# class not registered



## eltonsammy (Mar 9, 2007)

good evening, my pc is running on windows 7, just happened this afternoon that every pictures on my desktop wont appear, instead pop out a " class not register" message,also will not let me do the window update as well and can't do the system restore also, did the virus scan found nothing.

[URL=http://imageshack.us/photo/my-images/546/2k5a.png/] Uploaded with ImageShack.us

Here's HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:53 PM, on 10/15/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\PPStream\PPSAP.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
O2 - BHO: VideoUrlSniffer - {00000ADA-7E0D-47C1-986C-F017D09C4304} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~4\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCEPServiceManager] "C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OE1FSC1SRk9ENC1TWFdSOC1KUlRRQS1KQURDSi1XRU1CUg"&"inst=NzYtMTIzMzkzMjE2Mi1TVDEyT0krMS1WSVAxMisxLUREVCswLUVVTEErMS1UMzBFUCsxLVAxMk1CKzEtU1BEKzEtRDM4MUwrNi1TVDEwQVBQKzEtSTEwKzEtQ0lEKzEtSUlTQSsy"&"prod=94"&"ver=10.0.1424
O4 - HKCU\..\Run: [Google Update] "C:\Users\KEN\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PPS Accelerator] C:\PPStream\ppsap.exe
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-3240971326-915861023-1393506679-1000\..\Run: [Google Update] "C:\Users\KEN\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-21-3240971326-915861023-1393506679-1000\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (User '?')
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: 妏蚚辦陬3狟婥 - C:\Program Files\FlashGet Network\FlashGet 3\fdgeturl.htm
O8 - Extra context menu item: 妏蚚辦陬3狟婥絞弝 - C:\Program Files\FlashGet Network\FlashGet 3\fdgetflvurl.htm
O8 - Extra context menu item: 妏蚚辦陬3狟婥窒弝 - C:\Program Files\FlashGet Network\FlashGet 3\fdgetallflvurl.htm
O8 - Extra context menu item: 妏蚚辦陬3狟婥窒蟈諉 - C:\Program Files\FlashGet Network\FlashGet 3\fdgetallurl.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix: 
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KUGOU2~1\KUGOO3~1.OCX
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KUGOU2~1\KUGOO3~1.OCX
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bdvb Update Service (BdvbmSvc) (BdvbmSvc) - Baidu Inc. - C:\Program Files\Baidu\VbUpdate\BdvbUpdate.exe
O23 - Service: Baidu Video Service Platform (BdvbServicePlatform) - 百度在?网?技?（北京）有限公司 - C:\Program Files\baidu\iQyBaiduVideoBrowser\Application\2.5.0.19\ServicePlatform.exe
O23 - Service: Bdvb Update Service (BdvbSvc) (BdvbSvc) - Baidu Inc. - C:\Program Files\Baidu\VbUpdate\BdvbUpdate.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe (file missing)
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

--
End of file - 12497 bytes


----------



## Couriant (Mar 26, 2002)

Sounds like an asssociation issue -- possible malware from some things that I believe to be an issue.

Do you use disc image files (.iso)?


----------



## valis (Sep 24, 2004)

moving to malware per Couriant's request.


----------



## eltonsammy (Mar 9, 2007)

yes i do use .iso files, it happened a day after i had windows update then reboot the system,


----------



## Couriant (Mar 26, 2002)

The reason I asked is that you need to be careful where you get your files as they can be laced with viruses/malware that can be activated by any combination of things (updates/reboots etc).

The other thing I see and this is where the malware team can help is you seem to have KuGoo installed, wether you did that or not. KuGoo is a music sharing program supported by adware. It's also being flagged for Severe Risk in the malware world, so if you use that service you may want to rethink.


----------



## eltonsammy (Mar 9, 2007)

i will uninstall it, but how to i have my pc back to normal?


----------



## eltonsammy (Mar 9, 2007)

need some help here please


----------



## Couriant (Mar 26, 2002)

They will help you, but they are not here 24/7. Plus they have been kept busy.  Please give them 24hr more to respond. If they don't I will see if I can get someone to check in.


----------



## eltonsammy (Mar 9, 2007)

thank you Couriant


----------



## eltonsammy (Mar 9, 2007)

Thought to use Panada online free virus scan, now my pc ended up won't load the Windows, real need some help here please..................


----------



## JSntgRvr (Jul 1, 2003)

Welcome.

Lets give it a try.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter *System Recovery Options*.

*To enter System Recovery Options from the Advanced Boot Options:*
Restart the computer.
As soon as the BIOS is loaded begin tapping the* F8* key until Advanced Boot Options appears.
Use the arrow keys to select the *Repair your computer* menu item.
Select *US* as the keyboard language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account an click *Next*.
*Note*: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

*To enter System Recovery Options by using Windows installation disc:*
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click *Repair your computer*.
Select *US* as the keyboard language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account and click *Next*.
*On the System Recovery Options menu you will get the following options:*
*Startup Repair*
*System Restore*
*Windows Complete PC Restore*
*Windows Memory Diagnostic Tool*
*Command Prompt*
Select *Command Prompt*

*Once in the Command Prompt:*
In the command window type in *notepad* and press *Enter*.
The notepad opens. Under File menu select *Open*.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type *e:\frst* (for x64 bit version type *e:\frst64*) and press *Enter*
*Note:* Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press *Scan* button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


----------



## eltonsammy (Mar 9, 2007)

thanks for the help. i couldn't get to the system recovery options on my windows 7, but i booted in safe mode and ran the farbar,i am making a windows 7 repair disc on my son's laptop while i posting the farbar scan result, thanks

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-10-2013 01
Ran by KEN (administrator) on SAM-PC on 21-10-2013 22:10:07
Running from F:\
Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelliType Pro] - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1093232 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1668720 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5078504 2013-03-21] (ESET)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OE1FSC1SRk9ENC1TWFdSOC1KUlRRQS1KQURDSi1XRU1CUg"&"inst=NzYtMTIzMzkzMjE2Mi1TVDEyT0krMS1WSVAxMisxLUREVCswLUVVTEErMS1UMzBFUCsxLVAxMk1CKzEtU1BEKzEtRDM4MUwrNi1TVDEwQVBQKzEtSTEwKzEtQ0lEKzEtSUlTQSsy"&"prod=94"&"ver=10.0.1424
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
HKCU\...\Run: [Google Update] - C:\Users\KEN\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-10-19] (Google Inc.)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x16440D4FB972CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = www.yahoo.com
SearchScopes: HKLM - DefaultScope {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
SearchScopes: HKLM - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
SearchScopes: HKCU - DefaultScope {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=49029047_oem_dg&ch=33
SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = 
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKCU - {47E70B16-857D-1F50-ADFB-8839257B41A4} URL = http://www.bing.com/search?q={searchTerms}&pc=Z160&form=ZGAIDF&install_date=20111229&iesrc={referrer:source}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = playbryte/search/redirect/?type=default&user_id=52deca56-7b69-408a-be8c-213a3f1c3c6d&query={searchTerms}
SearchScopes: HKCU - {9DDD8481-FF00-4F13-8CC9-BDBDFC4D37CC} URL = http://websearch.ask.com/redirect?client=ie&tb=HIP&o=102874&src=kw&q={searchTerms}&locale=&apn_ptnrs=^6E&apn_dtid=^YYYYYY^YY^US&apn_uid=c29ba541-0c81-4208-ae1c-b443fd803e4e&apn_sauid=0FCDD1C3-49F4-4453-808C-4B7C12F50F9F
SearchScopes: HKCU - {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=49029047_oem_dg&ch=33
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80051&lng=en
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKCU -Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 167.206.245.130 167.206.245.129

FireFox:
========
FF ProfilePath: C:\Users\KEN\AppData\Roaming\Mozilla\Firefox\Profiles\42bi112j.default
FF user.js: detected! => C:\Users\KEN\AppData\Roaming\Mozilla\Firefox\Profiles\42bi112j.default\user.js
FF SearchEngineOrder.1: Ask.com
FF Homepage: my.yahoo.com/p/1.html
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @baidu.com/BdvbFfPlugin - C:\Program Files\baidu\iQyBaiduVideoBrowser\Application\2.5.0.19\npTestNetscapePlugIn.dll (Apple Inc.)
FF Plugin: @baidu.com/npxbdsetup - C:\Windows\Downloaded Program Files\55171048\npxbdsetup.dll ()
FF Plugin: @baidu.com/npxbdyy - C:\Program Files\Baidu\BaiduPlayer\1.19.0.110\npxbdyy.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.1 - C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL No File
FF Plugin: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin: @real.com/nppl3260;version=6.0.12.450 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.448 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.baidu.com/Baidu VbUpdate;version=13 - C:\Program Files\Baidu\VbUpdate\1.3.29.11\npBdvbUpdate7.dll (Baidu Inc.)
FF Plugin: @tools.baidu.com/Baidu VbUpdate;version=7 - C:\Program Files\Baidu\VbUpdate\1.3.29.11\npBdvbUpdate7.dll (Baidu Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll No File
FF Plugin HKCU: @fancyguo.com/FancyGame,version=1.0.0.1 - C:\Users\KEN\AppData\Local\Fancy\npfancygame.dll (Beijing FancyGuo Tech Ltd)
FF Plugin HKCU: @qvod.com/QvodInsert - C:\Program Files\QvodPlayer\npQvodInsert.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\KEN\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\KEN\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\KEN\AppData\Roaming\Mozilla\Firefox\Profiles\42bi112j.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF Extension: General Crawler - C:\Users\KEN\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files\Mozilla Firefox\extensions\[email protected]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - c:\program files\real\realplayer\browserrecord\firefox\ext
FF Extension: RealPlayer Browser Record Plugin - c:\program files\real\realplayer\browserrecord\firefox\ext
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: No Name - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/","hxxp://websearch.mocaflix.com/"]},"spdy":{"servers":["lh5.googleusercontent.com:443","ssl.gstatic.com:443","plusone.google.com:443","googleads.g.doubleclick.net:443","toolbarqueries.google.com:443","clients4.google.com:443","www.google.com:443","ajax.googleapis.com:443"]},"sync":{"acknowledged_types":["Bookmarks","Preferences","Passwords","Autofill Profiles","Autofill","Themes","Typed URLs","Extensions","Encryption keys","Search Engines","Sessions","Apps"],"app_notifications":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"bookmarks":true,"dictionary":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA9lvJMUN57EeayT8wUR4VTAAAAAACAAAAAAAQZgAAAAEAACAAAABXZaKS30FdVIcc8wlvozP9RAHqTRddi6zfRKbAJNKH+AAAAAAOgAAAAAIAACAAAADD0278iUsQjb0879EFhDe/EFQREfW8slV1hJ00m/xU5UAAAABWz4he3PUm46Pf95Nun/2ZCQ9YkRL6xJbMcxZaSHu70fMB1zDxuGJoloF1p4alPw3gHh1r6gQId3nZKlwjd5PuQAAAALYAgppmPkQZhyWzWjXVJDihKFap8B2fK4tU7vQGsBKhXXgjL3SqE/b1CCb0JfqKv7sIzNmvmxGo1sO5eTE13ZE=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"has_setup_completed":true,"history_delete_directives":true,"keep_everything_synced":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAqqMDN30LRkiW8z0gv7122QAAAAACAAAAAAAQZgAAAAEAACAAAABf4ycNuWSbu7DFJHyQ6NTi4n6bkPEtZLmrtEZTQxFBSgAAAAAOgAAAAAIAACAAAACTDI7Tz6TNHYvMgWvKQVh1dTtYGFnTEYzBegsDegbZplAAAACLlO8k54n2Sx8eVeM/XycbQ2IRBQ5VwBAnfcG3P0jIvfDJSOk/1HTo2rXtgsoQO4oC9a4xczaPsnyN9fiiI9ZauFHFuim7B56txc7XWwPD/kAAAAA20oNzljIjIbGtrCSbKn7sftg+3G4EFAb5VoIOeIRQShp3z2hoCu31bU8D9K1S4jenCISNrcrFgyRRbcgX7i+T","last_synced_time":"13021433800066893","passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_syncPRYiwuU7Aacm2BiTwwkMbA==","sessions":true,"suppress_start":false,"tabs":true,"themes":true,"typed_urls":true,"using_oauth":false},"sync_promo":{"user_skipped":true},"tabs":{"use_compact_navigation_bar":false,"use_vertical_tabs"
CHR Extension: (Entanglement) - C:\Users\KEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0
CHR Extension: (Angry Birds) - C:\Users\KEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (AdBlock) - C:\Users\KEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_1
CHR Extension: (General Crawler) - C:\Users\KEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje\2.0_0
CHR Extension: (Poppit) - C:\Users\KEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0
CHR Extension: (Marc Ecko) - C:\Users\KEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk\2_0
CHR Extension: () - C:\Users\KEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.19.11_0
CHR HKLM\...\Chrome\Extension: [aacbndibbcpajfgnkdkaakeiojmmgmnk] - C:\Users\KEN\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx
CHR HKLM\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\KEN\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx
CHR HKLM\...\Chrome\Extension: [jpihmmhdcobmllpcnpfbhnipmhamldje] - C:\Users\KEN\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx
CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\KEN\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx
CHR StartMenuInternet: Google Chrome - C:\Users\KEN\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

S3 BdvbmSvc; C:\Program Files\Baidu\VbUpdate\BdvbUpdate.exe [129488 2013-07-24] (Baidu Inc.)
S2 BdvbServicePlatform; C:\Program Files\baidu\iQyBaiduVideoBrowser\Application\2.5.0.19\ServicePlatform.exe [199120 2013-09-13] (百度在线网络技术（北京）有限公司)
S2 BdvbSvc; C:\Program Files\Baidu\VbUpdate\BdvbUpdate.exe [129488 2013-07-24] (Baidu Inc.)
S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1341664 2013-03-21] (ESET)
S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2012-08-29] ()
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 PCloudCleanerService; C:\Windows\system32\PCloudCleanerService.EXE [93152 2013-10-04] (Panda Security S.L.)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [x]
S2 hshld; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [x]

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [122456 2013-03-04] (SlySoft, Inc.)
S1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12664 2006-10-18] ()
R3 Atc002; C:\Windows\System32\DRIVERS\l260x86.sys [29184 2009-07-13] (Atheros Communications, Inc.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [179936 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [55776 2012-10-15] (AVG Technologies CZ, s.r.o. )
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [19936 2012-09-21] (AVG Technologies CZ, s.r.o. )
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [159712 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [177376 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [94048 2012-11-16] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35552 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [164832 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
S3 cmpci; C:\Windows\System32\drivers\cmaudio.sys [379726 2002-07-15] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-07-24] (DT Soft Ltd)
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [171680 2013-02-20] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [122240 2013-01-10] (ESET)
S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [105760 2013-01-10] (ESET)
R1 Eve; C:\Windows\System32\DRIVERS\eve.sys [35312 2013-02-20] ()
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R3 HssDrv; C:\Windows\System32\DRIVERS\HssDrv.sys [37376 2012-03-26] (AnchorFree Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [750592 2009-08-05] (Ralink Technology Corp.)
S2 npf; C:\Windows\System32\drivers\npf.sys [35088 2010-07-15] (CACE Technologies, Inc.)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [376832 2009-11-05] (Realtek Semiconductor Corporation )
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-17] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67656 2013-10-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2012-07-24] (Duplex Secure Ltd.)
S3 Asushwio; \??\E:\Bin\Asushwio.sys [x]
S3 cpuz132; \??\C:\Users\KEN\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [x]
S0 goavmor; System32\drivers\prrbpc.sys [x]
S3 speccy; \??\C:\Users\KEN\AppData\Local\Temp\f1860fec-afba-4496-9ea3-3a03b8df6b64 [x]
S3 Tq_91Assistant; \??\F:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys [x]
S0 unfws; System32\drivers\flnjs.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-21 16:10 - 2013-10-21 16:10 - 00000000 _____ C:\Users\KEN\AppData\Local\{786370D2-0E93-43F2-A8AC-7E23B50ED758}
2013-10-21 15:50 - 2013-10-21 15:50 - 00000000 _____ C:\Users\KEN\AppData\Local\{9541B031-47AA-42E0-85AA-9C6B6FC76137}
2013-10-20 17:32 - 2013-10-20 17:32 - 00000000 _____ C:\Users\KEN\AppData\Local\{F456A39D-0C82-4D9C-AFAF-19545914FF8B}
2013-10-20 17:22 - 2013-10-20 17:22 - 00000000 _____ C:\Users\KEN\AppData\Local\{46748AFC-CC54-4710-9CBA-8F8ADC8B6E15}
2013-10-20 16:58 - 2013-10-20 16:58 - 00000000 _____ C:\Users\KEN\AppData\Local\{A671A52E-4F2A-4F28-A401-7B9DBBB47EE2}
2013-10-20 16:51 - 2013-10-20 16:51 - 00000000 _____ C:\Users\KEN\AppData\Local\{7E8CD59D-6174-4F71-8C7F-5A846817DCD1}
2013-10-20 15:16 - 2013-10-20 15:16 - 00000000 _____ C:\Users\KEN\AppData\Local\{89C317A5-8A20-4BC7-92BD-F2C2B74EC62B}
2013-10-20 15:05 - 2013-10-20 15:05 - 00000000 _____ C:\Users\KEN\AppData\Local\{E4DD3A92-39FA-45F6-AEAB-2D93621D22E6}
2013-10-20 15:05 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2013-10-20 13:32 - 2013-10-21 16:27 - 00001224 _____ C:\Windows\system32\PCloudCleanerService.log
2013-10-20 13:32 - 2013-10-20 13:32 - 00000738 _____ C:\Windows\PFRO.log
2013-10-20 13:32 - 2013-10-20 13:32 - 00000000 _____ C:\Users\KEN\AppData\Local\{4D97785F-9BD2-4F94-835C-2E21612E7D69}
2013-10-20 13:32 - 2013-06-12 14:10 - 00031848 _____ C:\Windows\system32\Drivers\DasPtct.SYS
2013-10-20 06:20 - 2013-10-20 06:20 - 00960326 _____ C:\Users\KEN\AppData\Local\census.cache
2013-10-20 06:19 - 2013-10-20 06:19 - 00185186 _____ C:\Users\KEN\AppData\Local\ars.cache
2013-10-20 04:55 - 2013-10-04 15:23 - 00093152 _____ (Panda Security S.L.) C:\Windows\system32\PCloudCleanerService.EXE
2013-10-20 04:55 - 2013-04-08 16:30 - 00018656 _____ C:\Windows\system32\PCloudBroom.exe
2013-10-20 04:36 - 2013-10-20 04:36 - 00001200 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2013-10-20 04:35 - 2013-10-21 16:26 - 00000784 _____ C:\Windows\setupact.log
2013-10-20 04:35 - 2013-10-20 04:35 - 00000000 _____ C:\Windows\setuperr.log
2013-10-20 04:32 - 2013-10-20 04:32 - 00000036 _____ C:\Users\KEN\AppData\Local\housecall.guid.cache
2013-10-19 16:26 - 2013-10-19 16:26 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-10-18 20:37 - 2013-03-01 17:14 - 35102144 _____ C:\Users\KEN\Desktop\KMSnano_v24_ Setup.exe
2013-10-17 20:48 - 2013-10-21 15:43 - 01166907 _____ C:\Windows\WindowsUpdate.log
2013-10-17 18:48 - 2013-10-17 18:48 - 00000017 _____ C:\Users\KEN\AppData\Local\resmon.resmoncfg
2013-10-15 20:58 - 2013-10-15 20:58 - 00012548 _____ C:\Users\KEN\Desktop\hijackthis.log
2013-10-10 19:33 - 2013-10-10 19:33 - 00001040 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-10-08 22:06 - 2013-09-22 19:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-08 22:06 - 2013-09-22 19:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-08 22:06 - 2013-09-22 19:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-08 22:06 - 2013-09-22 19:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-08 22:06 - 2013-09-22 19:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-08 22:06 - 2013-09-22 19:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-08 22:06 - 2013-09-22 19:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-08 22:06 - 2013-09-22 19:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-08 22:06 - 2013-09-22 19:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-08 22:06 - 2013-09-22 19:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-08 22:06 - 2013-09-22 19:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-08 22:06 - 2013-09-22 19:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-08 22:06 - 2013-09-22 19:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-08 22:06 - 2013-09-22 19:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-08 22:06 - 2013-09-20 23:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-08 22:06 - 2013-09-20 22:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-08 16:28 - 2013-09-13 20:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-08 16:28 - 2013-09-07 22:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-08 16:28 - 2013-09-07 22:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-08 16:28 - 2013-09-03 21:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-08 16:28 - 2013-09-03 21:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-08 16:28 - 2013-09-03 21:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-08 16:28 - 2013-09-03 21:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-08 16:28 - 2013-09-03 21:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-08 16:28 - 2013-09-03 21:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-08 16:28 - 2013-09-03 21:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-08 16:28 - 2013-08-28 21:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-08 16:28 - 2013-08-28 21:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-08 16:28 - 2013-08-28 21:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-08 16:28 - 2013-08-28 21:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-08 16:28 - 2013-08-28 21:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-08 16:28 - 2013-08-27 21:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-08 16:28 - 2013-08-27 20:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-08 16:28 - 2013-08-01 07:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-08 16:28 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 16:28 - 2013-07-12 06:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-08 16:28 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-08 16:28 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-08 16:28 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-08 16:28 - 2013-07-04 05:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-08 16:28 - 2013-07-03 00:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-08 16:28 - 2013-07-02 23:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-08 16:28 - 2013-07-02 23:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-08 16:28 - 2013-06-25 18:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-08 16:28 - 2013-06-06 00:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-08 16:28 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-08 16:28 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-08 16:28 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-08 16:28 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-08 07:32 - 2013-10-08 07:32 - 00000000 ____D C:\Users\KEN\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2013-10-05 13:38 - 2013-10-05 13:39 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-05 13:38 - 2013-10-05 13:39 - 00000000 ____D C:\Program Files\iTunes
2013-10-05 13:38 - 2013-10-05 13:38 - 00000000 ____D C:\Program Files\iPod
2013-10-01 06:32 - 2013-10-01 06:32 - 00002070 _____ C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2013-10-01 06:32 - 2013-10-01 06:32 - 00001956 _____ C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2013-10-01 06:23 - 2013-10-01 06:23 - 00001994 _____ C:\Users\Public\Desktop\Adobe Update Management Tool.lnk
2013-09-30 19:51 - 2013-10-01 05:04 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-21 22:08 - 2012-07-23 20:59 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-10-21 16:27 - 2013-10-20 13:32 - 00001224 _____ C:\Windows\system32\PCloudCleanerService.log
2013-10-21 16:27 - 2013-07-11 21:18 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce7e9dbb5632fa.job
2013-10-21 16:27 - 2013-06-08 07:12 - 00000862 _____ C:\Windows\Tasks\BaiduVbUpdateTaskMachineCore.job
2013-10-21 16:27 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-21 16:26 - 2013-10-20 04:35 - 00000784 _____ C:\Windows\setupact.log
2013-10-21 16:10 - 2013-10-21 16:10 - 00000000 _____ C:\Users\KEN\AppData\Local\{786370D2-0E93-43F2-A8AC-7E23B50ED758}
2013-10-21 15:50 - 2013-10-21 15:50 - 00000000 _____ C:\Users\KEN\AppData\Local\{9541B031-47AA-42E0-85AA-9C6B6FC76137}
2013-10-21 15:43 - 2013-10-17 20:48 - 01166907 _____ C:\Windows\WindowsUpdate.log
2013-10-20 17:32 - 2013-10-20 17:32 - 00000000 _____ C:\Users\KEN\AppData\Local\{F456A39D-0C82-4D9C-AFAF-19545914FF8B}
2013-10-20 17:32 - 2013-07-24 23:18 - 00000872 _____ C:\Windows\Tasks\BaiduVbUpdateTaskMachineUA1ce88e5951504cd.job
2013-10-20 17:22 - 2013-10-20 17:22 - 00000000 _____ C:\Users\KEN\AppData\Local\{46748AFC-CC54-4710-9CBA-8F8ADC8B6E15}
2013-10-20 16:58 - 2013-10-20 16:58 - 00000000 _____ C:\Users\KEN\AppData\Local\{A671A52E-4F2A-4F28-A401-7B9DBBB47EE2}
2013-10-20 16:51 - 2013-10-20 16:51 - 00000000 _____ C:\Users\KEN\AppData\Local\{7E8CD59D-6174-4F71-8C7F-5A846817DCD1}
2013-10-20 15:16 - 2013-10-20 15:16 - 00000000 _____ C:\Users\KEN\AppData\Local\{89C317A5-8A20-4BC7-92BD-F2C2B74EC62B}
2013-10-20 15:05 - 2013-10-20 15:05 - 00000000 _____ C:\Users\KEN\AppData\Local\{E4DD3A92-39FA-45F6-AEAB-2D93621D22E6}
2013-10-20 13:32 - 2013-10-20 13:32 - 00000738 _____ C:\Windows\PFRO.log
2013-10-20 13:32 - 2013-10-20 13:32 - 00000000 _____ C:\Users\KEN\AppData\Local\{4D97785F-9BD2-4F94-835C-2E21612E7D69}
2013-10-20 13:31 - 2013-09-12 20:00 - 00000000 ____D C:\Users\KEN\AppData\Roaming\uTorrent
2013-10-20 13:31 - 2013-07-06 20:13 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce7aa6ddde4746.job
2013-10-20 13:25 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\tracing
2013-10-20 12:51 - 2012-04-02 19:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-20 12:37 - 2013-07-07 11:21 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3240971326-915861023-1393506679-1000UA1ce7b25acd4a9f9.job
2013-10-20 06:20 - 2013-10-20 06:20 - 00960326 _____ C:\Users\KEN\AppData\Local\census.cache
2013-10-20 06:19 - 2013-10-20 06:19 - 00185186 _____ C:\Users\KEN\AppData\Local\ars.cache
2013-10-20 05:37 - 2013-07-07 11:21 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3240971326-915861023-1393506679-1000Core1ce7b25abcc713a.job
2013-10-20 04:36 - 2013-10-20 04:36 - 00001200 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2013-10-20 04:36 - 2010-04-25 10:16 - 00000000 ____D C:\Program Files\Panda Security
2013-10-20 04:35 - 2013-10-20 04:35 - 00000000 _____ C:\Windows\setuperr.log
2013-10-20 04:32 - 2013-10-20 04:32 - 00000036 _____ C:\Users\KEN\AppData\Local\housecall.guid.cache
2013-10-20 02:00 - 2009-12-01 16:14 - 00000000 ____D C:\Users\KEN\AppData\Local\Adobe
2013-10-19 21:58 - 2012-07-24 19:42 - 00000000 ____D C:\Users\KEN\AppData\Roaming\DAEMON Tools Pro
2013-10-19 16:26 - 2013-10-19 16:26 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-10-19 15:15 - 2009-07-14 00:34 - 00023392 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-19 15:15 - 2009-07-14 00:34 - 00023392 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-17 20:48 - 2009-12-01 16:55 - 00000000 ____D C:\Windows\Panther
2013-10-17 20:42 - 2009-07-14 00:52 - 00000000 ____D C:\Windows\Offline Web Pages
2013-10-17 18:48 - 2013-10-17 18:48 - 00000017 _____ C:\Users\KEN\AppData\Local\resmon.resmoncfg
2013-10-17 18:46 - 2012-12-23 08:42 - 00001042 _____ C:\Users\KEN\AppData\Roaming\CoreAVC.ini
2013-10-17 18:46 - 2012-08-11 14:30 - 00000138 _____ C:\Windows\vsfilter.INI
2013-10-17 18:46 - 2012-08-11 14:28 - 00000000 ____D C:\baidu player
2013-10-17 17:08 - 2010-04-24 16:23 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-17 17:04 - 2013-01-17 21:50 - 00000000 ____D C:\Program Files\Microsoft Office
2013-10-17 17:00 - 2013-04-26 07:04 - 00000000 ____D C:\Users\KEN\AppData\Local\Avg2013
2013-10-17 17:00 - 2012-09-12 20:53 - 00000000 ____D C:\Users\KEN\AppData\Roaming\AVG2013
2013-10-17 17:00 - 2012-09-12 20:51 - 00000000 ____D C:\ProgramData\AVG2013
2013-10-17 16:57 - 2012-07-24 18:49 - 00000000 ____D C:\ProgramData\MFAData
2013-10-17 16:36 - 2009-12-01 14:54 - 00120200 _____ C:\Users\KEN\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-17 16:35 - 2012-07-26 20:09 - 00000000 ____D C:\ppsvodcache
2013-10-17 15:44 - 2011-01-18 22:01 - 00002352 _____ C:\Users\KEN\Desktop\Google Chrome.lnk
2013-10-17 15:42 - 2013-03-27 08:10 - 00000000 ____D C:\Program Files\DVDFab 8 Qt
2013-10-17 15:37 - 2012-08-16 16:00 - 00000000 ____D C:\ProgramData\vsosdk
2013-10-17 15:31 - 2012-08-17 20:57 - 00000000 ____D C:\ProgramData\DVD Shrink
2013-10-16 17:24 - 2012-07-26 06:53 - 00000000 ____D C:\Users\KEN\AppData\Roaming\KuGou7
2013-10-15 20:58 - 2013-10-15 20:58 - 00012548 _____ C:\Users\KEN\Desktop\hijackthis.log
2013-10-15 17:03 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\NDF
2013-10-15 16:56 - 2009-12-01 16:15 - 00000000 ____D C:\Users\KEN\AppData\Roaming\Adobe
2013-10-15 16:55 - 2009-07-14 00:33 - 04096696 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-15 16:17 - 2009-12-01 14:20 - 00005356 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-15 02:00 - 2009-12-01 16:15 - 00000000 ____D C:\ProgramData\Adobe
2013-10-15 00:05 - 2009-12-01 16:15 - 00000000 ____D C:\Program Files\Adobe
2013-10-14 21:10 - 2009-12-01 16:15 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-13 03:05 - 2010-04-14 14:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-13 03:04 - 2010-06-08 18:37 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-10-10 19:33 - 2013-10-10 19:33 - 00001040 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-10-09 14:51 - 2012-04-02 19:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 14:51 - 2011-05-17 15:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 07:05 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2013-10-09 06:31 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-08 22:11 - 2013-07-12 23:27 - 00000000 ____D C:\Windows\system32\MRT
2013-10-08 22:08 - 2009-12-01 14:21 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-08 22:07 - 2009-12-01 16:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-08 07:32 - 2013-10-08 07:32 - 00000000 ____D C:\Users\KEN\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2013-10-07 07:02 - 2012-08-07 06:35 - 00000000 ____D C:\Users\KEN\AppData\Roaming\Media Player Classic
2013-10-05 13:39 - 2013-10-05 13:38 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-05 13:39 - 2013-10-05 13:38 - 00000000 ____D C:\Program Files\iTunes
2013-10-05 13:39 - 2012-10-02 06:54 - 00001713 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-05 13:38 - 2013-10-05 13:38 - 00000000 ____D C:\Program Files\iPod
2013-10-05 13:38 - 2010-05-29 15:35 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-10-04 15:23 - 2013-10-20 04:55 - 00093152 _____ (Panda Security S.L.) C:\Windows\system32\PCloudCleanerService.EXE
2013-10-01 06:33 - 2011-10-08 07:55 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-10-01 06:32 - 2013-10-01 06:32 - 00002070 _____ C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2013-10-01 06:32 - 2013-10-01 06:32 - 00001956 _____ C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2013-10-01 06:23 - 2013-10-01 06:23 - 00001994 _____ C:\Users\Public\Desktop\Adobe Update Management Tool.lnk
2013-10-01 05:20 - 2012-10-07 20:50 - 00000000 ____D C:\Users\KEN\Documents\Outlook Files
2013-10-01 05:17 - 2012-05-01 19:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-01 05:04 - 2013-09-30 19:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-01 05:04 - 2009-12-01 16:57 - 00000000 ____D C:\Users\KEN\AppData\Local\Mozilla
2013-09-27 16:30 - 2013-05-28 07:12 - 00001908 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-09-27 03:00 - 2009-07-13 22:04 - 00000572 _____ C:\Windows\win.ini
2013-09-22 19:28 - 2013-10-08 22:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-22 19:28 - 2013-10-08 22:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-22 19:28 - 2013-10-08 22:06 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-22 19:27 - 2013-10-08 22:06 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-22 19:27 - 2013-10-08 22:06 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-22 19:27 - 2013-10-08 22:06 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-22 19:27 - 2013-10-08 22:06 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-22 19:27 - 2013-10-08 22:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-22 19:27 - 2013-10-08 22:06 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-22 19:27 - 2013-10-08 22:06 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-22 19:27 - 2013-10-08 22:06 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-22 19:27 - 2013-10-08 22:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-22 19:27 - 2013-10-08 22:06 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-22 19:27 - 2013-10-08 22:06 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-11 14:35

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-10-2013 01
Ran by KEN at 2013-10-21 22:11:42
Running from F:\
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

Could not list Security Center items. Check WMI.

==================== Installed Programs ======================

µTorrent (Version: 3.1.3)
7-Zip 9.22beta
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.8) (Version: 10.1.8)
AdvancedDefrag 4.2
Allok Video to DVD Burner 2.2.0429
AnyDVD (Version: 7.1.6.0)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
ASUSUpdate
Atheros Communications Inc.(R) L2 Fast Ethernet Driver (Version: 2.6.7.10)
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
BaiduPlayer1.19.0.110 (Version: 1.19.0)
Bdvb Update Helper (Version: 1.3.29.11)
Bigasoft iPhone Ringtone Maker 1.9.1.4331
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.04)
ConvertXtoDVD 4.1.19.365 (Version: 4.1.19.365)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Pro (Version: 5.1.0.0333)
Defraggler (Version: 2.15)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab 8.2.2.8 (26/02/2013) Qt
Elevated Installer (Version: 2.1.13)
ESET NOD32 Antivirus (Version: 6.0.316.0)
Flash Player Pro V5.5
Garmin Express (Version: 2.1.13)
Garmin Express Tray (Version: 2.1.13)
Garmin Update Service (Version: 2.1.13)
Google Chrome (HKCU Version: 30.0.1599.101)
Google Update Helper (Version: 1.3.21.165)
HijackThis 2.0.2 (Version: 2.0.2)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 4500 G510n-z (Version: 13.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
iCloud (Version: 1.1.0.40)
ImgBurn (Version: 2.5.7.0)
iTunes (Version: 11.1.1.11)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Codec Pack 8.9.2 (Full) (Version: 8.9.2)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft DirectX Transform optional components
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Mouse and Keyboard Center (Version: 2.0.162.0)
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Works (Version: 9.7.0621)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyFreeCodec
NJStar Chinese WP (Version: 5.10)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017)
Panda Cloud Cleaner (Version: 1.0.76)
PC Probe II (Version: 1.04.23)
PCI Audio Applications
PCI Audio Driver
PhotoScape
PowerWord2010 Oxford Ultimate (Version: 2010.6.3.6.2)
PPStream V2.7.0.1495 Final (Version: 2.7.0.1495)
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.74.80.86)
RealPlayer
Realtime Landscaping Plus 5 (Version: 5.0.4)
Revo Uninstaller Pro 2.5.1 (Version: 2.5.1)
Samsung Kies (Version: 2.5.3.13043_14)
Samsung Story Album Viewer (Version: 1.0.0.13054_1)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0)
Shop for HP Supplies (Version: 13.0)
Speccy (Version: 1.21)
Super Hide IP (Version: 3.2.3.6)
SUPERAntiSpyware Free Edition (Version: 4.35.0.1002)
System Requirements Lab
The KMPlayer (remove only)
TURBOFloorPlan3D Home & Landscape PRO 15
Ultra MKV Converter 3.2.0610
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
VSO ConvertXToDVD (Version: 5.0.0.44)
VSO Downloader 3.0.2.0 (Version: 3.0.2.0)
VSO EVE Network Driver version 0.4 (Version: 0.4)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner (Version: 1.0.0.0)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
WinX HD Video Converter Deluxe 3.12.2
YouTube To MP3 V1.5.0 (Version: 1.5.0)
ZC DVD Creator Platinum 6.6.7
百度视频·PC版 (Version: 2.5.0.19)

==================== Restore Points =========================

Could not list Restore Points. Check WMI.

==================== Hosts content: ==========================

2009-07-13 22:04 - 2013-03-10 18:26 - 00000972 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 support.apowersoft.com
127.0.0.1 www.apowersoft.com
127.0.0.1 apowersoft.com

==================== Scheduled Tasks (whitelisted) =============

Task: {012E010B-2E77-41EB-AE94-401B67537773} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {1BAF62FE-BC75-4636-AFDF-22B55C9142B0} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {30920987-7760-45E3-A33B-3BF11CE5E74B} - System32\Tasks\GoogleUpdateTaskMachineCore1ce7e9dbb5632fa => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-06] (Google Inc.)
Task: {3C38C2E9-EBD2-4F35-9058-9D0EABB5A4C6} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {4021D1CE-E3CC-44F8-9843-1DAEF7A88C0E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
Task: {46E51DA2-3977-46C2-8055-3EC1A0C95C48} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3240971326-915861023-1393506679-1000UA1ce7b25acd4a9f9 => C:\Users\KEN\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-19] (Google Inc.)
Task: {5C0BD10C-D7A1-4CAC-9F68-A40B9C57996E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {5C337137-3625-40EC-9C58-3848364D1CD4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {79D940F5-AD19-4E63-801E-14928BA55C4D} - System32\Tasks\AdobeAAMUpdater-1.0-SAM-PC-KEN => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {7A61EBB7-CAC0-4EB1-BD78-D1381F6EE681} - System32\Tasks\{2240E174-BCB5-411B-BC39-549EF524C05F} => Firefox.exe 
Task: {9ED255D0-B9C2-4787-9E3D-9A4A17DC42F4} - System32\Tasks\GoogleUpdateTaskMachineUA1ce7aa6ddde4746 => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-06] (Google Inc.)
Task: {9F4971BE-00A4-4562-AFBB-C6D46534C689} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {A790CE7A-69CB-47E5-9305-D0025153B525} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AE8B61AF-D251-4FB2-B3CC-21C6A3B67698} - System32\Tasks\BaiduVbUpdateTaskMachineCore => C:\Program Files\Baidu\VbUpdate\BdvbUpdate.exe [2013-07-24] (Baidu Inc.)
Task: {BDBA2DDA-0072-4928-97B6-5DFCC3B85CDA} - System32\Tasks\ASUS\ASUS ACPI Service Provider => C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe [2007-05-24] ()
Task: {DD3ADF76-470B-42C5-9954-E5FA0EBA7C69} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files\ASUS\AASP\1.00.33\AsLoader.exe [2007-03-22] ()
Task: {E2AF7A52-5A31-45A4-A9AE-C26ED46C534C} - System32\Tasks\BaiduVbUpdateTaskMachineUA1ce88e5951504cd => C:\Program Files\Baidu\VbUpdate\BdvbUpdate.exe [2013-07-24] (Baidu Inc.)
Task: {E6B62177-F669-4B70-9A86-48A67C837AA5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3240971326-915861023-1393506679-1000Core1ce7b25abcc713a => C:\Users\KEN\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-19] (Google Inc.)
Task: {F96E03F2-DCCD-4779-940A-FB97E62CA527} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BaiduVbUpdateTaskMachineCore.job => C:\Program Files\Baidu\VbUpdate\BdvbUpdate.exe
Task: C:\Windows\Tasks\BaiduVbUpdateTaskMachineUA1ce88e5951504cd.job => C:\Program Files\Baidu\VbUpdate\BdvbUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce7e9dbb5632fa.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce7aa6ddde4746.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3240971326-915861023-1393506679-1000Core1ce7b25abcc713a.job => C:\Users\KEN\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3240971326-915861023-1393506679-1000UA1ce7b25acd4a9f9.job => C:\Users\KEN\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Faulty Device Manager Devices =============

Could not list Devices. Check WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/20/2013 03:11:14 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154, Class not registered
.

Operation:
Set Snapshot Context

Context:
Execution Context: Requestor

Error: (10/20/2013 03:11:14 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and Name Software Provider is [0x80040154, Class not registered
].

Operation:
Set Snapshot Context

Context:
Execution Context: Requestor

Error: (10/20/2013 00:00:01 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154, Class not registered
.

Operation:
Instantiating VSS server

Error: (10/20/2013 00:00:01 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name IVssCoordinatorEx2 is [0x80040154, Class not registered
].

Operation:
Instantiating VSS server

Error: (10/20/2013 00:00:01 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154, Class not registered
.

Operation:
Instantiating VSS server

Error: (10/20/2013 00:00:01 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name IVssCoordinatorEx2 is [0x80040154, Class not registered
].

Operation:
Instantiating VSS server

Error: (10/20/2013 00:00:01 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154, Class not registered
.

Operation:
Instantiating VSS server

Error: (10/20/2013 00:00:01 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name IVssCoordinatorEx2 is [0x80040154, Class not registered
].

Operation:
Instantiating VSS server

Error: (10/19/2013 03:57:28 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154, Class not registered
.

Operation:
Instantiating VSS server

Error: (10/19/2013 03:57:28 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name IVssCoordinatorEx2 is [0x80040154, Class not registered
].

Operation:
Instantiating VSS server

System errors:
=============
Error: (10/21/2013 10:09:01 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AsIO
AVGIDSDriver
AVGIDSShim
Avgldx86
discache
eamonm
ehdrv
ElbyCDIO
goavmor
SASDIFSV
SASKUTIL
spldr
unfws
Wanarpv6

Error: (10/21/2013 10:08:56 PM) (Source: Service Control Manager) (User: )
Description: The Hotspot Shield Service service depends the following service: taphss. This service might not be installed.

Error: (10/21/2013 10:08:52 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:15:53 PM on ‎10/‎21/‎2013 was unexpected.

Error: (10/21/2013 10:08:28 PM) (Source: sptd) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (10/21/2013 04:27:52 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (10/21/2013 04:27:37 PM) (Source: DCOM) (User: )
Description: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

Error: (10/21/2013 04:26:55 PM) (Source: Service Control Manager) (User: )
Description: The System Event Notification Service service depends on the COM+ Event System service which failed to start because of the following error: 
%%0

Error: (10/21/2013 04:26:55 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{1BE1F766-5536-11D1-B726-00C04FB926AF}UnavailableNT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (10/21/2013 04:26:53 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:25:24 PM on ‎10/‎21/‎2013 was unexpected.

Error: (10/21/2013 04:10:37 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Microsoft Office Sessions:
=========================
Error: (10/20/2013 03:11:14 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154, Class not registered

Operation:
Set Snapshot Context

Context:
Execution Context: Requestor

Error: (10/20/2013 03:11:14 PM) (Source: VSS)(User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}Software Provider0x80040154, Class not registered

Operation:
Set Snapshot Context

Context:
Execution Context: Requestor

Error: (10/20/2013 00:00:01 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154, Class not registered

Operation:
Instantiating VSS server

Error: (10/20/2013 00:00:01 AM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80040154, Class not registered

Operation:
Instantiating VSS server

Error: (10/20/2013 00:00:01 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154, Class not registered

Operation:
Instantiating VSS server

Error: (10/20/2013 00:00:01 AM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80040154, Class not registered

Operation:
Instantiating VSS server

Error: (10/20/2013 00:00:01 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154, Class not registered

Operation:
Instantiating VSS server

Error: (10/20/2013 00:00:01 AM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80040154, Class not registered

Operation:
Instantiating VSS server

Error: (10/19/2013 03:57:28 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154, Class not registered

Operation:
Instantiating VSS server

Error: (10/19/2013 03:57:28 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80040154, Class not registered

Operation:
Instantiating VSS server

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3447.24 MB
Available physical RAM: 2934.95 MB
Total Pagefile: 6892.77 MB
Available Pagefile: 6425.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1926.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:45.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Local Disk) (Fixed) (Total:149.05 GB) (Free:53.18 GB) NTFS
Drive f: () (Removable) (Total:3.78 GB) (Free:3.77 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: B7F23622)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: D3BDD3BD)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 4 GB) (Disk ID: 6F20736B)
No partition Table on disk 2.
Disk 2 is a removable device.

==================== End Of Log ============================

P.S
made a recovery disc from m son's laptop, his is 64-bit, and mine is 32-bit, doesnt seem to work, still couldn't load Windows.


----------



## JSntgRvr (Jul 1, 2003)

There seems to be an issue with Windows Management instrumentation. Lets start by checking the files' integrity.

Click on the Orb button. Type *CMD* and press *CTRL+SHIFT+ENTER*. That should open an administrator command prompt. At the prompt type the following and press Enter:

*SFC /ScanNow*

Once completed, restart and run *FRST* once again and post the new log. (Please delete the current Additional.txt prior to running FRST)


----------



## eltonsammy (Mar 9, 2007)

just got home from work, since my pc wont load Windows, i have to do this in safe mode, what i did was:
start>type CMD and press CTRL+SHIFT+ENTER, Administrator box appear on the screen, then type sfc/scannow, unfortunately it says 'windows resources protection could not start the repair service.'
am i missed something?


----------



## JSntgRvr (Jul 1, 2003)

Please download *Farbar Service Scanner* and run it on the computer with the issue.
Make sure all options are checked:


Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is ran.
Please copy and paste the log to your reply.


----------



## eltonsammy (Mar 9, 2007)

sorry for taking so long

Farbar Service Scanner Version: 20-10-2013
Ran by KEN (administrator) on 22-10-2013 at 18:15:28
Running from "F:\"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Minimal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:
The start type of Nsi service is OK.
The ImagePath of Nsi service is OK.
The ServiceDll of Nsi service is OK.

nsiproxy Service is not running. Checking service configuration:
The start type of nsiproxy service is OK.
The ImagePath of nsiproxy service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.

Firewall Disabled Policy: 
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy: 
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-10-08 16:28] - [2013-09-13 20:48] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-10-08 16:28] - [2013-09-07 22:07] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-17 06:32] - [2013-07-09 00:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-11 16:01] - [2013-05-27 00:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

thanks


----------



## JSntgRvr (Jul 1, 2003)

Download the enclosed file. Save it next to FRST. Run FRST, but this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

Attempt to boot in Normal Mode and let me know the outcome.


----------



## eltonsammy (Mar 9, 2007)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-10-2013 01
Ran by KEN at 2013-10-22 18:35:05 Run:4
Running from F:\
Boot Mode: Safe Mode (minimal)

==============================================

Content of fixlist:
*****************
Start
LastRegBack: 2013-10-11 14:35
End
*****************

Error: The restore operation should be done in the recovery mode.

==== End of Fixlog ====


----------



## eltonsammy (Mar 9, 2007)

pc still freeze while booting in normal mode


----------



## JSntgRvr (Jul 1, 2003)

I haven't done this before but, can you create your own recovery CD in Safe Mode?

*Create a Windows 7 System Repair Disc*

*Note:* the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.


Click on *Start(Windows 7 Orb)* >> *Run...*(or the Windows key and R together) to bring up the *Run* box, then copy/paste the following command into the box and click on *OK*:



> recdisc.exe



Allow the* UAC(User Account Control)* prompt via selecting *Yes*.
You should now see a menu like the below:-











Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on *Create disc*.
*Note:* If a *AutoPlay *window pops up, just close it.
When the SRD has been created you will see the below:-











Now click on *Close* >>* OK.* Leave the disc in the drive as we will be using it shortly.
You now have a *Windows 7 System Repair Disc*.

=====================================

If unable to do so, start the computer and start tapping on F8 until you reach the Advanced Menu. Is there a Repair my computer option within?


----------



## JSntgRvr (Jul 1, 2003)

If having issues with the above, attempt to perform a clean boot.

These are the instructions: http://support.microsoft.com/kb/331796

Let me know if successfully boots into Normal Mode.


----------



## eltonsammy (Mar 9, 2007)

okay, i have created system repair disc, disc still in the drive, what's next? thanks


----------



## JSntgRvr (Jul 1, 2003)

Please download Farbar Recovery Scan Tool and save it to a flash drive. Download also the enclosed file to the flsh drive, next to FRST.

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter *System Recovery Options*.

*To enter System Recovery Options from the Advanced Boot Options:*
Restart the computer.
As soon as the BIOS is loaded begin tapping the* F8* key until Advanced Boot Options appears.
Use the arrow keys to select the *Repair your computer* menu item.
Select *US* as the keyboard language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account an click *Next*.
*Note*: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

*To enter System Recovery Options by using Windows installation disc:*
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click *Repair your computer*.
Select *US* as the keyboard language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account and click *Next*.
*On the System Recovery Options menu you will get the following options:*
*Startup Repair*
*System Restore*
*Windows Complete PC Restore*
*Windows Memory Diagnostic Tool*
*Command Prompt*
Select *Command Prompt*

*Once in the Command Prompt:*
In the command window type in *notepad* and press *Enter*.
The notepad opens. Under File menu select *Open*.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type *e:\frst* (for x64 bit version type *e:\frst64*) and press *Enter*
*Note:* Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press *Fix* button and wait
The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.


----------



## eltonsammy (Mar 9, 2007)

"no fixlist.txt found"

above is the message from using disc in command prompt


----------



## eltonsammy (Mar 9, 2007)

also when i use the repair disc to do startup repair, it says "startup repair could not detect a problem"

it has an option i can do system restore back to 2 weeks ago, should i do system restore instead?


----------



## JSntgRvr (Jul 1, 2003)

Please do. It seems more like a hardware issue than software. You do however have some undesired programs running.
If after System Restore still only boots in Safe Mode, then try the Clean Boot.


----------



## eltonsammy (Mar 9, 2007)

Just finished system restore and seems like everything has back to normal, thank you for your help JSntgRvr's, thanks.


----------



## JSntgRvr (Jul 1, 2003)

If you wish we can scan your computer for malware. Torrents, as well as many undesired programs will be deleted. Just let me know if you wish to do so.


----------



## eltonsammy (Mar 9, 2007)

sure, can you please do a malware scan for me, thanks


----------



## JSntgRvr (Jul 1, 2003)

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Run adwCleaner.

Download : *ADWCleaner* to your desktop.

*NOTE:* If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the *AdwCleaner* icon.










Click on *Scan* and follow the prompts. Let it run unhindered. When done, click on the *Clean* button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt








Please download Malwarebytes' Anti-Malware from *Here*.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:

*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.*


----------



## eltonsammy (Mar 9, 2007)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x86
Ran by KEN on 10/23/2013 Wed at 19:26:09.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [Service] hshld 
Successfully deleted: [Service] hshld 
Successfully stopped: [Service] hsstrayservice 
Successfully deleted: [Service] hsstrayservice

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC}

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mediafinder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\freecause
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\download with &media finder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2776682
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3072253
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289075
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_guitar-pro_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_guitar-pro_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_minecraft_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_minecraft_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_renegade-paintball_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_renegade-paintball_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9DDD8481-FF00-4F13-8CC9-BDBDFC4D37CC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"

~~~ Files

Successfully deleted: [File] "C:\Windows\System32\Tasks\scheduled update for ask toolbar"
Successfully deleted: [File] "C:\Windows\system32\roboot.exe"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\wecarereminder"
Successfully deleted: [Folder] "C:\Users\KEN\AppData\Roaming\baidu"
Successfully deleted: [Folder] "C:\Users\KEN\AppData\Roaming\media finder"
Successfully deleted: [Folder] "C:\Users\KEN\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\KEN\AppData\Roaming\thinstall"
Successfully deleted: [Folder] "C:\Users\KEN\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\KEN\appdata\local\baidu"
Successfully deleted: [Folder] "C:\Users\KEN\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\KEN\appdata\local\cre"
Failed to delete: [Folder] "C:\Users\KEN\appdata\locallow\baidu"
Successfully deleted: [Folder] "C:\Users\KEN\appdata\locallow\conduit"
Failed to delete: [Folder] "C:\Program Files\baidu"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\myfree codec"
Successfully deleted: [Folder] "C:\Program Files\oapps"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Users\KEN\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"

~~~ FireFox

Successfully deleted: [File] C:\Users\KEN\AppData\Roaming\mozilla\firefox\profiles\42bi112j.default\user.js
Successfully deleted: [File] C:\Users\KEN\AppData\Roaming\mozilla\firefox\profiles\42bi112j.default\searchplugins\askcom.xml
Successfully deleted: [Folder] C:\Users\KEN\AppData\Roaming\mozilla\firefox\profiles\42bi112j.default\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@baidu.com/npxbdsetup
Successfully deleted the following from C:\Users\KEN\AppData\Roaming\mozilla\firefox\profiles\42bi112j.default\prefs.js

user_pref("CT3072253.129571859753082121.isToggled_item0_11", "true");
user_pref("CT3072253.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3072253.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3072253.FirstTime", "true");
user_pref("CT3072253.FirstTimeFF3", "true");
user_pref("CT3072253.UserID", "UN16388617432429530");
user_pref("CT3072253.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT3072253.autoDisableScopes", 0);
user_pref("CT3072253.cbcountry_001", "US");
user_pref("CT3072253.cbfirsttime", "Mon Jul 23 2012 21:38:50 GMT-0400 (Eastern Daylight Time)");
user_pref("CT3072253.defaultSearch", "FALSE");
user_pref("CT3072253.embeddedsData", "[{\"appId\":\"129571859753931591\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT3072253.enableAlerts", "always");
user_pref("CT3072253.enableSearchFromAddressBar", "FALSE");
user_pref("CT3072253.firstTimeDialogOpened", "true");
user_pref("CT3072253.fixPageNotFoundError", "true");
user_pref("CT3072253.fixPageNotFoundErrorInHidden", "true");
user_pref("CT3072253.fixUrls", true);
user_pref("CT3072253.installId", "fft873A.tmp.exe");
user_pref("CT3072253.installType", "XPE");
user_pref("CT3072253.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3072253.isNewTabEnabled", false);
user_pref("CT3072253.isPerformedSmartBarTransition", "true");
user_pref("CT3072253.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3072253.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fblog.teesupport.com%2Fhow-to-removeuninstall-utorrentbar-toolbar-ut
user_pref("CT3072253.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3072253.openThankYouPage", "false");
user_pref("CT3072253.openUninstallPage", "FALSE");
user_pref("CT3072253.search.searchAppId", "129571859753931591");
user_pref("CT3072253.search.searchCount", "2");
user_pref("CT3072253.searchInNewTabEnabled", "false");
user_pref("CT3072253.searchInNewTabEnabledInHidden", "true");
user_pref("CT3072253.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3072253.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3072253.sendUsageEnabled", "false");
user_pref("CT3072253.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3072253.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT3072253.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3072253\"}");
user_pref("CT3072253.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControl2.OurToolbar.com//xpi\"}");
user_pref("CT3072253.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl2\"}");
user_pref("CT3072253.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3072253.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT3072253.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1343093927994");
user_pref("CT3072253.serviceLayer_services_appTracking_lastUpdate", "1343093929340");
user_pref("CT3072253.serviceLayer_services_appsMetadata_lastUpdate", "1343179577787");
user_pref("CT3072253.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1343093928910");
user_pref("CT3072253.serviceLayer_services_login_10.10.20.14_lastUpdate", "1343255392221");
user_pref("CT3072253.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1343093928864");
user_pref("CT3072253.serviceLayer_services_searchAPI_lastUpdate", "1343180328672");
user_pref("CT3072253.serviceLayer_services_serviceMap_lastUpdate", "1343180327311");
user_pref("CT3072253.serviceLayer_services_toolbarContextMenu_lastUpdate", "1343093928624");
user_pref("CT3072253.serviceLayer_services_toolbarSettings_lastUpdate", "1343255392166");
user_pref("CT3072253.serviceLayer_services_translation_lastUpdate", "1343180327393");
user_pref("CT3072253.settingsINI", true);
user_pref("CT3072253.shouldFirstTimeDialog", "false");
user_pref("CT3072253.smartbar.CTID", "CT3072253");
user_pref("CT3072253.smartbar.Uninstall", "1");
user_pref("CT3072253.smartbar.toolbarName", "uTorrentControl2 ");
user_pref("CT3072253.toolbarBornServerTime", "24-7-2012");
user_pref("CT3072253.toolbarCurrentServerTime", "26-7-2012");
user_pref("CT3072253.url_history0001", "hxxp://heavens-above.biz/browse.php:::clickhandler:::1343212693923,,,hxxp://heavens-above.biz/userdetails.php?id=21003#:::clickhandler:
user_pref("CT3289075_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1379029807629,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("extensions.5033681c5e9f1.scode", "(function(){try{if('aol.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,s
user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
user_pref("extensions.asktb.apn_dbr", "ff_19.0");
user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
user_pref("extensions.asktb.cbid", "^6E");
user_pref("extensions.asktb.config-updated", false);
user_pref("extensions.asktb.cr-o", "102874cr");
user_pref("extensions.asktb.crumb", "2013.03.02+15.24.03-toolbar013iad-US-RmFpcmZpZWxkLENULFVuaXRlZCBTdGF0ZXM%3D");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}&gct=bar");
user_pref("extensions.asktb.displaybehavior", "");
user_pref("extensions.asktb.displaytext", "");
user_pref("extensions.asktb.dtid", "^YYYYYY^YY^US");
user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "USCT0073");
user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "F");
user_pref("extensions.asktb.ff-original-keyword-url", "");
user_pref("extensions.asktb.ff19-config-first-run", "true");
user_pref("extensions.asktb.first-launch-url", "hxxp://client.superhideip.com/client/?PID=SHI&ACTION=installed&IVER=3.2.3.6&ILAN=");
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.guid", "c29ba541-0c81-4208-ae1c-b443fd803e4e");
user_pref("extensions.asktb.hpr", "YES");
user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp
user_pref("extensions.asktb.if", "first");
user_pref("extensions.asktb.keyword-toggled-in-session", true);
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1362266798366");
user_pref("extensions.asktb.locale", "en_US");
user_pref("extensions.asktb.location", "Fairfield,CT,United States");
user_pref("extensions.asktb.lstation", "");
user_pref("extensions.asktb.new-tab-opt-out", true);
user_pref("extensions.asktb.news-native-on", true);
user_pref("extensions.asktb.o", "102874");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.pstate", "");
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "19");
user_pref("extensions.asktb.sa", "YES");
user_pref("extensions.asktb.saguid", "0FCDD1C3-49F4-4453-808C-4B7C12F50F9F");
user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
user_pref("extensions.asktb.socialmini-first", true);
user_pref("extensions.asktb.socialmini-interval", "1200000");
user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
user_pref("extensions.asktb.socialmini-max-items", "30");
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.socialmini-speed", "10000");
user_pref("extensions.asktb.socialmini-transition-first-open", false);
user_pref("extensions.asktb.themeid", "");
user_pref("extensions.asktb.timeinstalled", "3/2/2013 6:24:31 PM");
user_pref("extensions.asktb.to", "");
user_pref("extensions.asktb.v", "3.15.15.100013");
user_pref("extensions.asktb.version", "5.15.15.35882");
user_pref("extensions.asktb.volume", "");
user_pref("plugin.state.npconduitfirefoxplugin", 0);
user_pref("smartbar.machineId", "TZGLXU26QKMSC1F0MX37TNSY9YTEI57B8KBPOKZXWFNNKQYN+RHQ1RL4A3RU7LYOW/JQLHTRQNLVJCUDXBVJGG");
Emptied folder: C:\Users\KEN\AppData\Roaming\mozilla\firefox\profiles\42bi112j.default\minidumps [401 files]

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/23/2013 Wed at 19:30:23.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## eltonsammy (Mar 9, 2007)

# AdwCleaner v3.010 - Report created 23/10/2013 at 19:35:37
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : KEN - SAM-PC
# Running from : C:\Users\KEN\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Deleted : C:\Program Files\baidu
Folder Deleted : C:\Users\KEN\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\KEN\AppData\LocalLow\baidu
Folder Deleted : C:\Users\KEN\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\[email protected]
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75695752-52A2-470F-828B-767374BBDDED}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75695752-52A2-470F-828B-767374BBDDED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE26843-9171-4F23-A8E5-5421701276A4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{82EA3E77-7BD2-4744-A8F2-670770767EC5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{82EA3E77-7BD2-4744-A8F2-670770767EC5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82EA3E77-7BD2-4744-A8F2-670770767EC5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\KEN\AppData\Roaming\Mozilla\Firefox\Profiles\42bi112j.default\prefs.js ]

Line Deleted : user_pref("CT3072253.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3072253.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3072253.embeddedsData", "[{\"appId\":\"129571859753931591\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3072253.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3072253.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3072253.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fblog.teesupport.com%2Fhow-to-removeuninstall-utorrentbar-toolbar-utorrent-browser-bar-remova[...]
Line Deleted : user_pref("CT3072253.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3072253.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3072253.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3072253.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3072253.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3072253\"}");
Line Deleted : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControl2.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl2\"}");
Line Deleted : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3072253.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3289075_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1379029807629,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Line Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Line Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]

-\\ Google Chrome v

[ File : C:\Users\KEN\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

*************************

AdwCleaner[R0].txt - [7305 octets] - [23/10/2013 19:33:57]
AdwCleaner[S0].txt - [6618 octets] - [23/10/2013 19:35:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6678 octets] ##########


----------



## eltonsammy (Mar 9, 2007)

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.23.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16721
KEN :: SAM-PC [administrator]

Protection: Disabled

10/23/2013 7:49:30 PM
mbam-log-2013-10-23 (19-49-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240176
Time elapsed: 12 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## JSntgRvr (Jul 1, 2003)

How is the computer doing?


----------



## eltonsammy (Mar 9, 2007)

it is doing fine at this time


----------



## JSntgRvr (Jul 1, 2003)

Congratulations.

*The tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed. Thus, they should be removed, as well as the folders created by these tools.*

Remove the *C:\FRST* folder.

Run and uninstall AdwCleaner.

Manually remove any tool left.

You can keep Malwarebytes antimalware. It is a good application.

Here are some suggestions.


Always keep your *JAVA* updated. Older versions will make your computer vulnerable.

*Windows Updates* - It is *very important* to make sure that both Internet Explorer and Windows are kept current with *the latest critical security patches* from Microsoft.

*ERUNT* (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read * this article * by *Miekiemoes*.

Best wishes!


----------



## eltonsammy (Mar 9, 2007)

thank you very much for your help JSntgRvr, i will keep your suggestions in mind, and am will creat a ERUNT disc as well.


----------

