Jump to content

Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Mark (administrator) on MARK-PC on 23-01-2002 23:58:08
Running from C:\Users\Mark\Desktop
Loaded Profiles: Mark (Available profiles: Mark & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
() C:\Program Files (x86)\Belkin\F9L1101\V1\wlansrv.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKLM-x32\...\Run: [RoccatKoneXTD] => C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2013-10-25] (ROCCAT GmbH)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-17] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-4011825315-3729900668-71547304-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-4011825315-3729900668-71547304-1000\...\Run: [MobileAppSync] => "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
HKU\S-1-5-21-4011825315-3729900668-71547304-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-4011825315-3729900668-71547304-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-4011825315-3729900668-71547304-1000\...\MountPoints2: {d52b2cc9-2504-11e3-84e6-806e6f6e6963} - E:\setup.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-4011825315-3729900668-71547304-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4011825315-3729900668-71547304-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:49635;https=127.0.0.1:49635
ProxyServer: [HKLM-x32] => http=127.0.0.1:49635;https=127.0.0.1:49635
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Deal4REAl -> {9CFC1320-5114-7B27-0A02-FE2E77EBAA17} -> C:\ProgramData\Deal4REAl\2R_1IEV.x64.dll No File
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4011825315-3729900668-71547304-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

 

FireFox:
========
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4011825315-3729900668-71547304-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mark\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: deal4real - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\Extensions\a@fPX.org [2014-11-30]
FF Extension: ddeal4reaal - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\Extensions\bcsvce0n4a8@uaooy-fmdov.edu [2014-11-30]
FF Extension: websaver - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\Extensions\ozjB@RXZ.edu [2014-11-30]
FF Extension: FlexibleShopper - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\Extensions\Q@LeSc5BzRfN.org [2014-11-30]
FF Extension: redirectcleanerexamplenet - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\Extensions\redirectcleaner@example.net [2014-11-22]
FF Extension: Couuponnppeak - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\Extensions\ryb3qjph@lzzsp.org [2014-11-30]
FF Extension: sharemenotfranziroesnercom - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\Extensions\sharemenot@franziroesner.com [2014-11-22]
FF Extension: skipcerterrorfoudilfr - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\Extensions\skipcerterror@foudil.fr [2014-11-26]
FF Extension: WWoweCouepoon - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\Extensions\tudh@awbd.com [2014-11-30]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-25]
CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-25]
CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-25]
CHR Extension: (Google Search) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-25]
CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-25]
CHR HKLM-x32\...\Chrome\Extension: [lpadbdkobbgjgonnfnipfngifldcdfin] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7-SAT\CRX\ToolbarCR.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-07-01] (BitRaider, LLC)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-11-14] (EasyAntiCheat Ltd)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1580448 2014-12-03] (Echobit LLC)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-07-20] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2014-07-20] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WLANBelkinService; C:\Program Files (x86)\Belkin\F9L1101\V1\wlansrv.exe [86016 2012-10-05] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1600064 2011-06-08] (Ralink Technology Corp.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-07-01] (BitRaider)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-06-08] (Echobit, LLC)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-12-06] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows..
[6:54:09 PM] Alex Camero (Chuckebee): ; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2002-01-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

 

 

 

 

 

 

 

 

>ADDITION.TXT - Start <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<START> ADDITION.TXT

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by Mark at 2002-01-23 23:53:31
Running from C:\Users\Mark\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{553255F3-78FD-40F1-A6F8-6882140265FE}) (Version: 1.2.1 - Apple Inc.)
Ask Shopping Toolbar (HKLM-x32\...\{4F524A2D-5637-2D53-4154-A758B70C0F01}) (Version: 12.15.1.15 - APN, LLC) <==== ATTENTION
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C0F01}) (Version: 12.15.1.16 - APN, LLC) <==== ATTENTION
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin)
Belkin USB Wireless Adapter (x32 Version: 1.0.0.13 - Belkin) Hidden
Belkin USB Wireless Adaptor (HKLM-x32\...\InstallShield_{6E016C56-820F-4B2D-A36F-34CCADF90C16}) (Version: 1.0.0.09 - Belkin)
Belkin USB Wireless Adaptor (x32 Version: 1.0.0.09 - Belkin) Hidden
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)
CastleMiner Z (HKLM-x32\...\Steam App 253430) (Version:  - DigitalDNA Games LLC)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version:  - )
Defiance (HKLM-x32\...\Steam App 224600) (Version:  - Trion Worlds, Inc.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
DriverIdentifier 4.2.7 (HKLM-x32\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version:  - DriverIdentifier)
Eldritch (HKLM-x32\...\Steam App 252630) (Version:  - Minor Key Games)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.9 - Echobit, LLC)
Evolve (HKLM-x32\...\Steam App 273350) (Version:  - Turtle Rock Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Far Cry (HKLM-x32\...\Steam App 13520) (Version:  - Crytek Studios)
Far Cry 2 (HKLM-x32\...\Steam App 19900) (Version:  - Ubisoft Montreal)
Firefall (HKLM-x32\...\Steam App 227700) (Version:  - Red 5 Studios)
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel® Network Connections 19.5.303.0 (HKLM\...\PROSetDX) (Version: 19.5.303.0 - Intel)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.45.1.3 - Marvell)
Mavis Beacon Teaches Typing North America Family (6.3.0.6) (HKLM-x32\...\Mavis Beacon Teaches Typing) (Version:  - Encore Software)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219..

 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}) (Version: 7.66.71.0 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.)
ROBLOX Studio 2013 for Mark (HKU\S-1-5-21-4011825315-3729900668-71547304-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
ROCCAT Kone XTD Mouse Driver (HKLM-x32\...\{7133137D-DF48-4522-AD88-13C82B7D0A63}) (Version:  - Roccat GmbH)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Source SDK Base 2013 Multiplayer (HKLM-x32\...\Steam App 243750) (Version:  - )
Spore (HKLM-x32\...\Steam App 17390) (Version:  - Maxis™)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.46 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
The Stomping Land (HKLM\...\UDK-778ba32b-719d-40b3-a83d-9bfa7b17ea6d) (Version:  - Epic Games, Inc.)
The Stomping Land (HKLM-x32\...\Steam App 263440) (Version:  - SuperCrit)
Thief (HKLM-x32\...\Steam App 239160) (Version:  - Eidos-Montréal)
Tom Clancy's Ghost Recon Phantoms - NA (HKLM-x32\...\Steam App 243870) (Version:  - Ubisoft Singapore)
Tribes: Ascend (HKLM-x32\...\Steam App 17080) (Version:  - Hi-Rez Studios)
Unity Web Player (HKU\S-1-5-21-4011825315-3729900668-71547304-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-4011825315-3729900668-71547304-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Zip Extractor Packages (HKU\S-1-5-21-4011825315-3729900668-71547304-1000\...\Zip Extractor Packages) (Version:  - ) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

06-12-2014 15:19:52 Installed Microsoft Fix it 50267
06-12-2014 16:42:34 Checkpoint by HitmanPro
06-12-2014 16:43:27 Checkpoint by HitmanPro
06-12-2014 16:52:02 Installed Microsoft Fix it 50267
07-12-2014 13:40:53 Windows Update
13-12-2014 14:00:54 Windows Update
13-12-2014 15:26:34 Installed DirectX
14-12-2014 09:17:26 Windows Update
18-12-2014 18:07:54 Windows Update
20-12-2014 14:09:55 Installed Intel® Network Connections.
20-12-2014 15:26:35 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
24-12-2014 12:40:50 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2013-09-03 17:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {155A1F71-38E7-4591-9723-466517573057} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-25] (Google Inc.)
Task: {15A3AD72-D756-44F1-A715-5B8773BA0FC9} - System32\Tasks\{5AE11EE6-A7CC-4731-9AF3-51FE4CA02382} => Chrome.exe http://ui.skype.com/ui/0/6.18.0.106/en/go/help.faq.installer?LastError=1603
Task: {27B4E8D4-FE23-4596-B556-7ED1A7C78443} - System32\Tasks\{55074885-D820-4ED5-9950-F4B412984072} => pcalua.exe -a C:\Users\Mark\AppData\Roaming\istart123\UninstallManager.exe -c  -ptid=tugs
Task: {58A5CFCD-BF37-4A25-946C-24B3CD9A86EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-13] (Adobe Systems Incorporated)
Task: {95B814D3-A004-44FA-8578-284F98AE720C} - System32\Tasks\{C2670687-9EB4-4521-B0AD-2DBFB4BB98E8} => pcalua.exe -a "G:\Save me\iata_enu_10.8.0.1003.exe" -d "G:\Save me"
Task: {BCC9E3AF-A8AF-4D88-A843-E1B69D54E1BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-25] (Google Inc.)
Task: {CEFA9B39-9A27-4F08-8D7B-E6177655C792} - \DonutQuotes No Task File <==== ATTENTION
Task: {E07534CE-A7C7-4536-BF5A-FC65BA507BF8} - \Optimizer Pro Schedule No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-27 20:17 - 2013-04-15 11:50 - 00198144 _____ () C:\Windows\System32\HP1006LM.DLL
2014-01-27 20:17 - 2013-04-15 11:50 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1006PP.dll
2013-12-23 15:46 - 2014-07-20 18:59 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-12-23 15:46 - 2014-07-20 18:59 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2012-10-05 10:11 - 2012-10-05 10:11 - 00086016 ____N () C..   [NEW PASTE]

 

 

:\Program Files (x86)\Belkin\F9L1101\V1\wlansrv.exe
2013-08-28 18:23 - 2013-08-28 18:23 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-08-10 12:58 - 2014-11-14 20:28 - 00306176 _____ () C:\Users\Mark\AppData\Roaming\.technic\modpacks\ihascupquake-minecraft-oasis\bin\natives\lwjgl64.dll
2014-08-10 12:58 - 2014-11-14 20:28 - 00382464 _____ () C:\Users\Mark\AppData\Roaming\.technic\modpacks\ihascupquake-minecraft-oasis\bin\natives\OpenAL64.dll
2014-05-14 10:45 - 2014-05-14 10:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2013-08-28 18:25 - 2013-08-28 18:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-12-26 12:17 - 2012-06-17 11:20 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\hiddriver.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Belkin USB Wireless Adaptor Utility.lnk => C:\Windows\pss\Belkin USB Wireless Adaptor Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

========================= Accounts: ==========================

Admin (S-1-5-21-4011825315-3729900668-71547304-1095 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-4011825315-3729900668-71547304-500 - Administrator - Disabled)
Guest (S-1-5-21-4011825315-3729900668-71547304-501 - Limited - Disabled)
Mark (S-1-5-21-4011825315-3729900668-71547304-1000 - Administrator - Enabled) => C:\Users\Mark

==================== Faulty Device Manager Devices =============

Name: Intel® 82578DC Gigabit Network Connection
Description: Intel® 82578DC Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1kexpress
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2002 11:03:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2002 10:05:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2002 09:57:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2002 07:29:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Gw2.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ddc

Start Time: 01c1a3ad5aa2c5bb

Termination Time: 1

Application Path: C:\Program Files (x86)\Guild Wars 2\Gw2.exe

Report Id:

Error: (01/22/2002 00:35:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2002 01:47:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2002 09:17:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2002 09:09:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2002 07:07:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2002 06:45:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/23/2002 11:01:42 PM) (Source: e1kexpress) (EventID: 24) (User: )
Description: Intel® 82578DC Gigabit Network Connection

PROBLEM: Unable to start the network adapter.

ACTION: Install the latest driver from "http://www.intel.com/support/go/network/adapter/home.htm".

Error: (01/22/2002 11:03:59 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (01/22/2002 09:56:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:41:37 PM on ‎1/‎22/‎2002 was unexpected.

Error: (01/22/2002 00:33:40 PM) (Source: e1kexpress) (EventID: 24) (User: )
Description: Intel® 82578DC Gigabit Network Connection

PROBLEM: Unable to start the network adapter.

ACTION: Install the latest driver from "http://www.intel.com/support/go/network/adapter/home.htm".

Error: (01/21/2002 04:28:33 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (01/21/2002 04:28:33 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (01/21/2002 04:28:33 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (01/21/2002 01:46:14 PM) (Source: e1kexpress) (EventID: 24) (User..  [NEW PASTE]

 

: )
Description: Intel® 82578DC Gigabit Network Connection

PROBLEM: Unable to start the network adapter.

ACTION: Install the latest driver from "http://www.intel.com/support/go/network/adapter/home.htm".

Error: (01/21/2002 01:46:16 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:56:29 AM on ‎1/‎21/‎2002 was unexpected.

Error: (01/18/2002 09:08:03 PM) (Source: e1kexpress) (EventID: 24) (User: )
Description: Intel® 82578DC Gigabit Network Connection

PROBLEM: Unable to start the network adapter.

ACTION: Install the latest driver from "http://www.intel.com/support/go/network/adapter/home.htm".


Microsoft Office Sessions:
=========================
Error: (01/23/2002 11:03:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2002 10:05:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2002 09:57:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2002 07:29:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Gw2.exe1.0.0.1ddc01c1a3ad5aa2c5bb1C:\Program Files (x86)\Guild Wars 2\Gw2.exe

Error: (01/22/2002 00:35:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2002 01:47:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2002 09:17:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2002 09:09:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2002 07:07:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2002 06:45:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Core i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 61%
Total physical RAM: 4087.12 MB
Available physical RAM: 1563.34 MB
Total Pagefile: 8172.41 MB
Available Pagefile: 4437.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:47.76 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D584AC53)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

 

Link to post
Share on other sites

Hello and welcome!

I'm Radek and I'll try to help you with your issue.

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.


51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.

  • First of all select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/27/2014
Scan Time: 8:45:31 AM
Logfile: poop.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.27.04
Rootkit Database: v2014.12.23.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mark

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 369352
Time Elapsed: 42 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Hi :)

 

 

 
RogueKiller.png Scan with RogueKiller
 
Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on RogueKiller.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
Accept the Terms of use.
When the Scan button becomes available, please click it. RogueKiller will start a full scan.
Let this process run uninterrupted!.
When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please include the content of this logfile in your next reply.
Link to post
Share on other sites

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mark [Administrator]
Mode : Scan -- Date : 01/30/2002  15:04:16

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 34 ¤¤¤
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BRDriver64 (\??\C:\ProgramData\BitRaider\BRDriver64.sys) -> Found
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BRSptSvc ("C:\ProgramData\BitRaider\BRSptSvc.exe") -> Found
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BRDriver64 (\??\C:\ProgramData\BitRaider\BRDriver64.sys) -> Found
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BRSptSvc ("C:\ProgramData\BitRaider\BRSptSvc.exe") -> Found
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BRDriver64 (\??\C:\ProgramData\BitRaider\BRDriver64.sys) -> Found
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BRSptSvc ("C:\ProgramData\BitRaider\BRSptSvc.exe") -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49635;https=127.0.0.1:49635  -> Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49635;https=127.0.0.1:49635  -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Found
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com  -> Found
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 207.177.74.108 207.177.74.118 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 207.177.74.108 207.177.74.118 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5C743226-CE00-46F7-9488-E0DFB8984897} | DhcpNameServer : 207.177.74.108 207.177.74.118 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7EE31E23-8AC2-4A01-8830-C3ABB7C2DC3D} | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BA49153F-2D13-4AC5-9205-ACBC0B2C3C8E} | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5C743226-CE00-46F7-9488-E0DFB8984897} | DhcpNameServer : 207.177.74.108 207.177.74.118 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7EE31E23-8AC2-4A01-8830-C3ABB7C2DC3D} | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BA49153F-2D13-4AC5-9205-ACBC0B2C3C8E} | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5C743226-CE00-46F7-9488-E0DFB8984897} | DhcpNameServer : 207.177.74.108 207.177.74.118 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7EE31E23-8AC2-4A01-8830-C3ABB7C2DC3D} | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{BA49153F-2D13-4AC5-9205-ACBC0B2C3C8E} | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721050CLA362 ATA Device +++++
--- User ---
[MBR] 10b28f7c4cd11571d1c0f9f931fd5d99
[bSP] 0d32bbfe79531a6bdd35ed963f8c7646 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 

Link to post
Share on other sites

Something is forcing us to use a proxy through the browser... but the proxy server cannot be reached.

 

The machine has connectivity, I know because skype works, but the browser can not.

 

I go into Internet Settings to deselect using a proxy, but never can save the settings. No matter what we do we are unable to save the proxy settings in Internet Settings.

Link to post
Share on other sites

OK, let's start removal.

remove%20outdated.jpg Uninstall some programs

We need to uninstall some programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time
The list of programs to uninstall:
  • Ask Shopping Toolbar
  • Ask Toolbar
  • Zip Extractor Packages
Pay special attention when uninstalling, some of the programs may have checkboxes that will either install others instead or ask you to leave them installed!

After completing uninstalls, please manually reboot your machine!

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    createsrpoint;[-HKLM\SOFTWARE\Policies\Google];r64[-HKU\S-1-5-21-4011825315-3729900668-71547304-1000\SOFTWARE\Policies\Google];r64[-HKU\S-1-5-21-4011825315-3729900668-71547304-1000\SOFTWARE\Policies\Microsoft\Internet Explorer];r64resetieproxy;{9CFC1320-5114-7B27-0A02-FE2E77EBAA17};cC:\ProgramData\Deal4REAl;fs emptyclsid;C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml;fdeal4real;ffddeal4reaal;ff websaver;ffFlexibleShopper;ffredirectcleanerexamplenet;ffCouuponnppeak;ffskipcerterrorfoudilfr;ffWWoweCouepoon;ffsharemenotfranziroesnercom;ffC:\ProgramData\AskPartnerNetwork;fs{4F524A2D-5637-2D53-4154-A758B70C0F01};clpadbdkobbgjgonnfnipfngifldcdfin;chr{CEFA9B39-9A27-4F08-8D7B-E6177655C792};c{E07534CE-A7C7-4536-BF5A-FC65BA507BF8};cautoclean;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Please include its content in your next reply.

Don't forget to re-enable your switched-off protection software!

Link to post
Share on other sites

Zoek.exe v5.0.0.0 Updated 10-February-2015
Tool run by Mark on Fri 02/01/2002 at 17:46:33.62.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Mark\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

2/1/2002 5:49:43 PM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\656C4FBB-6D62-4880-9183-2D9C3161E1B6 deleted successfully
C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\couepponpaeaakk deleted successfully
C:\PROGRA~2\websaver deleted successfully
C:\Program Files\010 deleted successfully
C:\PROGRA~3\AVAST Software deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\Mark\AppData\Roaming\Toribash deleted successfully
C:\Users\Mark\AppData\Local\Adobe deleted successfully
C:\Users\Mark\AppData\Local\DigitalDNA Games deleted successfully
C:\Users\Mark\AppData\Local\WarThunder deleted successfully
C:\Users\Mark\AppData\Local\WordOv deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0F4496B7-5BFA-4FB2-BBFD-8547C4770D6D} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10F11E9D-6224-4145-8A8A-B6EB21EE5978} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{216DB24A-514B-4A98-9F54-2E9D1CDEF3D} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2388880C-4A44-4B20-A85B-E8F5FFB7996F} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{25B20D62-D1E6-4662-B6B9-34E2D59034F0} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AD76689-50B5-4E4D-B40B-9C73FC9CB962} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BC41D5C-1A26-45E3-8D9F-EFF48DD5AB1F} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C68047E-F549-4EFA-989F-89A4FB49EB78} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{324D7221-32E1-4564-BD99-3D81CFB62D3A} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35ECDB46-F90E-447C-B009-BC879E747E32} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43B2CE59-F0A5-4EDA-97C8-A9E290A9468E} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C45B980-D4A4-4942-89CE-C035BABED69} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D6E440E-3DA8-49C8-A2C8-53054BF1464B} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{533C94F3-C50E-4B39-AD21-1846F5789858} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{563A02C9-5BDE-4782-84C5-6A0BF69DF9E3} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5AC34228-2FE0-4223-9EB7-56BA3D9B5468} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B54177C-D7DB-4AF7-ABD2-7C84EBE7D535} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AE852-BDB0-4B07-A1A7-D38D30413F1C} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D3038BB-C1ED-4DEA-923D-2ABA8E16AA} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90C91B17-21A7-4A98-94BA-3D397AD579D2} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92FC1AC4-8840-443A-B817-34416A86B8B8} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{935D232B-452-467C-B841-5424D8B9E364} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94BCF6FE-EA50-4F94-B9BB-F070B24EACA7} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94E4E871-0D6B-4C59-BE3E-6BA1B3F7210E} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9D38351C-C848-4B62-B481-5C9F68E5FA19} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7C4CB10-5782-49C9-B046-E62F16ED95B9} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B0F6F4E5-D63B-4186-96E8-02888F334836} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B6244E89-E2B3-4D7A-BE6F-A255329BE144} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D6BCA7E1-4F13-4591-B583-B716AE99D76D} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3CA4C03-73CC-46E2-B1C4-20F85B2A480C} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9006AF1-3C8B-4C26-9F49-07EFD35E12C8} deleted successfully
HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF4FC184-DF15-4268-A1BD-9843C09A0421} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\avg@toolbar deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default

user.js not found
---- Lines extensions.57gSdijMt1dam14y removed from prefs.js ----
user_pref("extensions.57gSdijMt1dam14y.epoch", "1");
user_pref("extensions.57gSdijMt1dam14y.scode", "void(0);");
user_pref("extensions.57gSdijMt1dam14y.url", "http://bestfindallusa.info/sync/?q=C6qUojwGrjs8qHCFpdgHpdk7rTaHqdk6tMZPhd97rjw4rTs8qTn9rHa4qjr6qHU7tNtVh
---- Lines extensions.67yE0mP removed from prefs.js ----
user_pref("extensions.67yE0mP.epoch", "1");
user_pref("extensions.67yE0mP.scode", "void(0);");
user_pref("extensions.67yE0mP.url", "http://liveblackboxfile.info/sync/?q=hfZ9oen9CShEAen0qHC6tMqLDe49CNU0llrMCMlNhd9Fqda4rdCEqjsErTrMAe4UojwEqTCGrTr8
---- Lines extensions.FdZl2EpYbPbKrwYy removed from prefs.js ----
user_pref("extensions.FdZl2EpYbPbKrwYy.epoch", "1");
user_pref("extensions.FdZl2EpYbPbKrwYy.scode", "void(0);");
user_pref("extensions.FdZl2EpYbPbKrwYy.url", "http://joburn.net/sync/?q=C6qUojwGrjs8qHCFpdgHpdk7rTaHqdk6tMZPhd97rjw4rTs8qTn9rHa4qjr6qHU7tNtVh7n0rjnFrj
---- Lines extensions.KgWoqvspo1DgwxxC removed from prefs.js ----
user_pref("extensions.KgWoqvspo1DgwxxC.epoch", "1");
user_pref("extensions.KgWoqvspo1DgwxxC.scode", "void(0);");
user_pref("extensions.KgWoqvspo1DgwxxC.url", "http://filehelper.co.il/sync/?q=C6qUojwGrjs8qHCFpdgHpdk7rTaHqdk6tMZPhd97rjw4rTs8qTn9rHa4qjr6qHU7tNtVh7n0
---- Lines extensions.lEaDYLi removed from prefs.js ----
user_pref("extensions.lEaDYLi.epoch", "1");
user_pref("extensions.lEaDYLi.scode", "void(0);");
user_pref("extensions.lEaDYLi.url", "http://yourappzzz.com/sync/?q=hfZ9oeqEAGhEAen0qHC6tMqLDe49CNU0llrMCMlNhd9FqdwErjrFqdrErTnMAe4UojkGrja7rTn8rjnMC6q
---- Lines extensions.voomTLz removed from prefs.js ----
user_pref("extensions.voomTLz.epoch", "1");
user_pref("extensions.voomTLz.scode", "void(0);");
user_pref("extensions.voomTLz.url", "http://usamagicbestt.info/sync/?q=hfZ9ofDLDGhEAen0qHC6tMqLDe49CNU0llrMCMlNhd9Fqda5rTnFqjs6rjrMAe4Uojn5pjnErHr9qjn
---- FireFox user.js and prefs.js backups ----

prefs_20020201_0559_.backup

==== Deleting Files \ Folders ======================

C:\Users\Mark\AppData\LocalLow\{25A0FA6D-B658-DA19-CFC8-565FA1DE0249} deleted
C:\Users\Mark\AppData\Local\Packages\windows_ie_ac_001\AC\{25A0FA6D-B658-DA19-CFC8-565FA1DE0249} deleted
C:\PROGRA~2\Mozilla Firefox\browser\nsprotector.js deleted
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml deleted
C:\install.exe deleted
C:\setup.exe deleted
C:\found.000 deleted
C:\Users\Admin\AppData\Roaming\appdataFr2.bin deleted
C:\Users\Mark\AppData\Roaming\WB.CFG deleted
C:\Users\Mark\AppData\Roaming\appdataFr2.bin deleted
C:\PROGRA~3\Avg_Update_0814tb deleted
C:\PROGRA~3\Avg_Update_1114tb deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Mark\AppData\Local\com deleted
C:\Users\Mark\AppData\Local\avgchrome deleted
C:\Users\Mark\AppData\Local\cache deleted
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\Invalidprefs.js deleted
C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\jetpack deleted
C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\extensions\staged deleted
C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\CT3298566 deleted
C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\CT3314312 deleted
C:\Users\Mark\AppData\Local\121391085dsisetup1213958752.exe deleted
C:\Users\Mark\AppData\Local\2025282dsisetup20296352.exe deleted
C:\Users\Mark\AppData\Local\788741dsisetup7946692.exe deleted
C:\Users\Mark\AppData\Local\dsisetup672411102.exe deleted
"C:\Users\Mark\AppData\Local\{178C9DFD-C5FF-4D70-9FCE-14A7E66AC2E5}" deleted
"C:\Users\Mark\AppData\Local\{481E0F5E-5DE4-469E-972C-4E94E144B3CE}" deleted
"C:\Users\Mark\AppData\Local\{4B3A50CF-3B2F-4D43-98F0-E61A63FA6F3B}" deleted
"C:\Users\Mark\AppData\Local\{552599D7-9656-48EB-B91A-BEB8165B5C2C}" deleted
"C:\Users\Mark\AppData\Local\{564BBFA0-3E0D-451F-BC6D-B587806F057E}" deleted
"C:\Users\Mark\AppData\Local\{65AA4E7D-5DC9-4CBA-814A-38BF4C5A3FED}" deleted
"C:\Users\Mark\AppData\Local\{906EE425-A8AE-4D14-8E8F-36D572DC25DB}" deleted
"C:\Users\Mark\AppData\Local\{A2AB5985-0BC8-4D0B-A7A6-193B0222872C}" deleted
"C:\Users\Mark\AppData\Local\{AD71EE06-C743-4BC0-A541-39AFB2524B5D}" deleted
"C:\Users\Mark\AppData\Local\{B6ECC62A-E70A-4FCE-9875-15C2071A189A}" deleted
"C:\Users\Mark\AppData\Local\{EB66841D-F68D-4EE0-8E85-6585E53D0BBB}" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default
user_pref("browser.search.defaultenginename", "Yahoo");
user_pref("browser.search.selectedEngine", "Yahoo");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"firefox@passwordbox.com"="C:\Program Files (x86)\PasswordBox\Firefox" [11/21/2013 06:59 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default
- redirectcleanerexamplenet - %ProfilePath%\extensions\redirectcleaner@example.net
- sharemenotfranziroesnercom - %ProfilePath%\extensions\sharemenot@franziroesner.com
- skipcerterrorfoudilfr - %ProfilePath%\extensions\skipcerterror@foudil.fr

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default
9860727E477F17B88E39AF8B69B0407A    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll -    Shockwave Flash
898B418862E387276CD063324744CF5C    - C:\Users\Mark\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll -    Unity Player
7EF7E4C1325D533F5186E7118ABB0E7C    - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll -    McAfee Security Scanner +


==== Fake Chromium Profiles Check ======================

Fake profile C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

Google Chrome Version: 36.0.1985.143 (Possible outdated, latest Stable version: 40.0.2214.111)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lpadbdkobbgjgonnfnipfngifldcdfin - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7-SAT\CRX\ToolbarCR.crx[]

Docs - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Docs - Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

==== Chromium Fix ======================

C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.avg.com_0.localstorage deleted successfully
C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.avg.com_0.localstorage-journal deleted successfully
C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultfriendfinder.com_0.localstorage deleted successfully
C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultfriendfinder.com_0.localstorage-journal deleted successfully
C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_letsfinder.com_0.localstorage deleted successfully
C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_letsfinder.com_0.localstorage-journal deleted successfully
C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fixcomputersave.com_0.localstorage deleted successfully
C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fixcomputersave.com_0.localstorage-journal deleted successfully
C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.kusham00.kusham.net_0.localstorage deleted successfully
C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.kusham00.kusham.net_0.localstorage-journal deleted successfully
C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.scriptsession.com_0.localstorage deleted successfully
C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.scriptsession.com_0.localstorage-journal deleted successfully
C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.tanzuki.net_0.localstorage deleted successfully
C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.tanzuki.net_0.localstorage-journal deleted successfully
C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istart123.com_0.localstorage deleted successfully
C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istart123.com_0.localstorage-journal deleted successfully
C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.doko-search.com_0.localstorage deleted successfully
C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.doko-search.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com/"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com/"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== shortcuts on Users Desktops ======================

C:\Users\Mark\Desktop\Approaching Nirvana - Reboot (Advanced Copy) (2).lnk - C:\Users\Mark\Downloads\Approaching Nirvana - Reboot (Advanced Copy).zip
C:\Users\Mark\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Mark\Desktop\Uplay.lnk - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe
C:\Users\Mark\Desktop\World of Tanks.lnk - C:\Games\World_of_Tanks\WoTLauncher.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
C:\Users\Public\Desktop\Evolve.lnk - C:\Program Files (x86)\Echobit\Evolve\EvolveClient.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --remote-debugging-port=9223
C:\Users\Public\Desktop\Guild Wars 2.lnk - C:\Program Files (x86)\Guild Wars 2\Gw2.exe
C:\Users\Public\Desktop\Hearthstone.lnk - C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe
C:\Users\Public\Desktop\LogMeIn Hamachi.lnk - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mavis Beacon Teaches Typing.lnk - C:\Program Files (x86)\MBTTUKey\MBTT_FE.exe
C:\Users\Public\Desktop\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe
C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk - C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk - C:\Windows\system32\cmd.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -  
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk - C:\Windows\system32\control.exe /name Microsoft.EaseOfAccessCenter
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk - C:\Windows\system32\magnify.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -  
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk - C:\Windows\system32\osk.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -  
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -  
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe  -extoff
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk - C:\Windows\system32\eudcedit.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk - C:\Windows\system32\cmd.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk - C:\Windows\system32\control.exe /name Microsoft.EaseOfAccessCenter
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk - C:\Windows\system32\magnify.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk - C:\Windows\system32\osk.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk - C:\Windows\system32\eudcedit.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk - C:\Windows\system32\cmd.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk - C:\Windows\system32\control.exe /name Microsoft.EaseOfAccessCenter
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk - C:\Windows\system32\magnify.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk - C:\Windows\system32\osk.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk - C:\Windows\system32\eudcedit.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -  
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk - C:\Windows\system32\cmd.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -  
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk - C:\Windows\system32\control.exe /name Microsoft.EaseOfAccessCenter
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk - C:\Windows\system32\magnify.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -  
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk - C:\Windows\system32\osk.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -  
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -  
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk - C:\Windows\system32\eudcedit.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\FarCry™.lnk -  
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -  
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox\ROBLOX Studio.lnk - C:\Users\Mark\AppData\Local\Roblox\Versions\RobloxStudioLauncherBeta.exe -ide
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uninstall.lnk - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uplay.lnk - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\Encyclopedia.lnk - C:\Games\World_of_Tanks\wiki.url
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\Game Manual.lnk - C:\Games\World_of_Tanks\game_manual.url
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\Latest updates.lnk - C:\Games\World_of_Tanks\readme.url
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\Official website.lnk - C:\Games\World_of_Tanks\website.url
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\Uninstall World of Tanks.lnk - C:\Games\World_of_Tanks\unins000.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\World of Tanks.lnk - C:\Games\World_of_Tanks\WoTLauncher.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk - C:\Windows\system32\control.exe /name Microsoft.DefaultPrograms
C:\ProgramData\Microsoft\Windows\Start Menu\Toribash.lnk - C:\Games\Toribash-4.62\toribash.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk - C:\Windows\system32\wuapp.exe startmenu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.netBattle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk - C:\Program Files (x86)\Echobit\Evolve\EvolveClient.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HearthstoneHearthstone.lnk - C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk - C:\Windows\ehome\ehshell.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk - C:\Program Files (x86)\Windows Sidebar\sidebar.exe /showgadgets
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk - C:\Windows\system32\xpsrchvw.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk - C:\Windows\system32\calc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk - C:\Windows\system32\displayswitch.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk - C:\Windows\system32\mstsc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk - C:\Windows\System32\mobsync.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk - C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk - C:\Windows\Speech\Common\sapisvr.exe -SpeechUX
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk - C:\Windows\system32\charmap.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk - C:\Windows\system32\dfrgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk - C:\Windows\system32\cleanmgr.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk - C:\Windows\system32\perfmon.exe /res
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk - C:\Windows\system32\msinfo32.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk - C:\Windows\system32\taskschd.msc /s
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk - C:\Windows\system32\migwiz\postmig.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk - C:\Windows\system32\migwiz\migwiz.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk - C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk - C:\Windows\sysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk - C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk - C:\Windows\system32\comexp.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk - C:\Windows\system32\compmgmt.msc /s
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk - C:\Windows\system32\odbcad32.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk - C:\Windows\system32\eventvwr.msc /s
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk - C:\Windows\system32\iscsicpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk - C:\Windows\system32\perfmon.msc /s
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk - C:\Windows\system32\services.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk - C:\Windows\system32\taskschd.msc /s
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk - C:\Windows\system32\WF.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -NoExit -ImportSystemModules
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\AMD Catalyst Control Center.lnk - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\Help.lnk - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe Start Help -help
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkin USB Wireless Adapter Utility\Uninstall Belkin USB Wireless Adapter Driver.lnk - C:\Program Files (x86)\InstallShield Installation Information\{549CE1BD-88E4-4C5E-BF75-B155624714CC}\setup.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkin USB Wireless Adapter Utility\User Manual.lnk - C:\Program Files (x86)\Belkin\F9L1001\v1\UserManual.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Check for Updates.lnk - C:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe /start=update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Codec Settings.lnk - C:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe /start=decoder
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\DivX Converter.lnk - C:\Program Files (x86)\DivX\DivX Converter\DivXConverterLauncher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\DivX Player.lnk - C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Register.lnk - C:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe /start=registration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Identifier\Driver Identifier.lnk - C:\Program Files (x86)\Driver Identifier\DriverIdentifier.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\Star Wars - The Old Republic.lnk - C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\SWTOR Customer Support.lnk - C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\SWTOR Customer Support.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\Uninstall Star Wars - The Old Republic.lnk - C:\Program Files (x86)\Common Files\BioWare\Uninstall Star Wars - The Old Republic.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\View License.lnk - C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\EUALAs\EUALA_en.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\View Readme.lnk - C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\readmes\readme_en.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Fallout New Vegas.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FreeCell.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Games for Windows - LIVE.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Grand Theft Auto IV.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Hearts.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Minesweeper.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from Microsoft.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Purble Place.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Solitaire.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Spider Solitaire.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\STAR WARS™ The Old Republic™.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\The Elder Scrolls V Skyrim.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2\Guild Wars 2.lnk - C:\Program Files (x86)\Guild Wars 2\Gw2.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\GDSMux.lnk - C:\Program Files (x86)\Haali\MatroskaSplitter\gdsmux.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\Media Splitter Settings.lnk - C:\Windows\System32\rundll32.exe splitter.ax,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\Uninstall.lnk - C:\Program Files (x86)\Haali\MatroskaSplitter\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone\Hearthstone.lnk - C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios\Hi-Rez Diagnostics and Support.lnk - C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios\Uninstall All Hi-Rez Games.lnk - C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe uninstall=all
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\LogMeIn Hamachi.lnk - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\Uninstall.lnk - C:\Windows\SysWOW64\msiexec.exe /i {8B4E75B8-6788-481D-B8D5-143EF17DC06A} REMOVE=ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk - C:\Windows\System32\control.exe /name Microsoft.BackupAndRestore
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk - C:\Windows\system32\msra.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mavis Beacon Teaches Typing for Windows\License.lnk - C:\Program Files (x86)\MBTTUKey\MBTT UltraKey Family EULA.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mavis Beacon Teaches Typing for Windows\Mavis Beacon Teaches Typing Manager Guide.lnk - C:\Program Files (x86)\MBTTUKey\MBTTManagerGuide.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mavis Beacon Teaches Typing for Windows\Mavis Beacon Teaches Typing Program.lnk - C:\Program Files (x86)\MBTTUKey\MBTT_FE.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mavis Beacon Teaches Typing for Windows\Mavis Beacon Teaches Typing User Guide.lnk - C:\Program Files (x86)\MBTTUKey\MBTTUserGuide.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mavis Beacon Teaches Typing for Windows\Version Installed.lnk - C:\Program Files (x86)\MBTTUKey\VERSION.TXT
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.130\McUICnt.exe SecurityScanner.dll
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Uninstall.lnk - C:\Program Files\McAfee Security Scan\uninstall.exe C:\Program Files\McAfee Security Scan\3.8.130\McAfee.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE\Games for Windows - LIVE.lnk - C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLive.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Uninstall Origin.lnk - C:\Program Files (x86)\Origin\OriginUninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk - C:\Windows\Installer\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}\RichText.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\PictureViewer.lnk - C:\Windows\Installer\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}\PictureViewer.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk - C:\Windows\Installer\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}\QTPlayer.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk - C:\Windows\SysWOW64\msiexec.exe /i {28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD} /qf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT\Kone XTD Mouse\Kone XTD Driver.lnk - C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe 1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT\Kone XTD Mouse\Uninstall Driver.lnk - C:\Windows\system32\RunDll32.exe C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7133137D-DF48-4522-AD88-13C82B7D0A63}\Setup.exe"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.lnk - C:\Windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C92.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Check for Updates.lnk - C:\Program Files (x86)\Xvid\autoupdate-windows.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Configure Decoder.lnk - C:\Windows\System32\rundll32.exe xvid.ax,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Configure Encoder.lnk - C:\Windows\System32\rundll32.exe xvidvfw.dll,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Release Notes.lnk - C:\Program Files (x86)\Xvid\releasenotes.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Uninstall Xvid Video Codec.lnk - C:\Program Files (x86)\Xvid\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Xvid MiniConvert.lnk - C:\Program Files (x86)\Xvid\MiniConvert.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Advanced\Nic's FourCC Changer.lnk - C:\Program Files (x86)\Xvid\AviC.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Advanced\Nic's MiniCalc.lnk - C:\Program Files (x86)\Xvid\MiniCalc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Advanced\Some Quantization Matrices.lnk - C:\Program Files (x86)\Xvid\Xvid_Quant_Matrices.zip
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Advanced\StatsReader 2.1.lnk - C:\Program Files (x86)\Xvid\StatsReader.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Advanced\StatsReader Notes.lnk - C:\Program Files (x86)\Xvid\statsreader.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Advanced\xvid_encraw.lnk - C:\Windows\system32\cmd.exe /k ""C:\Program Files (x86)/Xvid\xvid_encraw.exe"" -h

==== shortcuts in Quick Launch ======================

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --remote-debugging-port=9223
C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory=Default
C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7111c0ce965b7246\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d78513a8998829c\pinned.lnk -  
C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CMW.lnk - C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Device Manager.lnk - C:\Windows\System32\devmgmt.msc
C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Engine.lnk - C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Guild Wars 2.lnk - C:\Program Files (x86)\Guild Wars 2\Gw2.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Hearthstone.lnk - C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Minecraft.lnk - C:\Users\Mark\Desktop\Minecraft.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Robocraft.lnk - C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spore.lnk - C:\Program Files (x86)\Steam\SteamApps\common\Spore\SporeBin\SporeApp.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

==== shortcuts After Repair ======================

C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lpadbdkobbgjgonnfnipfngifldcdfin deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Mark\AppData\Local\Mozilla\Firefox\Profiles\bs4g9g2q.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=251 folders=73 43222291 bytes)

==== Empty Temp Folders ======================

C:\Users\Admin\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Mark\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Mark\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

==== EOF on Fri 02/01/2002 at 18:10:30.47 ======================
 

Link to post
Share on other sites

I see that you've got also World of Tanks installed. My favourite game :P

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
Link to post
Share on other sites

Hi :)

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Expert.

Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).
Include that log in your next reply.

icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.

icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

icon_idea.gif Don't forget to re-enable your previously switched-off protection software!

Link to post
Share on other sites

ComboFix 15-02-16.01 - Mark 02/05/2002 15:21:20.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4087.2948 [GMT -6:00]

Running from: c:\users\Mark\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\msdownld.tmp

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

.

.

((((((((((((((((((((((((( Files Created from 2002-01-05 to 2002-02-05 )))))))))))))))))))))))))))))))

.

.

2014-05-21 13:16 . 2014-05-21 13:18 -------- d-----w- C:\11ef91e2b1cc1d9a0cb4

2013-12-30 15:22 . 2013-12-30 15:22 -------- d-----w- C:\AMD

2013-12-12 02:21 . 2014-10-28 21:16 -------- d-----w- C:\Games

2013-09-30 18:36 . 2013-09-30 18:36 -------- d-----w- C:\SWTOOLS

2013-03-30 07:19 . 2013-03-30 07:19 -------- d-----w- C:\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}

2013-02-13 03:48 . 2013-03-03 01:15 -------- d-----w- C:\download

2012-12-01 17:30 . 2012-12-01 17:30 -------- d-----w- C:\Crash

2012-07-19 23:50 . 2012-07-19 23:50 -------- d-----w- C:\tmp

2012-01-08 10:32 . 2012-01-08 10:32 -------- d-----w- C:\c2490e40701df0d619d5c5

2011-11-09 10:46 . 2020-08-03 03:01 -------- d-----w- C:\vcs5BGEffects

2011-08-25 02:08 . 2011-08-25 02:08 -------- d-----w- C:\3ac478ef0e43639bf211ac

2011-03-29 00:30 . 2011-12-21 06:35 -------- d-----w- C:\Fraps

2010-12-26 02:09 . 2010-12-26 02:09 -------- d-----w- C:\.jagex_cache_32

2010-11-21 20:37 . 2013-03-03 01:16 -------- d-----w- C:\Nexon

2010-11-20 01:26 . 2013-03-03 01:19 -------- d-----w- C:\Perfect World Entertainment

2010-10-27 19:29 . 2010-10-27 19:29 -------- d-----w- C:\6777fb92cb13a52da77b659c35509325

2010-10-27 19:13 . 2010-10-27 19:13 -------- d-----w- C:\83549eafbeae9cdf05fd55b6

2010-10-27 18:15 . 2010-10-27 18:15 -------- d-----w- C:\MyWorks

2010-10-27 17:47 . 2011-09-18 00:21 -------- d-----w- C:\ATI

2010-10-27 17:35 . 2010-10-27 17:35 -------- d-----w- C:\Intel

2010-10-27 16:18 . 2013-09-25 02:30 -------- d-----w- C:\Recovery

2009-07-14 05:08 . 2009-07-14 05:08 -------- d-sh--we C:\Documents and Settings

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-03-04 09:17 . 2014-04-08 21:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-04-13 05:49 . 2013-09-25 09:47 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-09-25 09:47 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-09-25 09:47 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-09-25 09:47 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-09-25 09:47 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-09-25 09:47 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2012-10-16 07:39 . 2013-09-25 09:41 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2011-04-12 08:17 . 2011-04-12 08:17 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui

2011-04-12 08:17 . 2011-04-12 08:17 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui

2011-04-12 08:17 . 2011-04-12 08:17 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui

2011-04-12 08:17 . 2011-04-12 08:17 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui

2011-04-12 08:17 . 2011-04-12 08:17 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui

2011-04-12 08:17 . 2011-04-12 08:17 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui

2009-07-14 01:40 . 2009-07-13 23:32 52736 ----a-w- c:\windows\apppatch\AppPatch64\apihex64.dll

2009-07-14 01:14 . 2009-07-13 23:20 41984 ----a-w- c:\windows\apppatch\apihex86.dll

2009-07-14 01:14 . 2009-07-13 23:26 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll

2009-07-14 01:03 . 2009-07-13 23:26 2560 ----a-w- c:\windows\apppatch\AcRes.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-11-18 1940160]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-10-01 22065760]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-08-21 450560]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-08-29 1861968]

"RoccatKoneXTD"="c:\program files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE" [2013-10-25 552960]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F9L1101\V1\wlansrv.exe;c:\program files (x86)\Belkin\F9L1101\V1\wlansrv.exe [x]

R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys;c:\windows\SYSNATIVE\DRIVERS\ae1000w7.sys [x]

R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]

R3 BRDriver64;BRDriver64;c:\programdata\BitRaider\BRDriver64.sys;c:\programdata\BitRaider\BRDriver64.sys [x]

R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]

R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]

R3 EvoSvc;Evolve Service;c:\program files\Echobit\Evolve\EvoSvc.exe;c:\program files\Echobit\Evolve\EvoSvc.exe [x]

R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 LVUVC64;Logitech HD Webcam C525(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]

R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]

S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]

S2 PasswordBox;PasswordBox;c:\program files (x86)\PasswordBox\pbbtnService.exe;c:\program files (x86)\PasswordBox\pbbtnService.exe [x]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]

S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2002-02-02 00:19 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2002-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-04 20:05]

.

2002-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-26 03:31]

.

2002-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-26 03:31]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2015-01-15 22:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2015-01-15 22:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2015-01-15 22:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2015-01-15 22:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2015-01-15 22:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.com/

mDefault_Search_URL = www.google.com

mDefault_Page_URL = www.google.com

mStart Page = www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Page = www.google.com

uSearchAssistant = www.google.com

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 207.177.74.108 207.177.74.118

FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - ExtSQL: 2013-10-04 20:05; firefox@whilokii.net; c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\extensions\firefox@whilokii.net.xpi

FF - ExtSQL: 2013-10-05 19:58; {1122b43d-30ee-403f-9bfa-3cc99b0caddd}; c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}

FF - ExtSQL: 2013-10-05 19:59; addon@defaulttab.com; c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\extensions\addon@defaulttab.com.xpi

FF - ExtSQL: 2013-10-17 18:57; {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}; c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bs4g9g2q.default\extensions\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}

FF - ExtSQL: 2013-11-21 19:01; firefox@passwordbox.com; c:\program files (x86)\PasswordBox\Firefox

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-MobileAppSync - c:\program files (x86)\Mobile App Sync\D2MClient.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

BHO-{9CFC1320-5114-7B27-0A02-FE2E77EBAA17} - c:\programdata\Deal4REAl\2R_1IEV.x64.dll

AddRemove-MixiDJ_V30 Toolbar - c:\program files (x86)\MixiDJ_V30\UninstallerUI.exe

AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.exe

AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe

AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe

AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe

AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4011825315-3729900668-71547304-1000\Software\SecuROM\License information*]

"datasecu"=hex:4c,ef,77,23,7b,ea,22,2d,29,20,9c,d5,14,5b,c1,78,e7,59,d6,5e,95,

a0,f5,db,a0,bb,d1,a1,57,6e,69,6b,63,ee,bc,bd,f2,b6,71,03,e3,44,c3,88,0d,60,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2002-02-05 15:33:37

ComboFix-quarantined-files.txt 2002-02-05 21:33

.

Pre-Run: 56,622,850,048 bytes free

Post-Run: 56,460,980,224 bytes free

.

- - End Of File - - C0521E7E929191A5E263749DF18E484F

A36C5E4F47E84449FF07ED3517B43A31

Link to post
Share on other sites

Hi,

I apologize for the delay, I was swamped with an additional work and that prevented me from replying daily.

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
Link to post
Share on other sites

Hi,

I'm sorry, things get hectic here lately. I wonder about some of the entries here.

RogueKiller.png Scan with RogueKiller

Please download RogueKiller and save the file to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on RogueKiller.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.
Please include the content of this logfile in your next reply.
Link to post
Share on other sites

RogueKiller V10.4.3.0 (x64) [Feb 23 2015] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Mark [Administrator]

Mode : Scan -- Date : 02/14/2002 08:26:10

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 27 ¤¤¤

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BRDriver64 (\??\C:\ProgramData\BitRaider\BRDriver64.sys) -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BRSptSvc ("C:\ProgramData\BitRaider\BRSptSvc.exe") -> Found

[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\ComboFix\catchme.sys) -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BRDriver64 (\??\C:\ProgramData\BitRaider\BRDriver64.sys) -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BRSptSvc ("C:\ProgramData\BitRaider\BRSptSvc.exe") -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BRDriver64 (\??\C:\ProgramData\BitRaider\BRDriver64.sys) -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BRSptSvc ("C:\ProgramData\BitRaider\BRSptSvc.exe") -> Found

[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found

[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found

[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49635;https=127.0.0.1:49635 -> Found

[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49635;https=127.0.0.1:49635 -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 207.177.74.108 207.177.74.118 [uNITED STATES (US)][uNITED STATES (US)] -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 207.177.74.108 207.177.74.118 [uNITED STATES (US)][uNITED STATES (US)] -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)] -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5C743226-CE00-46F7-9488-E0DFB8984897} | DhcpNameServer : 207.177.74.108 207.177.74.118 [uNITED STATES (US)][uNITED STATES (US)] -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7EE31E23-8AC2-4A01-8830-C3ABB7C2DC3D} | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)] -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BA49153F-2D13-4AC5-9205-ACBC0B2C3C8E} | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)] -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5C743226-CE00-46F7-9488-E0DFB8984897} | DhcpNameServer : 207.177.74.108 207.177.74.118 [uNITED STATES (US)][uNITED STATES (US)] -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7EE31E23-8AC2-4A01-8830-C3ABB7C2DC3D} | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)] -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BA49153F-2D13-4AC5-9205-ACBC0B2C3C8E} | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)] -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5C743226-CE00-46F7-9488-E0DFB8984897} | DhcpNameServer : 207.177.74.108 207.177.74.118 [uNITED STATES (US)][uNITED STATES (US)] -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7EE31E23-8AC2-4A01-8830-C3ABB7C2DC3D} | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)] -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{BA49153F-2D13-4AC5-9205-ACBC0B2C3C8E} | DhcpNameServer : 69.18.32.50 69.18.32.51 [uNITED STATES (US)][uNITED STATES (US)] -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721050CLA362 ATA Device +++++

--- User ---

[MBR] 10b28f7c4cd11571d1c0f9f931fd5d99

[bSP] 0d32bbfe79531a6bdd35ed963f8c7646 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

User = LL1 ... OK

User = LL2 ... OK

============================================

RKreport_SCN_01302002_150416.log

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • Root Admin

We're sorry. It looks like your topic was somehow overlooked. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators and we'll assist you.

Thank you and sorry we missed your topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.