 ____D () C:\ProgramData\Package Cache

2014-07-28 18:51 - 2012-11-20 10:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 11.0

2014-07-28 18:50 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild

2014-07-28 18:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

2014-07-28 18:41 - 2012-11-20 10:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs

2014-07-28 18:22 - 2014-07-28 18:22 - 01005568 _____ (Microsoft Corporation) C:\Users\Martin\Downloads\dotNetFx45_Full_setup.exe

2014-07-28 18:12 - 2014-06-29 11:39 - 00029340 _____ () C:\Windows\SysWOW64\console.log

2014-07-28 18:10 - 2013-03-16 14:06 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-07-28 18:10 - 2011-05-15 21:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-07-28 10:26 - 2014-07-28 10:26 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-07-28 10:26 - 2014-07-28 10:26 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-07-28 10:26 - 2014-07-28 10:26 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-07-28 10:26 - 2014-07-28 10:26 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-07-28 10:26 - 2014-07-28 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-28 10:26 - 2014-06-05 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit

2014-07-28 10:25 - 2012-07-05 21:16 - 00000000 ____D () C:\Program Files\Java

2014-07-28 10:23 - 2014-07-28 10:23 - 31012264 _____ (Oracle Corporation) C:\Users\Martin\Downloads\jre-7u65-windows-x64.exe

2014-07-28 10:23 - 2014-07-28 10:23 - 31012264 _____ (Oracle Corporation) C:\Users\Martin\Downloads\jre-7u65-windows-x64 (1).exe

2014-07-28 10:14 - 2014-07-28 10:14 - 00000000 ____D () C:\ProgramData\VS

2014-07-28 10:06 - 2013-03-16 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-07-27 20:57 - 2014-07-27 20:57 - 00056375 _____ () C:\Users\Callum\Downloads\EuroTruckSimulator2_1_10_1_setup.exe.torrent

2014-07-27 20:48 - 2011-04-22 11:49 - 00000000 ____D () C:\Users\Callum\AppData\Local\CrashDumps

2014-07-27 20:47 - 2014-07-27 20:47 - 00516296 _____ (Popeller, sl) C:\Users\Callum\Downloads\Euro Truck Simulator 2 (7).exe

2014-07-27 20:43 - 2014-07-27 20:43 - 00516296 _____ (Popeller, sl) C:\Users\Callum\Downloads\Euro Truck Simulator 2 (6).exe

2014-07-27 20:42 - 2014-07-27 20:42 - 00516296 _____ (Popeller, sl) C:\Users\Callum\Downloads\Euro Truck Simulator 2 (5).exe

2014-07-27 20:38 - 2014-07-27 20:38 - 00516296 _____ (Popeller, sl) C:\Users\Callum\Downloads\Euro Truck Simulator 2 (4).exe

 

Some content of TEMP:

====================

C:\Users\Callum\AppData\Local\Temp\BackupSetup.exe

C:\Users\Callum\AppData\Local\Temp\dlLogic.exe

C:\Users\Callum\AppData\Local\Temp\EBU65C4.exe

C:\Users\Callum\AppData\Local\Temp\EBU8FEF.exe

C:\Users\Callum\AppData\Local\Temp\ICReinstall_winzip18-lan_en.exe

C:\Users\Callum\AppData\Local\Temp\nsd431C.exe

C:\Users\Callum\AppData\Local\Temp\nseDCFF.exe

C:\Users\Callum\AppData\Local\Temp\nsj5E0D.exe

C:\Users\Callum\AppData\Local\Temp\nso2B48.exe

C:\Users\Callum\AppData\Local\Temp\nsyF14A.exe

C:\Users\Callum\AppData\Local\Temp\optprosetup.exe

C:\Users\Callum\AppData\Local\Temp\ReimagePackage.exe

C:\Users\Callum\AppData\Local\Temp\ReimageRepair.exe

C:\Users\Callum\AppData\Local\Temp\SecondStepInstaller.exe

C:\Users\Callum\AppData\Local\Temp\SPSetup.exe

C:\Users\Callum\AppData\Local\Temp\spstub.exe

C:\Users\Conor\AppData\Local\Temp\CmdLineExt01.dll

C:\Users\Conor\AppData\Local\Temp\CmdLineExt02.dll

C:\Users\Conor\AppData\Local\Temp\comver.dll

C:\Users\Conor\AppData\Local\Temp\DefaultAssets.exe

C:\Users\Conor\AppData\Local\Temp\DefaultOfflineContent.exe

C:\Users\Conor\AppData\Local\Temp\drm_dialogs.dll

C:\Users\Conor\AppData\Local\Temp\dxwebsetup.exe

C:\Users\Conor\AppData\Local\Temp\EXEtender_OutBrowse_Bundle_DL_ChickIn3.exe

C:\Users\Conor\AppData\Local\Temp\Findr.exe

C:\Users\Conor\AppData\Local\Temp\HSS-2-88-install-plain-506-plain.exe

C:\Users\Conor\AppData\Local\Temp\NLStubInstallerResources.dll

C:\Users\Conor\AppData\Local\Temp\nsaB761.exe

C:\Users\Conor\AppData\Local\Temp\nsk812.exe

C:\Users\Conor\AppData\Local\Temp\nspA2CB.exe

C:\Users\Conor\AppData\Local\Temp\nsu7F8F.exe

C:\Users\Conor\AppData\Local\Temp\PC-Registry-EXE-0808.exe

C:\Users\Conor\AppData\Local\Temp\PCCheckupInstaller.exe

C:\Users\Conor\AppData\Local\Temp\PCCU_Installer.exe

C:\Users\Conor\AppData\Local\Temp\SecondStepInstaller.exe

C:\Users\Conor\AppData\Local\Temp\SIntf16.dll

C:\Users\Conor\AppData\Local\Temp\SIntf32.dll

C:\Users\Conor\AppData\Local\Temp\SIntfNT.dll

C:\Users\Conor\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Conor\AppData\Local\Temp\softonic_121_3.exe

C:\Users\Conor\AppData\Local\Temp\SPStub.exe

C:\Users\Conor\AppData\Local\Temp\swt-win32-3349.dll

C:\Users\Conor\AppData\Local\Temp\ToolbarHelper.exe

C:\Users\Conor\AppData\Local\Temp\VMSetup2.0.0.92.exe

C:\Users\Conor\AppData\Local\Temp\xmlUpdater.exe

C:\Users\Conor\AppData\Local\Temp\zatbSetup_110_000_064.exe

C:\Users\Julie\AppData\Local\Temp\EADF584.exe

C:\Users\Julie\AppData\Local\Temp\SecondStepInstaller.exe

C:\Users\Julie\AppData\Local\Temp\SPSetup.exe

C:\Users\Julie\AppData\Local\Temp\UninstallEADM.dll

C:\Users\Martin\AppData\Local\Temp\ose00000.exe

C:\Users\Martin\AppData\Local\Temp\Quarantine.exe

C:\Users\Martin\AppData\Local\Temp\uninst1.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-08-25 11:04

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2014

Ran by Martin at 2014-08-26 23:03:18

Running from C:\Users\Martin\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}

AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)

AMD APP SDK Runtime (Version: 2.4.595.9 - Advanced Micro Devices Inc.) Hidden

AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden

Amnesia: The Dark Descent Demo  (HKLM-x32\...\Steam App 57310) (Version:  - Frictional Games)

Ancient Wars - Sparta (HKLM-x32\...\{554532CE-43E2-4B4F-BBDE-27742A32C236}) (Version: 1.00.0000 - PlayLogic)

Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ATI Catalyst Install Manager (HKLM\...\{47B188E2-2447-5C40-15B6-9D49DC90BF5B}) (Version: 3.0.816.0 - ATI Technologies, Inc.)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

BT NetProtect Plus (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)

BUFFALO Backup Utility (HKLM-x32\...\UN091222) (Version:  - )

BUFFALO BuffaloTools Launcher (HKLM-x32\...\UN091201) (Version:  - )

BUFFALO TurboCopy (HKLM-x32\...\UN091114) (Version:  - )

BUFFALO TurboPC for FLASH/HDD (HKLM-x32\...\UN091111) (Version:  - )

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden

Catalyst Control Center (x32 Version: 2011.0308.2325.42017 - ATI) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0308.2325.42017 - ATI) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2011.0308.2325.42017 - ATI Technologies, Inc.) Hidden

CCC Help English (x32 Version: 2011.0308.2324.42017 - ATI) Hidden

ccc-utility64 (Version: 2011.0308.2325.42017 - ATI) Hidden

CDDRV_Installer (Version: 4.60 - Logitech) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)

Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)

EA SPORTS Game Face Browser Plugin 1.5.3.0 (HKCU\...\EA SPORTS Game Face Browser Plugin) (Version: 1.5.3.0 - Electronic Arts)

EA SPORTS Gameface Browser Plugin 1.3.1.0 (HKCU\...\EA SPORTS Gameface Browser Plugin) (Version: 1.3.1.0 - Electronic Arts)

Easy Tune 6 B10.1216.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)

Easy Tune 6 B10.1216.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden

Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{3F29268A-F53A-4387-9F2B-E9368A823178}) (Version: 11.1.30729.00 - Microsoft Corporation)

eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden

File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)

FLV Player (remove only) (HKLM-x32\...\FLVM Player) (Version:  - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google SketchUp 8 (HKLM-x32\...\{3544DED1-07DB-40C0-98F3-435A6DA195C7}) (Version: 3.0.14346 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Greenfoot (HKLM-x32\...\{8C838B70-3A71-41E8-91A6-4ADCF2E483D0}) (Version: 2.2.1 - Greenfoot Team)

Haunted Memories (HKLM-x32\...\Steam App 241640) (Version:  - MadMan Theory Games)

Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)

HP Photosmart 6520 series Basic Device Software (HKLM\...\{1151BCF8-3246-4E34-9C17-22E66318C41C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Photosmart 6520 series Help (HKLM-x32\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)

iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)

Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)

Java SE Development Kit 7 Update 9 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170090}) (Version: 1.7.0.90 - Oracle)

Java SE Development Kit 7 Update 1 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170010}) (Version: 1.7.0.10 - Oracle)

JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

Jurassic Park Operation Genesis (HKLM-x32\...\InstallShield_{A347C572-F7B4-43A3-BD51-FFC99184F70D}) (Version: 1.00.0000 - Universal Interactive)

Jurassic Park Operation Genesis (x32 Version: 1.00.0000 - Universal Interactive) Hidden

KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden

League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)

League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden

Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)

Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)

Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden

Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden

Microsoft Flight Simulator 2004 A Century of Flight (HKLM-x32\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft)

Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)

Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden

Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)

Microsoft Help Viewer 2.0 (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden

Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)

Microsoft SQL Server 2008 (64-bit) (Version:  - Microsoft Corporation) Hidden

Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)

Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22 - Microsoft Corporation) Hidden

Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0 - Microsoft Corporation) Hidden

Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0 - Microsoft Corporation) Hidden

Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0 - Microsoft Corporation) Hidden

Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)

Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0 - Microsoft Corporation) Hidden

Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)

Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)

Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft Visual C++  Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50701 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50706 - Microsoft Corporation) Hidden

Microsoft Visual Studio Team Foundation Server 2012 Object Model (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)

MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden

MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden

MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden

MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

NetBeans IDE 7.2.1 (HKLM\...\nbi-nb-base-7.2.1.0.201210100934) (Version: 7.2.1 - NetBeans.org)

Nokia Connectivity Cable Driver (HKLM-x32\...\{25CFEF55-A945-41FC-86ED-76469F31DF37}) (Version: 7.1.41.0 - Nokia)

Nokia Ovi Suite (HKLM-x32\...\Nokia Ovi Suite) (Version: 3.1.0.91 - Nokia)

Nokia Ovi Suite (x32 Version: 3.1.0.91 - Nokia) Hidden

Nokia Ovi Suite Software Updater (HKLM-x32\...\{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}) (Version: 02.07.004.45780 - Nokia Corporation)

Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9 - )

Origin (HKLM-x32\...\Origin) (Version: 9.0.13.2142 - Electronic Arts, Inc.)

Ovi Desktop Sync Engine (x32 Version: 1.5.257.0 - Nokia) Hidden

OviMPlatform (x32 Version: 2.7.66.0 - Nokia) Hidden

PC Connectivity Solution (HKLM-x32\...\{3DE96337-68D2-48E0-A863-6E4A5CD3BC25}) (Version: 11.4.16.0 - Nokia)

PowerLine Utility (HKLM-x32\...\{BA6144AE-88CE-4DAF-A185-CA416470A873}) (Version: 1.1.413 - TP-LINK)

Praetorians (HKLM-x32\...\{AAC8AF92-DAEC-45D2-B77D-36699E3751A9}) (Version:  - Pyro Studios)

Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)

Prince of Persia The Sands of Time (HKLM-x32\...\{8C453F13-6877-4D34-8816-009ABDE306DB}) (Version: 1.00.181 - )

Rapport (Version: 3.5.1201.94 - Trusteer) Hidden

Rapport (x32 Version: 3.5.1307.93 - Trusteer) Hidden

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.36.1224.2010 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6282 - Realtek Semiconductor Corp.)

Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)

Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden

RIFT™ (HKLM-x32\...\Steam App 39120) (Version:  - Trion Worlds)

RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version:  - )

Rome - Total War (HKLM-x32\...\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}) (Version: 1.5 - The Creative Assembly)

SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )

Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)

Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)

The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.57.62 - Electronic Arts)

The Stanley Parable Demo (HKLM-x32\...\Steam App 247750) (Version:  - Galactic Cafe)

TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - TomTom)

TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)

Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1307.93 - Trusteer)

Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)

Unity Web Player (HKLM-x32\...\UnityWebPlayer) (Version: 1.6.2_8001 - Over The Edge I/S)

Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)

Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)

Update for Microsoft Visual Studio 2012 (KB2781514) (HKLM-x32\...\{3786efc1-59ff-4908-8cd6-dc85ec87209e}) (Version: 11.0.50727 - Microsoft Corporation)

Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)

Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)

Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

ZoneAlarm Security Toolbar on IE and Chrome (HKLM-x32\...\ZoneAlarm Security Toolbar) (Version: 1.8.11.11 - Check Point Software Technologies LTD)

Zoo Tycoon: Complete Collection (HKLM-x32\...\Zoo Tycoon 1.0) (Version:  - )

Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2497641722-1424367119-3422776657-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2497641722-1424367119-3422776657-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2497641722-1424367119-3422776657-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2497641722-1424367119-3422776657-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2497641722-1424367119-3422776657-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

 

==================== Restore Points  =========================

 

31-07-2014 09:12:49 Windows Update

02-08-2014 10:35:53 Windows Update

02-08-2014 17:00:12 Windows Update

02-08-2014 17:24:33 Windows Update

08-08-2014 21:44:13 Windows Update

24-08-2014 14:19:33 Windows Update

24-08-2014 16:20:27 Windows Update

25-08-2014 09:03:33 Windows Update

25-08-2014 10:05:42 Windows Update

25-08-2014 16:56:37 Windows Update

26-08-2014 09:17:44 Windows Update

26-08-2014 13:53:15 Windows Update

26-08-2014 17:00:13 Windows Update

26-08-2014 20:04:16 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 03:34 - 2014-06-05 16:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {038140A9-D0DA-4B00-B3EB-C6B53B7BD2C0} - System32\Tasks\IHUninstallTrackingTASK => CMD

Task: {1240C259-B680-42A7-ABAD-3C82C18DCBEA} - System32\Tasks\{8CBFE665-BB65-4FFA-820F-1786D07D1DA5} => D:\SetupUbi.exe

Task: {2627A67C-55B4-400B-9F0D-EA04FA709680} - System32\Tasks\pcreg => C:\Program Files\wrapper_inst\service.exe

Task: {3B642E53-27B9-4B28-8287-4503C5BBB5A3} - \pricemeterwatcher No Task File <==== ATTENTION

Task: {3CE2C992-4278-41FD-8FEE-FA9BBAAD780A} - System32\Tasks\{F7483298-0107-425C-AA9A-A752E07400B4} => D:\setup.exe

Task: {472AB3EA-AC34-4A20-8DA5-4661EB1EA2EF} - System32\Tasks\{627E9B71-F2F8-4EB0-B2F4-DA349569E278} => D:\setup.exe

Task: {49F87D99-69C8-43DE-882C-18FCF1843A1E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-23] (Google Inc.)

Task: {58ACD185-8343-4278-A31C-ABB2AA1F475A} - System32\Tasks\{E6FE8B9D-EA00-4F8E-A6CC-06291CDF8D95} => D:\setup.exe

Task: {5E99D35E-D6BC-482C-8E93-96C6CBE8B934} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {7052C5CD-B25C-4CC3-B476-4E8E518CD409} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-26] (Adobe Systems Incorporated)

Task: {7E1B0FA7-D644-4204-A41A-07E80C4CF3E6} - System32\Tasks\{2A04A191-4FB4-45BB-AB72-FE83FB190005} => D:\Launch.exe

Task: {86A7CA1F-90D5-4034-8A5E-8415EE7E8EA9} - System32\Tasks\{3B0A6952-CAB2-4356-8D8D-019C5FB3A364} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)

Task: {953E9572-5E64-4AD1-B662-26245D158954} - System32\Tasks\{D608A33C-8691-4F96-972C-D6CAA445B8E9} => D:\setup.exe

Task: {98D20B38-81B3-423E-81F7-9617625A3872} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-23] (Google Inc.)

Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe

Task: {C7073DA4-BED3-48B8-9C7B-B6A55663FBCA} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-02-21] ()

Task: {D1F5D817-2068-4A04-ACF1-A3C2801C0065} - System32\Tasks\{6D38E227-9A08-45B5-88BF-242EE930BFC1} => D:\Launch.exe

Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe

Task: {F0ED12D6-CE9C-4527-A7FF-B7114287EC95} - \BackgroundContainer Startup Task No Task File <==== ATTENTION

Task: {F9FCB2E4-2E21-4BD0-BDBB-17CF3CB0F5C8} - System32\Tasks\{84E654FC-DFEE-48F2-A5D3-F27C36FFF419} => D:\Launch.exe

Task: {FB9FC6E2-FE96-49C6-A5FB-8828D8557930} - \pricemetertask No Task File <==== ATTENTION

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

 

==================== Loaded Modules (whitelisted) =============

 

2011-02-09 01:56 - 2011-02-09 01:56 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll

2013-09-20 22:03 - 2013-09-20 22:03 - 00031344 _____ () C:\Program Files (x86)\wrapper_inst\file_to_run.exe

2012-01-19 22:33 - 2014-06-30 12:53 - 01404120 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll

2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll

2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll

2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

2012-11-18 13:03 - 2012-11-18 13:03 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0ee312cdae6a18e040f873e6419f3db4\IsdiInterop.ni.dll

2011-04-19 22:24 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2014-08-24 15:29 - 2014-08-07 04:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll

2014-08-24 15:29 - 2014-08-07 04:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll

2014-08-24 15:29 - 2014-08-07 04:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll

2014-08-24 15:29 - 2014-08-07 04:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll

2014-08-24 15:29 - 2014-08-07 04:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: RapportMgmtService => 2

MSCONFIG\Services: rpcapd => 3

MSCONFIG\Services: ServiceLayer => 3

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: Steam Client Service => 3

MSCONFIG\Services: TomTomHOMEService => 2

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk => C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: Backup Utility TaskTray Tool => "C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe"

MSCONFIG\startupreg: BuffaloTools => C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe

MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE

MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

MSCONFIG\startupreg: My Web Search Bar Search Scope Monitor => "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h

MSCONFIG\startupreg: MyWebSearch Email Plugin => C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe

MSCONFIG\startupreg: NokiaMServer => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray

MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/26/2014 10:11:08 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/26/2014 09:47:54 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/26/2014 06:31:56 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/26/2014 05:42:36 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/26/2014 02:53:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdatem) since QueryServiceConfig API failed

 

System Error:

The system cannot find the file specified.

.

 

Error: (08/26/2014 02:53:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdate) since QueryServiceConfig API failed

 

System Error:

The system cannot find the file specified.

.

 

Error: (08/26/2014 02:53:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddWin32ServiceFiles: Unable to back up image of service Search Protect Service since QueryServiceConfig API failed

 

System Error:

The system cannot find the file specified.

.

 

Error: (08/26/2014 02:53:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddLegacyDriverFiles: Unable to back up image of binary SPPD.

 

System Error:

The system cannot find the file specified.

.

 

Error: (08/26/2014 01:46:31 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532

Faulting module name: QtCore4.dll, version: 4.8.4.0, time stamp: 0x51352df8

Exception code: 0xc0000005

Fault offset: 0x0010ebb3

Faulting process id: 0x1c08

Faulting application start time: 0xmbam.exe0

Faulting application path: mbam.exe1

Faulting module path: mbam.exe2

Report Id: mbam.exe3

 

Error: (08/26/2014 00:28:52 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program mbam.exe version 1.0.0.532 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 196c

 

Start Time: 01cfc12046aae54c

 

Termination Time: 0

 

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

 

Report Id: 181449cf-2d14-11e4-8cd4-1c6f65c60541

 

 

System errors:

=============

Error: (08/26/2014 10:07:50 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 

%%1056

 

Error: (08/26/2014 10:07:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (08/26/2014 10:07:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (08/26/2014 10:07:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (08/26/2014 10:07:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (08/26/2014 10:07:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

 

Error: (08/26/2014 10:05:56 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 

%%1056

 

Error: (08/26/2014 10:05:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (08/26/2014 10:05:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (08/26/2014 10:05:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

 

 

Microsoft Office Sessions:

=========================

Error: (08/26/2014 10:11:08 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/26/2014 09:47:54 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/26/2014 06:31:56 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/26/2014 05:42:36 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/26/2014 02:53:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: 

Details:

AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdatem) since QueryServiceConfig API failed

 

System Error:

The system cannot find the file specified.

 

Error: (08/26/2014 02:53:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: 

Details:

AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdate) since QueryServiceConfig API failed

 

System Error:

The system cannot find the file specified.

 

Error: (08/26/2014 02:53:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: 

Details:

AddWin32ServiceFiles: Unable to back up image of service Search Protect Service since QueryServiceConfig API failed

 

System Error:

The system cannot find the file specified.

 

Error: (08/26/2014 02:53:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: 

Details:

AddLegacyDriverFiles: Unable to back up image of binary SPPD.

 

System Error:

The system cannot find the file specified.

 

Error: (08/26/2014 01:46:31 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbam.exe1.0.0.53253518532QtCore4.dll4.8.4.051352df8c00000050010ebb31c0801cfc122fedc3790C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\QtCore4.dll0066ea90-2d1f-11e4-8cd4-1c6f65c60541

 

Error: (08/26/2014 00:28:52 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: mbam.exe1.0.0.532196c01cfc12046aae54c0C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe181449cf-2d14-11e4-8cd4-1c6f65c60541

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5-2500K CPU @ 3.30GHz

Percentage of memory in use: 52%

Total physical RAM: 4079.39 MB

Available physical RAM: 1939.77 MB

Total Pagefile: 8156.96 MB

Available Pagefile: 5490.85 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:931.42 GB) (Free:749.12 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F4D986DD)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

  • Staff

Hi Martin, 
 
Your logs indicate you have been running the requested tools from your Downloads folder (Running from C:\Users\Martin\Downloads). As per the instructions, all tools must be run directly from the Desktop from now on please. 
 

JRT Program displayed the black box, enter any key to activate scan, the Progress Bars displayed for 2 seconds and disappeared. I waited a few minutes but this program failed to complete, no error messages. I tried again and same thing happened.

Please delete your current copy of JRT (right-click + Delete). Re-download the programme and try again. Let me know how you get on. 
 

However after going back to Google settings/Extensions the malware jollywallet has now gone.

Good. :)
 

It seems my issue has been solved with your kind help, thank you Adam

No problem. We still have a little more work to do. 

 
STEP 1
xEtQetiM.png.pagespeed.ic.6601abWTTy.jpg Uninstall Software

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall.
    • ZoneAlarm Security Toolbar on IE and Chrome
  • Follow the prompts.
  • Reboot if necessary.
     

STEP 2
xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png Farbar Recovery Scan Tool (FRST) Script

  • (!) Navigate to your Downloads folder. Right-click FRST64.exe and click Cut. Navigate to your Desktop, right-click your Desktop and click Paste.
  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start() C:\Program Files (x86)\wrapper_inst\file_to_run.exeHKLM-x32\...\Run: [] => [X]HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\Run: [] => [X]HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\Run: [VoiceMaster] => [X]HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\MountPoints2: D - D:\Launch.exeHKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\MountPoints2: {cc559e94-5585-11e1-9a14-1c6f65c60541} - H:\LaunchU3.exe -aGroupPolicy: Group Policy on Chrome detected <======= ATTENTIONGroupPolicyUsers\S-1-5-21-2497641722-1424367119-3422776657-1005\User: Group Policy restriction detected <======= ATTENTIONSearchScopes: HKLM - {B0C31C54-4775-48C9-9045-7D46E172A44B} URL = SearchScopes: HKLM-x32 - {9EC485FA-C11E-474E-8E6F-DD5C55EFC99C} URL = Toolbar: HKLM-x32 - No Name - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} -  No FileFF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONR2 pcregservice; C:\Program Files (x86)\wrapper_inst\file_to_run.exe [31344 2013-09-20] ()C:\Program Files (x86)\wrapper_inst\2014-08-26 13:45 - 2013-09-20 22:03 - 00000000 ____D () C:\Program Files\wrapper_inst2014-08-25 16:49 - 2014-08-25 16:49 - 01296096 _____ (VideoPerformer) C:\Users\Martin\Downloads\VideoPerformerSetup.exeTask: {3B642E53-27B9-4B28-8287-4503C5BBB5A3} - \pricemeterwatcher No Task File <==== ATTENTIONTask: {2627A67C-55B4-400B-9F0D-EA04FA709680} - System32\Tasks\pcreg => C:\Program Files\wrapper_inst\service.exeTask: {F0ED12D6-CE9C-4527-A7FF-B7114287EC95} - \BackgroundContainer Startup Task No Task File <==== ATTENTIONTask: {FB9FC6E2-FE96-49C6-A5FB-8828D8557930} - \pricemetertask No Task File <==== ATTENTIONTask: {038140A9-D0DA-4B00-B3EB-C6B53B7BD2C0} - System32\Tasks\IHUninstallTrackingTASK => CMD2014-07-27 20:57 - 2014-07-27 20:57 - 00056375 _____ () C:\Users\Callum\Downloads\EuroTruckSimulator2_1_10_1_setup.exe.torrent2014-07-27 20:47 - 2014-07-27 20:47 - 00516296 _____ (Popeller, sl) C:\Users\Callum\Downloads\Euro Truck Simulator 2 (7).exe2014-07-27 20:43 - 2014-07-27 20:43 - 00516296 _____ (Popeller, sl) C:\Users\Callum\Downloads\Euro Truck Simulator 2 (6).exe2014-07-27 20:42 - 2014-07-27 20:42 - 00516296 _____ (Popeller, sl) C:\Users\Callum\Downloads\Euro Truck Simulator 2 (5).exe2014-07-27 20:38 - 2014-07-27 20:38 - 00516296 _____ (Popeller, sl) C:\Users\Callum\Downloads\Euro Truck Simulator 2 (4).exeFolder: C:\Users\Martin\AppData\Local\{BBD73DC1-3AF5-4DC4-AEFD-1DF4104BFCA8}Folder: C:\Users\Martin\.nbiFolder: C:\ProgramData\ShoppingDealFactoryFolder: C:\ProgramData\ffd8e8a8a13f665bCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetCMD: bitsadmin /reset /allusersEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 3
xnWhGEI3.png.pagespeed.ic.cDN7g2AqT7.png VirusTotal Upload

  • Please go to VirusTotal.com.
  • Click Choose File and locate the following file:
    • C:\Windows\System32\Tasks\{48F43E3A-9C7A-4535-87A1-033D6EE7FF1F}
  • Click Scan it!.
  • If you receive the following notification: File already analysed click Reanalyse.
  • Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply. 
  • Please do the same for the files below:
    • C:\Windows\System32\Tasks\{9D4A2211-7B31-4A21-8019-D4F06E80C889}
       

STEP 4
YjhLJro.png.pagespeed.ce.__mK8JaB4j.png SystemLook

  • Please download SystemLook (x64) and save the file to your Desktop.
  • Right-Click SystemLook_x64.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Copy the entire contents of the codebox below and paste into the textfield.
    :filefind*mywebsearch*​:folderfind*mywebsearch*:regfindmywebsearch 
  • Click the xJi0XpU4.png.pagespeed.ic.rkYoTeR5E5.png button to start the scan.
  • Upon completion, a log (SystemLook.txt) will open. Copy the contents of the log and paste in your next reply.
  • Click the xOCFv7xc.png.pagespeed.ic.8zW6PCGeOh.png button. 
     

======================================================

STEP 5
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Could you run JRT?
  • Fixlog.txt
  • VirusTotal Results
  • SystemLook.txt
Link to post
Share on other sites

Hi Adam,

I did send an email reply to your last post explaining I now have a more serious problem with my PC totally unrelated to the help you have been providing.

I am posting here to make doubly sure you have that information.

My PC may not be operable till next Tuesday, as someone has to visit to repair. Currently my PC is showing a black screen saying" missing operating system" after I entered the Bios Menu.

If I am able to use my desktop, I will post again on Tuesday.

 

Regards

Martin

Link to post
Share on other sites

  • Staff

Hi Martin, 
 
No, I did not receive your email. Please do not respond to emails notifying you of a new post; the emails are part of a "no reply" automated system. All responses should be posted directly in this thread.
 
Why did you enter the BIOS? Did you change any settings? 
Please verify that the boot order in your BIOS is correct. The HDD with your OS should be first. 
 
If this does not solve your issue, I would continue as planned, and have someone take a look in person. 
 
Either way, I will keep this thread open for the time being. Please keep me informed. :)

Link to post
Share on other sites

Hi Adam. PC is now operable again and I am running through your instructions.

 

JRT Removal tool still not operating

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014 02

Ran by Martin at 2014-09-03 21:52:59 Run:1

Running from C:\Users\Martin\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

() C:\Program Files (x86)\wrapper_inst\file_to_run.exe

HKLM-x32\...\Run: [] => [X]

HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\Run: [] => [X]

HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\Run: [VoiceMaster] => [X]

HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\MountPoints2: D - D:\Launch.exe

HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\...\MountPoints2: {cc559e94-5585-11e1-9a14-1c6f65c60541} - H:\LaunchU3.exe -a

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

GroupPolicyUsers\S-1-5-21-2497641722-1424367119-3422776657-1005\User: Group Policy restriction detected <======= ATTENTION

SearchScopes: HKLM - {B0C31C54-4775-48C9-9045-7D46E172A44B} URL = 

SearchScopes: HKLM-x32 - {9EC485FA-C11E-474E-8E6F-DD5C55EFC99C} URL = 

Toolbar: HKLM-x32 - No Name - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} -  No File

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

R2 pcregservice; C:\Program Files (x86)\wrapper_inst\file_to_run.exe [31344 2013-09-20] ()

C:\Program Files (x86)\wrapper_inst\

2014-08-26 13:45 - 2013-09-20 22:03 - 00000000 ____D () C:\Program Files\wrapper_inst

2014-08-25 16:49 - 2014-08-25 16:49 - 01296096 _____ (VideoPerformer) C:\Users\Martin\Downloads\VideoPerformerSetup.exe

Task: {3B642E53-27B9-4B28-8287-4503C5BBB5A3} - \pricemeterwatcher No Task File <==== ATTENTION

Task: {2627A67C-55B4-400B-9F0D-EA04FA709680} - System32\Tasks\pcreg => C:\Program Files\wrapper_inst\service.exe

Task: {F0ED12D6-CE9C-4527-A7FF-B7114287EC95} - \BackgroundContainer Startup Task No Task File <==== ATTENTION

Task: {FB9FC6E2-FE96-49C6-A5FB-8828D8557930} - \pricemetertask No Task File <==== ATTENTION

Task: {038140A9-D0DA-4B00-B3EB-C6B53B7BD2C0} - System32\Tasks\IHUninstallTrackingTASK => CMD

2014-07-27 20:57 - 2014-07-27 20:57 - 00056375 _____ () C:\Users\Callum\Downloads\EuroTruckSimulator2_1_10_1_setup.exe.torrent

2014-07-27 20:47 - 2014-07-27 20:47 - 00516296 _____ (Popeller, sl) C:\Users\Callum\Downloads\Euro Truck Simulator 2 (7).exe

2014-07-27 20:43 - 2014-07-27 20:43 - 00516296 _____ (Popeller, sl) C:\Users\Callum\Downloads\Euro Truck Simulator 2 (6).exe

2014-07-27 20:42 - 2014-07-27 20:42 - 00516296 _____ (Popeller, sl) C:\Users\Callum\Downloads\Euro Truck Simulator 2 (5).exe

2014-07-27 20:38 - 2014-07-27 20:38 - 00516296 _____ (Popeller, sl) C:\Users\Callum\Downloads\Euro Truck Simulator 2 (4).exe

Folder: C:\Users\Martin\AppData\Local\{BBD73DC1-3AF5-4DC4-AEFD-1DF4104BFCA8}

Folder: C:\Users\Martin\.nbi

Folder: C:\ProgramData\ShoppingDealFactory

Folder: C:\ProgramData\ffd8e8a8a13f665b

CMD: ipconfig /flushdns

CMD: netsh winsock reset all

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

CMD: bitsadmin /reset /allusers

EmptyTemp:

end

*****************

 

[3024] C:\Program Files (x86)\wrapper_inst\file_to_run.exe => Process closed successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect" => Value not found.

HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\Software\Microsoft\Windows\CurrentVersion\Run\\VoiceMaster => value deleted successfully.

"HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-2497641722-1424367119-3422776657-1000" => Key not found.

"HKU\S-1-5-21-2497641722-1424367119-3422776657-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc559e94-5585-11e1-9a14-1c6f65c60541}" => Key deleted successfully.

"HKCR\CLSID\{cc559e94-5585-11e1-9a14-1c6f65c60541}" => Key not found.

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.

C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.

C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2497641722-1424367119-3422776657-1005\User => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B0C31C54-4775-48C9-9045-7D46E172A44B}" => Key deleted successfully.

"HKCR\CLSID\{B0C31C54-4775-48C9-9045-7D46E172A44B}" => Key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9EC485FA-C11E-474E-8E6F-DD5C55EFC99C}" => Key not found.

"HKCR\Wow6432Node\CLSID\{9EC485FA-C11E-474E-8E6F-DD5C55EFC99C}" => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D} => value deleted successfully.

"HKCR\Wow6432Node\CLSID\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}" => Key not found.

"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

pcregservice => Service deleted successfully.

C:\Program Files (x86)\wrapper_inst => Moved successfully.

C:\Program Files\wrapper_inst => Moved successfully.

"C:\Users\Martin\Downloads\VideoPerformerSetup.exe" => File/Directory not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B642E53-27B9-4B28-8287-4503C5BBB5A3}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B642E53-27B9-4B28-8287-4503C5BBB5A3}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pricemeterwatcher" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2627A67C-55B4-400B-9F0D-EA04FA709680}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2627A67C-55B4-400B-9F0D-EA04FA709680}" => Key deleted successfully.

C:\Windows\System32\Tasks\pcreg => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F0ED12D6-CE9C-4527-A7FF-B7114287EC95}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0ED12D6-CE9C-4527-A7FF-B7114287EC95}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB9FC6E2-FE96-49C6-A5FB-8828D8557930}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB9FC6E2-FE96-49C6-A5FB-8828D8557930}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pricemetertask" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{038140A9-D0DA-4B00-B3EB-C6B53B7BD2C0}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{038140A9-D0DA-4B00-B3EB-C6B53B7BD2C0}" => Key deleted successfully.

C:\Windows\System32\Tasks\IHUninstallTrackingTASK => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IHUninstallTrackingTASK" => Key deleted successfully.

C:\Users\Callum\Downloads\EuroTruckSimulator2_1_10_1_setup.exe.torrent => Moved successfully.

C:\Users\Callum\Downloads\Euro Truck Simulator 2 (7).exe => Moved successfully.

C:\Users\Callum\Downloads\Euro Truck Simulator 2 (6).exe => Moved successfully.

C:\Users\Callum\Downloads\Euro Truck Simulator 2 (5).exe => Moved successfully.

C:\Users\Callum\Downloads\Euro Truck Simulator 2 (4).exe => Moved successfully.

 

========================= Folder: C:\Users\Martin\AppData\Local\{BBD73DC1-3AF5-4DC4-AEFD-1DF4104BFCA8} ========================

 

 

====== End of Folder: ======

 

 

========================= Folder: C:\Users\Martin\.nbi ========================

 

2014-08-26 11:05 - 2014-08-26 11:05 - 0002371 _____ () C:\Users\Martin\.nbi\registry.xml

2014-08-26 11:05 - 2014-08-26 11:05 - 0000000 ____D () C:\Users\Martin\.nbi\downloads

2014-08-26 11:05 - 2014-08-26 11:06 - 0000000 ____D () C:\Users\Martin\.nbi\log

2014-08-26 11:05 - 2014-08-26 11:05 - 0021938 _____ () C:\Users\Martin\.nbi\log\20140826110520.log

2014-08-26 11:06 - 2014-08-26 11:06 - 0019654 _____ () C:\Users\Martin\.nbi\log\20140826110612.log

2014-08-26 11:05 - 2014-08-26 11:05 - 0000000 ____D () C:\Users\Martin\.nbi\product-cache

2014-08-26 11:05 - 2014-08-26 11:05 - 0000000 ____D () C:\Users\Martin\.nbi\wd

 

====== End of Folder: ======

 

 

========================= Folder: C:\ProgramData\ShoppingDealFactory ========================

 

2014-08-25 15:46 - 2014-08-25 15:46 - 0381799 _____ (Igor Pavlov) C:\ProgramData\ShoppingDealFactory\ShoppingDealFactory.exe

 

====== End of Folder: ======

 

 

========================= Folder: C:\ProgramData\ffd8e8a8a13f665b ========================

 

2014-08-25 09:47 - 2014-08-25 09:47 - 0000494 _____ () C:\ProgramData\ffd8e8a8a13f665b\c6fe71eb0df19321edd27c3d4f44f9c9.ini

 

====== End of Folder: ======

 

 

=========  ipconfig /flushdns =========

 

'ipconfig' is not recognized as an internal or external command,

operable program or batch file.

 

========= End of CMD: =========

 

 

=========  netsh winsock reset all =========

 

'netsh' is not recognized as an internal or external command,

operable program or batch file.

 

========= End of CMD: =========

 

 

=========  netsh int ipv4 reset =========

 

'netsh' is not recognized as an internal or external command,

operable program or batch file.

 

========= End of CMD: =========

 

 

=========  netsh int ipv6 reset =========

 

'netsh' is not recognized as an internal or external command,

operable program or batch file.

 

========= End of CMD: =========

 

 

=========  bitsadmin /reset /allusers =========

 

'bitsadmin' is not recognized as an internal or external command,

operable program or batch file.

 

========= End of CMD: =========

 

EmptyTemp: => Removed 16.1 GB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

 

These Files are not being found for Virustotal.com to scan, I am searching in local disc C:


  • C:\Windows\System32\Tasks\{48F43E3A-9C7A-4535-87A1-033D6EE7FF1F}

          C:\Windows\System32\Tasks\{9D4A2211-7B31-4A21-8019-D4F06E80C889}

 

Result of System look

C:\Windows\System32\Tasks\{9D4A2211-7B31-4A21-8019-D4F06E80C889}

 

 

The man who got my PC up and running again did so very quickly but I did mention I lost use of PC because I wanted to Download IE11 as PC is on IE9. Note: by entering the bios menu, I messed up PC, not the downloading of IE11.

It is proving difficult to download with windows update along with 3 other files windows update is showing. Thought I would mention this, the computer guy has left to do a bit more research. I realise this is a seperate issue to the one your helping me with.

 

Regards Martin.

Link to post
Share on other sites

  • Staff

Hi Martin, 

 

Two people working on the same machine at the same time will only create additional issues. I do not believe it is in your interest if I continue to provide assistance whilst your computer Tech is working on the machine. 

 

I recommend you continue with the computer Tech. Any malware or non-malware issues should be resolved with the assistance of this computer Tech. If not, you are more than welcome to return here. 

 

Please let me know your thoughts on the above. If you are agreeable, this topic can be closed. 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.