Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

mshta pop-up [Solved]

Started by porew , Feb 08 2014 08:44 PM

  • This topic is locked This topic is locked
25 replies to this topic

#1 porew

porew

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 08 February 2014 - 08:44 PM

Hi
i have a similar problem with this topic 
http://forums.whatth...howtopic=125485

where there is a pop-up which leading to a japanese porn site...

 

OTL logfile created on: 2/9/2014 10:35:58 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Porew\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 30.07% Memory free
6.00 Gb Paging File | 3.24 Gb Available in Paging File | 54.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 53.37 Gb Free Space | 11.46% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 23.81 Gb Free Space | 7.99% Space Free | Partition Type: NTFS
 
Computer Name: POREW-PC | User Name: Porew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Porew\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Porew\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
PRC - C:\Users\Porew\AppData\Roaming\Copy\CopyAgent.exe (Barracuda Networks, Inc.)
PRC - C:\Users\Porew\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe ()
PRC - C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Adobe Systems Incorporated)
PRC - C:\Users\Porew\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\OpenBitCoin\daemon.exe ()
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\UnsignedThemesSvc.exe (The Within Network, LLC)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe (Creative Technology Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Porew\AppData\Roaming\Copy\AgentSync.dll ()
MOD - C:\Users\Porew\AppData\Roaming\Copy\Brt.dll ()
MOD - C:\Users\Porew\AppData\Roaming\Copy\CloudSync.dll ()
MOD - C:\Users\Porew\AppData\Roaming\Copy\Gui.dll ()
MOD - C:\Users\Porew\AppData\Local\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Porew\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Porew\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
MOD - C:\Users\Porew\AppData\Local\Google\Chrome\Application\32.0.1700.107\libglesv2.dll ()
MOD - C:\Users\Porew\AppData\Local\Google\Chrome\Application\32.0.1700.107\libegl.dll ()
MOD - C:\Users\Porew\AppData\Local\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll ()
MOD - C:\Users\Porew\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files\Adobe\Adobe Creative Cloud\HEX\libcef.dll ()
MOD - C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe ()
MOD - C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll ()
MOD - C:\Users\Porew\AppData\Roaming\Copy\overlay\Brt.dll ()
MOD - C:\Users\Porew\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Windows\System32\msiekx32.dll ()
MOD - C:\Program Files\OpenBitCoin\daemon.exe ()
MOD - C:\Program Files\OpenBitCoin\glut32.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Windows\System32\APOMngr.DLL ()
MOD - C:\Windows\System32\CmdRtr.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (LiveUpdateSvc) -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (appdrvrem01) -- C:\Windows\System32\appdrvrem01.exe (Protection Technology)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (xsherlock) -- C:\Windows\System32\xsherlock.xem (Wellbia.com Co., Ltd.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (BITCOMET_HELPER_SERVICE) -- C:\Program Files\BitComet\tools\BitCometService.exe (www.BitComet.com)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (UnsignedThemes) -- C:\Windows\UnsignedThemesSvc.exe (The Within Network, LLC)
SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (xhunter1) -- C:\Windows\xhunter1.sys File not found
DRV - (vtany) -- C:\Windows\vtany.sys File not found
DRV - (UrlFilter) -- C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys File not found
DRV - (MoborobodriverHelper) -- SysWOW64\drivers\MoborobodriverHelper64.sys File not found
DRV - (mcdbus) -- system32\DRIVERS\mcdbus.sys File not found
DRV - (gdrv) -- C:\Windows\gdrv.sys File not found
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (DgiVecp) -- C:\Windows\system32\Drivers\DgiVecp.sys File not found
DRV - (apf004) -- C:\Windows\System32\apf004.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (appdrv01) -- C:\Windows\System32\drivers\appdrv01.sys (Protection Technology)
DRV - (Neo_VPN) -- C:\Windows\System32\drivers\Neo_0096.sys (SoftEther Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (vididr) -- C:\Windows\System32\drivers\vididr.sys (Acronis)
DRV - (vidsflt53) -- C:\Windows\System32\drivers\vsflt53.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LEqdUsb) -- C:\Windows\System32\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV - (LHidEqd) -- C:\Windows\System32\drivers\LHidEqd.sys (Logitech, Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ivusb) -- C:\Windows\System32\drivers\ivusb.sys (Initio Corporation)
DRV - (uxpatch) -- C:\Windows\System32\drivers\uxpatch.sys ()
DRV - (s1029unic) -- C:\Windows\System32\drivers\s1029unic.sys (MCCI Corporation)
DRV - (s1029mdm) -- C:\Windows\System32\drivers\s1029mdm.sys (MCCI Corporation)
DRV - (s1029bus) -- C:\Windows\System32\drivers\s1029bus.sys (MCCI Corporation)
DRV - (s1029mdfl) -- C:\Windows\System32\drivers\s1029mdfl.sys (MCCI Corporation)
DRV - (s1029mgmt) -- C:\Windows\System32\drivers\s1029mgmt.sys (MCCI Corporation)
DRV - (s1029obex) -- C:\Windows\System32\drivers\s1029obex.sys (MCCI Corporation)
DRV - (s1029nd5) -- C:\Windows\System32\drivers\s1029nd5.sys (MCCI Corporation)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (ksaud) -- C:\Windows\System32\drivers\ksaud.sys (Creative Technology Ltd.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn....opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 68 4C 4E DC 82 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{055436DA-05BA-40C1-A53A-B022792A0473}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{0661DAD9-3379-435D-8268-D6955DDD623C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{082F00B5-1000-44C8-84CB-18BB34BBD8D2}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0A1E502D-3ED2-4D24-9870-B9A0E621E724}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0A6A7F9E-3FAC-45B2-94FB-E7E1A18CCC49}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0A85E31A-2DE6-46A3-9AA1-4636E202B164}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0CA6C45C-39CF-49E7-88AE-2E318AC6536F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0D0A2CD7-3DC5-4557-863D-A1DBEFB40030}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0E14EA38-2E3D-4EA6-8B00-EE59B6F85D3A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0EF50C8B-E11E-4D35-8B42-52D61131B1C2}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0F48C673-3D58-4F03-9572-A47B869A4F48}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0FB29380-9FB6-43E0-88EE-77F45569C307}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{10EEE150-DD46-4A02-BFE5-50D9FF82040B}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{119DCB9C-CD4C-4EBF-81CF-B6951435C2C6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{13C6ED5C-0A37-4877-844F-C85BB3D7F2E6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{1426545B-9B6E-4FB6-8C5B-918D90A360A6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{17254946-98CE-4500-B2FA-265D9E2BAE9E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{199CE0CC-56EC-48FB-9470-17CB817D6EE9}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{199CE2F7-A735-4945-8C07-E624F127B1FD}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{19E3E43E-1BE9-4BD6-B42D-AD581352F5A4}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{1A4542E9-F14A-4F6D-9F82-CE6324F2BF4C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{1EB81E2F-8627-4E4D-941C-202E170C98EC}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{1F06340A-9B81-4959-A505-A6E887B97D9A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{20A2D8B1-CC85-4A05-A2A3-0015128A1178}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{24F161CE-33E9-4F02-9E0F-E15028274175}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{26E908AF-391D-44BA-895F-969CBB483CF4}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{271F8F28-EC60-493B-9498-40FD74CED7EE}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{27A1C93E-6F06-4A9B-878A-26DC9AF33206}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2883A444-EF2C-4BC4-85A7-43D3271F2DB5}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{28D000A3-0312-40CE-A61B-8B41A3406D43}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{297E1EE7-7929-49CE-BE61-C7ABD3F985F0}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{299C9355-E438-45A3-B456-BD1AA397BD2B}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2A080ECA-E744-4F34-8515-7E68E5DD2EC3}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2B181C04-5825-404F-A785-16C2B4144B64}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2B355AA4-8846-4BFC-9C19-4FA16860DCF2}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2BAAFB28-F225-40BD-BBCB-621C0FBF4216}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2BBB21B6-4AFE-4D6B-9520-D6CC168908BA}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2C0787D8-FD51-4432-A218-EA7843787736}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2CD0EB02-4083-4B09-B7E8-0E26B5E43A3D}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2D4FF86E-461C-4460-B23A-FBDA0840D57C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2DCC93E6-1DD2-40CB-9FAD-53C5229D6825}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{310845BA-7881-4635-88DC-9BE9A2401CF0}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{3150FD74-EB4A-4B14-8459-9C8F89BC6FCB}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{3222F42E-3031-477F-A1FF-96E061E732BE}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{33958D5B-2F9D-41DB-93A7-375B36A60066}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{33AD292A-E1F6-41CE-85E0-C9B99098A66C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{33C23E1B-2655-46CF-B1B9-EDFFD6F63B4A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{3536C68A-46AD-4FAF-8B38-6840E0D8319A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{36ABEE46-7158-4F28-BF22-72630E551FF6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{36D3C9B1-EFDF-42C7-BEB8-0EFBD6915B21}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{38504F5E-9D00-4141-892C-EF0A1FD60D1F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{38E1E66A-3310-4196-916F-EB8825C56A8E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{39007A1D-7242-4446-BDB1-B7334212C236}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{3964FFF0-9A9A-4A3D-BDA4-9098CB745DB4}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{39F5BD11-D12A-4A99-8EF5-0016CA4E8660}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{3A557624-A41B-436C-83BD-7A3C68B9DD57}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{3B8DA2E3-7C5D-4CFC-BD61-438B3637EAC8}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{3D4BE040-F095-40FF-B830-D4CA71917AEA}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{3D7CC8D4-D591-4379-8665-A64B912A50E9}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{3E23E29F-2A2E-4B97-8F37-CB03B3D4C564}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{3F517F1F-A8F6-4D5E-B7BC-9F4A7E026875}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{3FBD84EC-62ED-40C4-BAFD-F5B4268201D3}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{3FC41641-A1DF-40E1-9019-048669259B58}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{400B686B-C420-4F9F-8D90-5C8EA3587403}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{40CB4C3D-567A-40E5-8A19-0C185D70B226}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{40E97276-EA86-4A80-BE0D-4A102E7940A6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{41296825-A219-4B41-B545-13315CD98C8C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{41A19AF6-1549-4C17-B390-DF6EA16EEEAC}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{4376307A-499E-41B1-9D84-06175371FD6D}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{438F6603-40C1-4AC3-AC4B-414A26583C8E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{43FF7164-86F2-4FC2-A845-CBBC19E05E3F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{451503B3-25ED-41CB-8D64-8D2B8B8EAD70}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{45E51F25-BBF8-4D99-9C4A-E9F86ACCA356}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{488265C7-6FFE-40F3-BC37-46AB99B1C69A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{48BBA6DB-7C47-4BBE-B9FF-8AC6F54E2D8C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{4A29DFC5-858A-4BDD-9FAD-00675E634BC9}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{4C3DAD4F-8ECF-4A50-8A89-206F6CD9B092}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{4E55DED3-D5BF-4961-A154-E803A9446130}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{4EBD9649-2CEA-4C3C-A590-E78C5AC1E81B}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{4EE209DB-D702-4342-8726-E1B1A70AC883}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{4FC1FA19-434B-4838-A05C-65F40C52C7B4}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{50B1DF32-4044-46A9-A257-B73FC1177D83}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{50BC2CBB-2F6F-4D4F-B42B-F7D2E8C7632C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{515759FB-4B28-4954-A5B8-4281EF25E36A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{51587A2A-6211-4DAC-A6A0-DD6774578897}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{51BB91BF-7FF9-4B72-AAC5-24053886E355}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{538A3AE4-391B-4E01-BDEC-B2F17993107F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{54B96705-B2D5-48BA-A51E-AD48914950BE}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{567147CD-738D-46F4-8C51-6B5E6492DD82}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{56AFB48E-CDB3-4F2E-BFA0-D9C69AEB38AD}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{5795C147-6EAF-4B4A-81AF-DB70D0D5976C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{57FA4139-3852-4A3B-83EF-C1977D01FE8E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{5AABBE92-C5E4-4E64-A7C2-7C24A5962891}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{5BA7570B-FD88-4EA0-AAC8-46F6D25441AE}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{5BF6DBCE-3400-4DDE-945D-C8AA08DE0FD5}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{5DC6A2C3-ADF6-4C56-A302-B2F71F9E5D8E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{5E6F5095-CD31-4730-A91E-A0F5A85E329F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{5F9C31BC-45EC-405D-8675-9A81EA4FCF69}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{5FCFCFBC-4EEB-4682-9916-8F714C6A2F52}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{60538AC5-48A9-4C46-99CF-3B52A728E94D}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{605C85D5-869F-4761-A211-2E157A30EEF5}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{617C0D38-33A7-4A4E-A400-36B5E9AF0791}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{618DC1C4-2AF5-4629-B4C7-B5D55C473CA4}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{6196E2B7-925C-4567-A414-98DA14E3212A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{62440F63-8845-4285-8E87-8C49A5C0D428}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{627E5324-1E40-422D-BB0B-E4C259D8642F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{63686394-7151-4BEA-9AF1-0FFFE48BAC05}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{650338F4-E479-4ABC-9525-A002B0E8C155}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{67611255-0BE1-4ED0-A787-294CACE96745}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{680B27DB-C92A-47C4-B567-2D21D5622DD0}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{69F82FD8-7B46-424C-9492-6263838ABB3C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{6A01F2C2-5F00-4EB4-9488-637FD813030F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{6AC90675-E394-4C98-9B45-FB52C08E29E6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{6BDBC343-DE6A-43B7-BB8F-61CD29455E88}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{6D3037A5-E203-4D0D-AE71-C742D1B202D8}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{6F9CF137-01F9-4CE0-8205-AA8C74D4FADD}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{70DC9430-5EEC-4F97-9FDB-62287739AB81}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{73391210-AB98-46A8-83E1-8DFB126F9B2A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{73491C78-EF0F-4351-9F95-67571B73C9B7}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{73A6AC4F-160D-47F5-8711-6C62048F1EB2}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{73A715B2-C1C3-45FC-9166-19BC0541C827}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{73B69B46-7400-408F-A87A-3F5F29F0686E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{74E94711-5999-4DE6-9DEA-83F7EDB9B8FE}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{76243BCE-9713-4E8F-BE1A-341C7E69F896}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{764BB876-45A8-4889-A51E-ACB52DD70B30}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{77A4A71E-5997-437B-813E-96F9B9164A40}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{78B70348-8721-418E-BFFC-C336DAEF5D2A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{7923BC9A-CE2D-446B-88C6-CCE4A749856C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{79286752-3ACC-4965-91A4-3E4AFEE411DA}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{79F990E8-407A-40A5-B02B-3AAD1BDCD656}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{7ABCD128-A1B1-40B0-BDC4-EB030EDE59E6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{7AF19D25-3AF6-4009-9FC0-063470BE4257}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{7D072B9F-E4A8-4058-91F3-FD47754B5140}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{7F24B5BB-CBE0-46FC-AC39-F69DFDEB4F2C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{7FF03F1E-A28F-4460-8DFE-EF5FA46E6D37}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{84A83ECC-AFEA-4357-8621-4570382FF28F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{84D92816-70C9-42ED-A72B-3F9D3E329D3E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{8534DF83-2579-49F9-B43A-921F64439389}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{85854B17-6DDB-416C-984D-A2F4AA81E4C8}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{85BD2F43-7D41-4126-8137-BD8C7208F9BA}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{869A0D40-87E6-4E73-864D-2B490BDF5C1E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{87D60AB0-D7A4-4497-8EBD-7600044CDFE0}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{88D59494-1D1B-4989-AE89-578EBCB07AC9}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{8979788E-03A6-4F52-A72C-5CEFB10359F1}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{89EB679B-3AD2-4DC6-B57E-DE1DD0663016}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{8B438605-623D-4FC5-9C8E-D40DB9232992}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{8B9AE4B0-9A9C-4C2A-9126-176635473A4B}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{8D0BB5B1-660B-4F2E-8E7B-46A40C96569C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{8D4F3865-914A-43F1-8704-159F18570CC6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{8F30CAD3-CAD6-4C34-AD4E-A8CBF0958274}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{903C9DE9-C581-4BFB-BC7C-230F5006CE9E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{90E6CDAA-4403-41F5-B3EA-28BEE307910F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9134D9B5-90FB-4B9F-B76F-75FB458FAE82}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{938B7EA1-250D-4F5C-ABE7-FC6F8D5AA28D}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{93E0234C-72AB-41B9-AF40-97B54F49DB83}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{93F8F818-3530-4465-ADE2-4E26B598CD2E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{948FC138-D15A-4781-BAB5-1F7155A50C37}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{95AC3189-6F6E-4B49-BC17-62ECE7B67D48}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{97127ACD-082A-49B0-8CE8-3A3F7E3AD059}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{97246DFE-6D61-4924-B104-FCEB1B7CA1E9}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{973F62E2-FE95-42A5-9F9F-1BD3E6E05B9F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9843A498-A1D7-4342-A787-1F42AB7A3233}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9A6A8284-0586-4BBD-A5EA-B9E3D3874250}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9B50AD3F-B8E8-46B3-9A40-6950AF270572}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9B96340B-B611-4B6E-B7D1-384D78D95168}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9BF959C3-5D00-46C4-B409-E1260A955F7A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9D00197F-33A4-4632-96F6-142A35825B96}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9D38E30E-B30D-43B0-A239-8E6FFAE674DB}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9DBF795F-1A91-4A48-A647-A6C1AD51F00C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9DF9D890-46C8-4AF8-93DC-57D98917355D}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9F076907-9060-473F-853F-A5CBAE452930}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A0022194-C233-4F7B-966D-4CEE66DAAB1E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A0EA8D67-9459-4BC5-88C8-B2A2FFF6B723}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A165ACCE-044A-42E2-B4D6-FFD44291A26F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A2B0A0FD-412F-48C0-81F4-772E94478A58}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A3002983-C361-479A-99C0-417440818DAC}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A3FB8E3A-0F05-4ADE-A91D-8AF26DDEC0AA}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A4CBDBFA-1EC8-489B-AD10-F74A1604731F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A567B4DC-2488-4D2B-8859-1A23AC95F6D9}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A5A16DAC-317D-4D7A-8D13-9CE5D28B05BF}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A6B9C26A-A5A8-42E1-942D-98FDA6D00F11}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A791D6A3-CACF-428A-A224-7C38F12EB788}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A7E93B1E-34DC-4540-BC40-2CF096AD645B}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A80BDA84-54C3-462F-BF8E-515E4AA93BA2}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A80E38CF-D351-4CDD-AC79-5F8E8840AE1A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A8CD29F4-7086-45B3-B74E-DBEE1CEE4D54}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A9A794CD-77D2-4683-B947-C3FA5852D831}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A9CC271A-763B-45CA-A2E4-8F4D84C43726}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{AA4F6F28-188E-4CCD-B6D9-FC69CBCEB414}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{AB8AB697-2878-4421-81E6-8DBE10E776A5}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{ACDE207A-7114-4836-A274-F5269B8040F7}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{AD37C185-0C21-4B10-889C-C791B0E32744}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{ADE13379-3624-473B-9301-3837F798FF7F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{B4487C88-B63E-419D-9F00-E872259AAB20}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{B45476ED-EB2D-4F5C-854A-07B1B7D8C257}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{B5309723-CC62-4027-948C-AB10FBB4E0EF}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{B55EB642-AFBD-43E9-9F70-E08DCF296073}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{B6520987-E40B-48B8-A7BD-5C56720DD003}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{B662BC93-2EE6-4E67-917A-27727A944530}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{B6E791B8-DBED-4BE6-88F2-71D5B8FF77A8}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{B71FCA53-C8F9-4888-BCFD-28D7809E8FF3}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{B80C4090-1D3E-4411-9714-F6E44D14108B}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com...ar=2&tn=baidudg
IE - HKCU\..\SearchScopes\{B9160106-58DA-4CDD-8AED-2ED35669DCB3}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{B991FDE7-16F2-420E-937B-D029C4D31BA1}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{BA3F86F2-BB20-4ADD-B684-37FE75C01AD0}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{BB022D91-80A0-44D8-9809-3A664EA36DCF}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{BB77F9E2-7808-4DB3-A30C-55B3EE9B0EC8}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{BC3E83D8-39FB-48BF-B26F-07A1BD32DCD6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{BCD39AC3-82FF-40D0-A8F2-5532697BAAA0}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{BD827490-A657-4397-B357-8DCAD2E16D11}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{C1D17B17-D1CC-44F7-812A-E7851AE157CA}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{C26360BC-BA68-44EA-952E-DD537CF54975}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{C3797575-1A95-47A6-B83C-FF8822FF41BA}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{C49DDD5E-E609-4E30-89DE-9B3701074985}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{C51E8D4C-D1D8-460B-A9C8-BF919C9C1CC2}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{C602B217-9D41-4701-9316-CB0A1C5D2319}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{C67C13A7-CA0C-49C7-B205-1C8D00A997F6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{C99CF812-394E-4A73-B904-82C44E91DE74}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{CA28DD1D-A27D-4299-AD35-2D67E8C52296}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{CB2C0548-48E2-4650-BC31-1D07E2122DB7}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{CCD6A0A3-97A4-4E30-B760-13DA77F620D4}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{CF03614B-2D07-4384-855B-E753E14C0430}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{CF98E32C-0119-4D4D-8B16-F5009701BF53}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{D1DBCFBA-6D31-4CF2-A137-2E7BE020A880}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{D2ACDBD3-3A9A-487B-B913-D57DA4188F2F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{D32655FA-24E1-4538-90A1-07DEA482DE8A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{D3E9A2BC-C307-4BA1-9133-2C1E70FD94C2}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{D3EA280B-8731-4187-B5E5-EF759730B32F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{D47A32D6-83F5-46AD-9390-E0DB63D39706}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{D9EBCBB8-D637-405C-8DE2-3133255D6008}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{DA8F192B-3940-476F-B45A-22DF3273B3FF}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{DB863D09-D503-49AF-87A9-F6127DEDBB7E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{DC026EFD-B5C8-4443-9BB0-B0DB1F909875}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{DC1B4ABC-89BF-4E0B-8A1A-D0F2660B1CCF}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{DC59EEF0-1A08-45F1-B8D0-532129CE97FC}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{DCCDE333-3E20-4587-8E9A-213EEEB126C5}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{DD82E70C-A3FB-4EDE-B7E1-AF2F5846CA28}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{DDDC5647-5EA4-4A40-A05E-F79A316B666B}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{DEAC5E26-AD29-409D-8C1F-EDF9154C7D19}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{DF5E73E5-D364-45DD-8956-8107BBEFE20B}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{DFE94E63-BB54-49E6-9675-03A5EF2FE8E6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{E024FD72-BD12-4974-B6B0-A9BA93D48831}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{E330521E-9E76-416F-A8DB-30B530E9A523}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{E350BA06-0E14-41BE-99F6-DE160CBBDFD3}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{E4CD6B20-2363-46C5-9E7D-CF93A2463DB9}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{E511BC53-38A0-492B-A919-5E2FD8424943}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{E579FFAE-2CB7-4C3F-B687-3202E591D1A0}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{E6BA734A-1E2D-4E23-A020-A1E306CED671}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{E788E7D9-6B2F-4F84-9914-8A1A07018FF6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{E8D52468-F254-4067-A6AB-2A9B2D58B12E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{E941021D-BDDB-467E-B8E1-04DDA72B2520}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{E95B8EAE-A83C-413E-989E-38D598C3B909}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{E96461BB-25D8-456E-83B1-C8E3F172869C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{EA5A9605-5BB7-463F-A026-D0AA2B955EF1}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{EB55243D-1024-497C-9657-360E1FC925F5}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{EBDFCCE0-3950-4FD3-BBF0-34201DADA265}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{F0A453AF-7903-4CF7-B8CB-359DFF28FB85}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{F14A97D8-906E-4410-A4BF-4EB08BA94CAF}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{F19CCD89-12B6-4F11-8DC4-738FE55886B6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{F22EF83B-4FC0-409F-9B00-0D5857F48AEE}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{F5815406-D4C2-49E8-8416-80D09E7D41B6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{F8528161-4F37-4349-8263-26AEF1DFCEDA}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{F86A0B97-0B72-464E-A5B4-7036589B08CC}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{F9C0C042-90B0-4C3B-A8D4-E82D9C589CE4}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FA6E8332-3A73-4463-B36A-E1C42C2D1955}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FAF3AB99-9C63-4207-9C86-FE3EA536D744}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FB2B8657-5A54-4335-A132-DE8991AA5020}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FB604CFA-B0D3-47F6-B1A3-227F375EE5DC}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FC08FB4D-13DF-4BA8-9B24-80923D58CE6B}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FCDC7BDA-A400-4BCA-9816-F72E467FF789}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FCF841BA-A2AE-41F0-B0A0-D4E20C9CF3C6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FD46F805-BFC6-4934-B754-79A0ED04994E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FD7AFDB4-750D-4BC1-926D-928AD41428F6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FE67827F-DA82-4C8C-BD76-B266BCDE7165}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FEE5E580-3EE6-4B88-8148-BA3D0BF9BFBE}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@g2.com/iggweb3dupdater: C:\Users\Porew\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll (IGG)
FF - HKCU\Software\MozillaPlugins\@g2.com/joyconnectshell: C:\Users\Porew\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll (IGG)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Porew\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Porew\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Porew\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Porew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Porew\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\sony.com/MediaGoDetector: C:\Program Files\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
 
 
[2012/12/19 14:17:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/19 14:17:13 | 000,000,000 | ---D | M] ("BitAccelerator") -- C:\Program Files\Mozilla Firefox\extensions\{5ddeb737-082c-48fb-8c06-aa4b38d61e5f}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - Extension: YouTube = C:\Users\Porew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Porew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Porew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: TabJump - Intelligent Tab Navigator = C:\Users\Porew\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokofmgcicpnjchllaccgedmmmbbnbmf\0.7.9.2_0\
CHR - Extension: Google Wallet = C:\Users\Porew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: UNO 3 = C:\Users\Porew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocjkbaligomjfiipmeinjhmombeeekfh\1.0.0_0\
CHR - Extension: Gmail = C:\Users\Porew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: ClariS Click Version = C:\Users\Porew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkigcljnnelnmcljnigjlbcfnkpcjnhj\1.0.0.1_0\
 
O1 HOSTS File: ([2013/04/01 21:12:58 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll File not found
O2 - BHO: (Slick Savings) - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Porew\AppData\Roaming\Slick Savings\Coupons.dll (Spigot, Inc.)
O2 - BHO: (7575219A-8C16-687D-FA22-ABE7DD9786E8 Class) - {7575219A-8C16-687D-FA22-ABE7DD9786E8} - c:\program files\baidu\{7575219a-8c16-687d-fa22-abe7dd9786e8}\addressbar.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (BitAcceleratorBHO Class) - {CAC42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\BitAccelerator\BitAccelerator.dll (TODO: <Company name>)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\System32\SBAVMon.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Module Loader] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [37wanホ葫] C:\Users\Porew\AppData\Roaming\37wan\wz\wz.exe ()
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Porew\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Copy] C:\Users\Porew\AppData\Roaming\Copy\CopyAgent.exe (Barracuda Networks, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Porew\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [MSIDLL] C:\Windows\System32\msiekx32.dll ()
O4 - HKCU..\Run: [NCsoft Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized File not found
O4 - HKCU..\Run: [Overwolf] C:\Program Files\Overwolf\Overwolf.exe -silent File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Slick Savings] C:\Users\Porew\AppData\Roaming\Slick Savings\CouponsHelper.exe (Spigot, Inc.)
O4 - HKCU..\Run: [websuns4] "C:\ProgramData\suns4\89AM005Y" File not found
O4 - Startup: C:\Users\Porew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Porew\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Porew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Porew\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Users\Porew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenBitCoin.exe.lnk = C:\Program Files\OpenBitCoin\daemon.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C384113E-BD8F-4DC2-B99B-8673977BEB5A}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{24ce1b12-ede7-11e1-ba1a-90e6bae39cb3}\Shell - "" = AutoRun
O33 - MountPoints2\{24ce1b12-ede7-11e1-ba1a-90e6bae39cb3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{ef1066f7-ef7f-11e1-b52d-90e6bae39cb3}\Shell - "" = AutoRun
O33 - MountPoints2\{ef1066f7-ef7f-11e1-b52d-90e6bae39cb3}\Shell\AutoRun\command - "" = J:\Startme.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/02/09 10:25:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Porew\Desktop\OTL.exe
[2014/02/09 09:43:23 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/09 09:24:38 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014/02/09 09:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2014/02/09 09:18:50 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2014/02/09 09:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2014/02/09 09:15:16 | 000,000,000 | ---D | C] -- C:\Users\Porew\AppData\Roaming\IObit
[2014/02/09 09:15:13 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2014/02/08 01:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\suns4
[2014/02/08 01:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/02/08 01:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/02/08 01:46:51 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/02/08 01:46:34 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/02/08 01:46:34 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/02/08 01:46:34 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/02/08 01:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/03 20:53:15 | 000,000,000 | ---D | C] -- C:\Users\Porew\Desktop\Notes
[2014/02/03 17:47:41 | 000,000,000 | ---D | C] -- C:\Users\Porew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\モホムクヘホ菽ヨネコマタエォ
[2014/02/03 17:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\91Mobile
[2014/02/03 16:59:25 | 000,000,000 | ---D | C] -- C:\Users\Porew\Documents\91 Wireless
[2014/02/03 16:57:58 | 000,000,000 | ---D | C] -- C:\Users\Porew\AppData\Roaming\DcrSysOpt
[2014/02/03 16:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\DcrSysOpt
[2014/02/03 16:57:54 | 000,000,000 | ---D | C] -- C:\Users\Porew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\37wanモホマキヨミミト
[2014/02/03 16:57:52 | 000,000,000 | ---D | C] -- C:\Users\Porew\AppData\Roaming\37wan
[2014/02/03 16:57:30 | 000,000,000 | ---D | C] -- C:\Users\Porew\AppData\Roaming\data
[2014/02/03 16:46:20 | 000,000,000 | ---D | C] -- C:\Users\Porew\AppData\Roaming\MPC-HC
[2014/01/30 16:03:20 | 000,000,000 | ---D | C] -- C:\Users\Porew\AppData\Roaming\TheBannerSaga
[2014/01/26 00:13:20 | 000,000,000 | ---D | C] -- C:\Users\Porew\Desktop\hiragana
[2014/01/25 15:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2014/01/25 15:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2014/01/23 22:39:27 | 000,000,000 | ---D | C] -- C:\Users\Porew\Desktop\a
[2014/01/15 22:32:01 | 000,000,000 | ---D | C] -- C:\Users\Porew\Desktop\Adobe Photoshop CS5
[2014/01/15 19:07:13 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/01/15 19:07:12 | 000,240,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014/01/15 19:07:11 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2014/01/15 19:07:11 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2014/01/12 13:46:57 | 000,000,000 | ---D | C] -- C:\Users\Porew\AppData\Local\Adobe
[2012/08/26 21:56:32 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeC82F.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/02/09 10:35:13 | 331,777,091 | ---- | M] () -- C:\Users\Porew\Desktop\[SubDESU-H] Oni Chichi Rebuild - 01 (852x480 x264 8bit AC3) [77974E9E].mp4
[2014/02/09 10:31:56 | 344,082,442 | ---- | M] () -- C:\Users\Porew\Desktop\[SubDESU-H] Tokubetsu Jugyou 3SLG - 01 (852x480 x264 8bit AC3) [7CB51D75].mp4
[2014/02/09 10:25:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Porew\Desktop\OTL.exe
[2014/02/09 10:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/09 10:20:00 | 261,567,907 | R--- | M] () -- C:\Users\Porew\Desktop\[SubDESU-H] Zechou Rocket - 02 (852x480 x264 8bit AC3) [1EF544D6].mp4
[2014/02/09 10:19:39 | 193,862,544 | R--- | M] () -- C:\Users\Porew\Desktop\[SubDESU-H] Zechou Rocket - 01 v2 (852x480 x264 8bit AC3) [3723F34C].mp4
[2014/02/09 09:58:07 | 000,024,528 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/09 09:58:07 | 000,024,528 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/09 09:49:09 | 000,000,976 | ---- | M] () -- C:\Users\Porew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenBitCoin.exe.lnk
[2014/02/09 09:48:45 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\schedule!3036567561.job
[2014/02/09 09:48:45 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{CD5B1A2E-BF32-4937-8A97-4E2B51B6D4DF}.job
[2014/02/09 09:48:45 | 000,000,344 | -H-- | M] () -- C:\Windows\tasks\WxDFastUpdaterTask{4F6AC625-1620-4DEE-B0D3-3003ED169BB8}.job
[2014/02/09 09:48:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/09 09:48:28 | 2415,222,784 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/09 09:46:46 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2480959248-112055760-2502070270-1001UA.job
[2014/02/08 22:57:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2480959248-112055760-2502070270-1001UA.job
[2014/02/08 22:57:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2480959248-112055760-2502070270-1001Core.job
[2014/02/08 20:07:50 | 000,000,851 | ---- | M] () -- C:\Users\Porew\Desktop\µTorrent.lnk
[2014/02/08 20:07:50 | 000,000,831 | ---- | M] () -- C:\Users\Porew\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/02/08 18:46:02 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2480959248-112055760-2502070270-1001Core.job
[2014/02/08 01:46:26 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/02/08 01:46:26 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/02/08 01:46:26 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/02/08 01:46:25 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/02/06 22:10:21 | 000,006,144 | -HS- | M] () -- C:\Windows\System32\access.ctl
[2014/02/06 20:14:54 | 003,728,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/02/05 21:23:54 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/02/05 21:23:54 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/02/05 00:42:39 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/05 00:42:39 | 000,415,502 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2014/02/05 00:42:39 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2014/02/05 00:42:39 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/04 17:31:27 | 000,002,364 | ---- | M] () -- C:\Users\Porew\Desktop\Google Chrome.lnk
[2014/02/03 16:57:54 | 000,000,933 | ---- | M] () -- C:\Users\Porew\Application Data\Microsoft\Internet Explorer\Quick Launch\37wanホ葫・lnk
[2014/02/02 23:38:04 | 260,219,099 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/02/02 20:47:24 | 000,000,132 | ---- | M] () -- C:\Users\Porew\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2014/01/28 19:34:58 | 000,001,456 | ---- | M] () -- C:\Users\Porew\AppData\Local\Adobe Save for Web 12.0 Prefs
[2014/01/22 18:52:54 | 000,012,128 | ---- | M] () -- C:\Windows\System32\drivers\5DriverHelper.sys
[2014/01/16 20:26:55 | 000,001,049 | ---- | M] () -- C:\Users\Porew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/01/16 20:26:21 | 000,001,017 | ---- | M] () -- C:\Users\Porew\Desktop\Dropbox.lnk
[2014/01/15 22:33:12 | 000,001,134 | ---- | M] () -- C:\Users\Porew\Desktop\Photoshop - Shortcut.lnk
[2014/01/13 23:47:24 | 000,001,456 | ---- | M] () -- C:\Users\Porew\AppData\Local\Adobe Save for Web 13.0 Prefs
[2014/01/12 14:15:29 | 000,000,132 | ---- | M] () -- C:\Users\Porew\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014/01/12 13:01:22 | 000,000,040 | -H-- | M] () -- C:\4A3442EC833C
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/02/09 10:20:28 | 344,082,442 | ---- | C] () -- C:\Users\Porew\Desktop\[SubDESU-H] Tokubetsu Jugyou 3SLG - 01 (852x480 x264 8bit AC3) [7CB51D75].mp4
[2014/02/09 10:20:22 | 331,777,091 | ---- | C] () -- C:\Users\Porew\Desktop\[SubDESU-H] Oni Chichi Rebuild - 01 (852x480 x264 8bit AC3) [77974E9E].mp4
[2014/02/09 09:59:12 | 261,567,907 | R--- | C] () -- C:\Users\Porew\Desktop\[SubDESU-H] Zechou Rocket - 02 (852x480 x264 8bit AC3) [1EF544D6].mp4
[2014/02/09 09:59:03 | 193,862,544 | R--- | C] () -- C:\Users\Porew\Desktop\[SubDESU-H] Zechou Rocket - 01 v2 (852x480 x264 8bit AC3) [3723F34C].mp4
[2014/02/08 20:07:50 | 000,000,851 | ---- | C] () -- C:\Users\Porew\Desktop\µTorrent.lnk
[2014/02/06 22:10:21 | 000,006,144 | -HS- | C] () -- C:\Windows\System32\access.ctl
[2014/02/03 17:00:27 | 000,012,128 | ---- | C] () -- C:\Windows\System32\drivers\5DriverHelper.sys
[2014/02/03 16:57:54 | 000,000,933 | ---- | C] () -- C:\Users\Porew\Application Data\Microsoft\Internet Explorer\Quick Launch\37wanホ葫・lnk
[2014/01/21 19:03:28 | 000,001,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC.lnk
[2014/01/20 23:30:56 | 000,001,052 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
[2014/01/20 21:50:48 | 260,219,099 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/01/17 14:53:56 | 000,001,456 | ---- | C] () -- C:\Users\Porew\AppData\Local\Adobe Save for Web 12.0 Prefs
[2014/01/16 20:52:56 | 000,000,132 | ---- | C] () -- C:\Users\Porew\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2014/01/15 22:33:12 | 000,001,134 | ---- | C] () -- C:\Users\Porew\Desktop\Photoshop - Shortcut.lnk
[2014/01/13 23:47:24 | 000,001,456 | ---- | C] () -- C:\Users\Porew\AppData\Local\Adobe Save for Web 13.0 Prefs
[2014/01/12 13:12:14 | 000,000,132 | ---- | C] () -- C:\Users\Porew\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014/01/12 13:01:22 | 000,000,040 | -H-- | C] () -- C:\4A3442EC833C
[2013/12/29 16:41:35 | 000,026,376 | ---- | C] () -- C:\Windows\System32\apl004.sys
[2013/12/29 16:41:35 | 000,015,112 | ---- | C] () -- C:\Windows\System32\apf004.sys
[2013/07/05 19:50:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/05/31 19:35:29 | 000,000,000 | ---- | C] () -- C:\Windows\config.ini
[2013/04/10 20:59:59 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2013/03/16 18:05:43 | 000,653,824 | ---- | C] () -- C:\Windows\System32\msiekx32.dll
[2013/02/28 19:39:41 | 000,000,044 | ---- | C] () -- C:\Users\Porew\jagex_cl_runescape_LIVE.dat
[2013/02/28 19:39:41 | 000,000,024 | ---- | C] () -- C:\Users\Porew\random.dat
[2012/12/18 12:05:24 | 000,129,356 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/12/07 14:41:02 | 000,138,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/12/07 14:40:57 | 000,281,688 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/12/07 14:40:33 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/10/04 20:15:31 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/10/04 20:15:31 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/10/04 20:15:31 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2012/10/04 20:15:26 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/10/04 20:15:23 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/09/30 12:11:35 | 000,175,104 | ---- | C] () -- C:\Windows\System32\msitry32.dll
[2012/09/22 22:09:31 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sso2ml3.dll
[2012/09/11 08:28:04 | 000,000,600 | ---- | C] () -- C:\Users\Porew\AppData\Roaming\winscp.rnd
[2012/09/03 22:32:29 | 000,007,680 | ---- | C] () -- C:\Users\Porew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/28 19:04:45 | 000,000,126 | ---- | C] () -- C:\Users\Porew\wxDownloadFast.ini
[2012/08/23 23:05:29 | 000,415,502 | ---- | C] () -- C:\Windows\System32\perfh011.dat
[2012/08/23 23:05:29 | 000,141,988 | ---- | C] () -- C:\Windows\System32\perfi011.dat
[2012/08/23 23:05:29 | 000,120,996 | ---- | C] () -- C:\Windows\System32\perfc011.dat
[2012/08/23 23:05:29 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd011.dat
[2012/08/23 21:42:32 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012/08/23 21:34:22 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2012/08/23 21:34:20 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2012/08/23 21:34:10 | 000,033,126 | R--- | C] () -- C:\Windows\System32\kschimp.ini
[2012/08/23 21:34:10 | 000,000,029 | R--- | C] () -- C:\Windows\System32\ctzapxx.ini
[2012/08/23 21:34:09 | 000,029,778 | ---- | C] () -- C:\Windows\System32\ksaud.ini
[2012/08/23 21:34:09 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfgks150plus.ini
[2012/08/23 21:34:09 | 000,001,352 | ---- | C] () -- C:\ProgramData\CfgBennu.ini
[2012/08/23 21:34:09 | 000,001,302 | ---- | C] () -- C:\ProgramData\cfgks500.ini
[2012/08/23 21:34:09 | 000,001,282 | ---- | C] () -- C:\ProgramData\cfgks550.ini
[2012/08/23 21:34:09 | 000,001,208 | ---- | C] () -- C:\ProgramData\cfgks150.ini
[2012/08/23 21:34:09 | 000,001,027 | ---- | C] () -- C:\ProgramData\cfgks200.ini
[2012/08/23 21:34:09 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfgks50.ini
[2012/08/23 21:34:08 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfgks100.ini
[2006/03/22 09:07:36 | 000,083,024 | -H-- | C] () -- C:\Users\Porew\AppData\Roaming\Porewlog.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/02/03 16:57:52 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\37wan
[2012/09/22 23:02:57 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\Acronis
[2012/10/18 18:56:25 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\AnvSoft
[2013/01/25 20:16:43 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\BitComet
[2012/09/06 21:44:01 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\CKK
[2013/04/16 00:16:35 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/10/28 23:39:39 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\CometPlayer
[2014/02/09 10:32:12 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\Copy
[2012/10/12 22:08:00 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\DAEMON Tools Lite
[2014/02/03 16:57:30 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\data
[2014/02/03 16:57:58 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\DcrSysOpt
[2012/10/28 15:15:04 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\Downloaded Installations
[2014/02/09 09:52:46 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\Dropbox
[2012/09/09 22:07:41 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\Ellashope_Saves
[2012/11/10 18:57:06 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\EPSON
[2013/01/25 20:20:00 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\fizzy
[2013/06/30 10:16:00 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\IGG
[2014/02/09 09:19:03 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\IObit
[2012/09/22 22:41:05 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\JAM Software
[2012/09/02 15:24:14 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\Leadertech
[2014/02/03 16:46:20 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\MPC-HC
[2013/01/29 11:51:33 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\Neowing
[2013/04/16 10:23:40 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\PDAppFlex
[2013/04/01 20:30:19 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\RenPy
[2014/01/13 22:39:36 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\Slick Savings
[2012/10/21 08:47:58 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\Sons of Triskelion
[2013/03/13 18:46:22 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\Sony
[2013/03/15 21:56:38 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\Sony Network Entertainment International LLC
[2012/08/26 22:08:13 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\Sony Setup
[2013/01/29 11:52:13 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\T-Time Preferences
[2014/01/30 16:03:22 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\TheBannerSaga
[2013/01/25 21:33:27 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\TheBookofLegends_Saves
[2014/01/25 23:41:42 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\tigerplayer
[2012/09/18 16:22:48 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\Tryst
[2012/08/26 22:11:22 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\TTPlayer
[2012/12/30 11:16:13 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\Unity
[2014/02/09 10:39:36 | 000,000,000 | ---D | M] -- C:\Users\Porew\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/12/02 21:29:06 | 000,000,000 | ---D | M](C:\Users\Porew\Desktop\[Yuzusoft] Tenshin Ranman ? Lucky or Unlucky!) -- C:\Users\Porew\Desktop\[Yuzusoft] Tenshin Ranman – Lucky or Unlucky!
[2013/12/01 23:50:19 | 000,000,000 | ---D | C](C:\Users\Porew\Desktop\[Yuzusoft] Tenshin Ranman ? Lucky or Unlucky!) -- C:\Users\Porew\Desktop\[Yuzusoft] Tenshin Ranman – Lucky or Unlucky!
 
< End of report >
 

    Advertisements

Register to Remove

#2 porew

porew

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 08 February 2014 - 09:09 PM

OTL Extras logfile created on: 2/9/2014 10:35:58 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Porew\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 30.07% Memory free
6.00 Gb Paging File | 3.24 Gb Available in Paging File | 54.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 53.37 Gb Free Space | 11.46% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 23.81 Gb Free Space | 7.99% Space Free | Partition Type: NTFS
 
Computer Name: POREW-PC | User Name: Porew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Playback] -- "C:\Program Files\TTPlayer\TTPlayer.exe" "%1"
Directory [PlayList] -- "C:\Program Files\TTPlayer\TTPlayer.exe" /a "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BC75FD2-7F29-4AE4-B26A-20A10A6D8B65}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{108D2371-A348-42D6-9A93-E9DD9B94AF8A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{258A88ED-7283-47A6-B7D7-A71E11A0903E}" = lport=58988 | protocol=17 | dir=in | name=pando media booster | 
"{274CB18D-9F33-417E-A951-E55CAF863395}" = lport=58988 | protocol=6 | dir=in | name=pando media booster | 
"{27577F2E-5D80-47D9-AA14-0DDC1AB5EC38}" = rport=445 | protocol=6 | dir=out | app=system | 
"{30365CC7-D026-44CC-9329-B16F2B661037}" = rport=137 | protocol=17 | dir=out | app=system | 
"{40E969C9-0E73-4883-A9F5-7C0C42D95205}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{46FF964A-AB37-4800-9102-62EB11C0CAB4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4AEE370B-AD07-4C8E-97A8-967160A9306C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4CBE731C-A537-4A7A-8E56-5EDE36BAD045}" = lport=7744 | protocol=6 | dir=in | name=bitcomet 7744 tcp | 
"{4F929099-80F9-4D2E-9A2D-8C2A2DD1F28A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5B414D9D-093C-4999-95DA-FF750C3F443E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5E562A02-4330-41EA-A82D-C9D9C30B01C4}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{5FE1EC29-7739-4B66-B9D1-7F30307F7EA9}" = lport=49214 | protocol=6 | dir=in | name=akamai netsession interface | 
"{62F6CA57-7759-4317-8261-F4A63DAC180F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{673E46B3-7028-4ECE-A676-31818319A6DF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6FDA611B-BBDD-497F-BC43-36D581DC21A3}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{77F54089-F041-41EE-9E51-208BB2C2A052}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7D45458D-737F-42DC-9F52-F93FFC756DF8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{80352229-62FA-4CD8-9B03-40EC69884CDD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{80D31BAE-37F9-4F77-B151-AABA12570531}" = lport=58988 | protocol=6 | dir=in | name=pando media booster | 
"{9003D06D-01D2-4541-9859-1FFDF77937A3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{93A61E53-6B96-44C7-A0A4-C3F1692F1A4A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{99ABE4A3-9B2D-46C8-A76D-5621268F045A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A1F00FE7-75AA-4010-8F47-8755E44D2A69}" = lport=7744 | protocol=17 | dir=in | name=bitcomet 7744 udp | 
"{B672C11B-C96E-48BB-A5A9-EE8ACDB4418F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C445B654-F114-407F-B262-14067BDE1CA8}" = lport=49221 | protocol=6 | dir=in | name=akamai netsession interface | 
"{C7EAEDD7-52A3-40D9-9B9B-E0D26A1939CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CD2474FD-67F8-4783-AF8E-36B2A947929E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DFF4F949-A249-47F4-BD9F-BDC3D102B938}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E2EE831A-C56E-4234-AE01-73D9E7850FD8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EC396FC5-C89C-4BB4-94A5-F558D98EF8DE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EE3E86E1-BEC2-4FF7-BA32-03439328607B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F0CB9886-8A67-44CD-8E33-78647D0F0624}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F1CCDC01-7BE5-4867-9915-AD27A91616EA}" = lport=58988 | protocol=17 | dir=in | name=pando media booster | 
"{FE696552-AE1B-40D1-8664-CC6BAB76EFEF}" = lport=49177 | protocol=6 | dir=in | name=akamai netsession interface | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B72135-F2D3-433B-A87F-2B8AD34A2402}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{026C358B-D1A1-412E-B3AA-9B3CBB9B3734}" = protocol=6 | dir=out | app=system | 
"{0618CF73-F824-4AD7-934F-34AF5F934BEC}" = protocol=6 | dir=in | app=c:\program files\packetix vpn client\vpncmgr.exe | 
"{067356BE-8523-4408-8A8A-6F4FB3E9DA36}" = protocol=17 | dir=in | app=c:\users\porew\appdata\roaming\utorrent\utorrent.exe | 
"{12A59A08-DE72-40DC-979D-FEEB8C214752}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{134D6867-EA9A-477A-975A-9AC7ACA1D852}" = protocol=17 | dir=in | app=c:\program files\baidu\baidumusicctrl\1.0.15.0\baidumusicacc.exe | 
"{156EFE11-72B3-4855-9B8E-316D70940048}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{164610E8-7CEA-4A2B-9CEE-8C9BE9B06AAD}" = protocol=17 | dir=in | app=c:\users\porew\appdata\local\directdownloader\directdownloader.exe | 
"{1BC42AE5-956C-4B70-B59D-AFF7A009F6B9}" = protocol=6 | dir=in | app=c:\program files\goforfiles\goforfilesdl.exe | 
"{1C3D688A-9E58-48C5-AC1B-93637206C330}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{215F8F75-5531-45B0-AB30-7AEDED625EFA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{21A50AE6-D14C-4836-A8EF-5BAC1FA95B5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{22EC2145-9F2C-40EA-A3CE-87E6DFA0C98B}" = protocol=17 | dir=in | app=c:\aeriagames\aurakingdom\game.bin | 
"{31443603-6DCB-45BB-BAB2-8A373A86070A}" = protocol=17 | dir=in | app=c:\program files\goforfiles\goforfiles.exe | 
"{3215EAA1-7BC3-4998-B208-4666019C8238}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{33FFFEF3-C482-4B37-A7E6-AFE24DB32942}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3594E4E7-D996-494C-B1D5-BCF757326E03}" = protocol=6 | dir=in | app=c:\users\porew\desktop\aw_downloader.exe | 
"{367EEDA4-14BA-41F5-8FAE-FBF083A7C1A7}" = protocol=17 | dir=in | app=c:\users\porew\appdata\roaming\dropbox\bin\dropbox.exe | 
"{398FCB91-13B8-4362-9C67-7D402A5C7AB8}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{40775BB1-93FE-442F-AAA4-8B8707F34782}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{40ACE554-D21F-477B-B4DF-BA1B9F5A4468}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{433C7551-027F-4963-BB24-9261A82CA972}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{44EB2B81-8360-44E3-85BE-2AA6E0E7A6E0}" = protocol=17 | dir=in | app=c:\cherrydegames\dragon nest\dragonnest.exe | 
"{45439F9D-0FA6-46D9-9667-A4CDE0820FED}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{512FE6C2-497A-4FC8-B8B7-389DE7097B36}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5787475A-3B57-4877-A65A-6A790968421E}" = protocol=6 | dir=in | app=c:\program files\goforfiles\goforfiles.exe | 
"{64703436-A46C-4806-84EB-96A70A01D10C}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{6708A37C-7C6A-4556-B342-5C286DDF85D0}" = protocol=6 | dir=in | app=c:\aeriagames\aurakingdom\game.bin | 
"{6BFE4D08-80C9-47F4-AA22-FC5C814BA08B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{758D75CC-294D-40D3-AE2F-B220A5A09038}" = protocol=6 | dir=in | app=c:\cherrydegames\dragon nest\dragonnest.exe | 
"{79AC52AF-5265-46DD-B962-0545F632033D}" = protocol=17 | dir=in | app=c:\users\porew\desktop\aw_downloader.exe | 
"{86D2302A-2CDF-4344-AB8D-B81C333BA4F7}" = protocol=6 | dir=in | app=c:\program files\packetix vpn client\vpnclient.exe | 
"{8AA9FA4A-6112-4A2B-96E0-FF1FFEC52C82}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{92261ECA-D8AC-43F2-9B88-A74822AB77F2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9661658C-FD03-4CE0-82E3-587473B0E221}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9679578B-BA57-4224-A161-59DC466AC5F1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9A4D85C8-4DD0-454D-8205-07F9C325436D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{A381EA35-6A46-45CD-8538-19466DBCBD1F}" = dir=in | app=c:\users\porew\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{A6969BD7-0E0C-45F1-A151-16DFA67A1930}" = protocol=17 | dir=in | app=c:\program files\packetix vpn client\vpnclient.exe | 
"{AC386129-1D45-4D77-8F1A-D937F609014E}" = protocol=17 | dir=in | app=c:\program files\packetix vpn client\vpncmgr.exe | 
"{AE64F9D8-427B-4F61-8B70-EDC4A9866285}" = protocol=6 | dir=in | app=c:\users\porew\appdata\roaming\utorrent\utorrent.exe | 
"{AF5419EE-5FD3-4040-8C17-144EB911D213}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C6002451-3548-4005-AF40-EF9128F3C4A9}" = protocol=6 | dir=in | app=c:\users\porew\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C887FDAE-E6AE-4AFD-8CFE-F241838166B8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C990876C-A85D-4298-A2B8-1FE4E609764C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CC8A0ACB-AF0E-467A-A171-CA2471123BDC}" = protocol=17 | dir=in | app=c:\program files\packetix vpn client\vpncmd.exe | 
"{CDDE1325-7C02-4F11-9227-A499D599C7B6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{CEC67D96-F97D-411D-857C-AAFED8E35D7C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D34F09D6-7A5F-4384-8244-907AF9A754E2}" = protocol=6 | dir=in | app=c:\program files\packetix vpn client\vpncmd.exe | 
"{DC47E90D-F07B-4BEA-BA53-F99C746FF067}" = protocol=17 | dir=in | app=c:\program files\goforfiles\goforfilesdl.exe | 
"{DF87A9F6-EF9D-4735-B78F-2CFB4DF5BBCA}" = protocol=6 | dir=in | app=c:\program files\baidu\baidumusicctrl\1.0.15.0\baidumusicacc.exe | 
"{E2009030-60AD-4689-BD02-4ABEC4AA87DE}" = protocol=6 | dir=in | app=c:\users\porew\appdata\local\directdownloader\directdownloader.exe | 
"{ECBD181B-CB35-4C7F-A53D-D91383A925FA}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{EEA3FA29-279E-4FA2-BE1A-4A5FA811F180}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F02F610B-664A-4C9E-9A2B-60868FD02240}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F83513D0-E333-49E0-9743-2759D6459FAB}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{FF73703D-856F-4DE5-8C2E-9250725C6E22}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"TCP Query User{0B611261-4BA1-419E-B692-1832D59E5598}C:\program files\blood bowl chaos edition\bb_chaos.exe" = protocol=6 | dir=in | app=c:\program files\blood bowl chaos edition\bb_chaos.exe | 
"TCP Query User{20BF5F9F-F520-45B1-BF73-EC84B6EF75F5}C:\aeriagames\dkonline\dkonline.exe" = protocol=6 | dir=in | app=c:\aeriagames\dkonline\dkonline.exe | 
"TCP Query User{4529C1A3-CC28-4D9B-B937-FA61358330EF}C:\users\porew\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\porew\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{5EA7903B-3167-42C9-9D1E-BCABDD44FD56}C:\program files\sony\media go\mediago.exe" = protocol=6 | dir=in | app=c:\program files\sony\media go\mediago.exe | 
"TCP Query User{6A5F1D63-2A7B-4E01-9A54-570756A6689C}C:\users\porew\desktop\spirited heart deluxe\winter_wolves_howler.exe" = protocol=6 | dir=in | app=c:\users\porew\desktop\spirited heart deluxe\winter_wolves_howler.exe | 
"TCP Query User{6CF11B2F-A358-425F-A9C9-B01C769A660D}C:\program files\sony\media go\mediago.exe" = protocol=6 | dir=in | app=c:\program files\sony\media go\mediago.exe | 
"TCP Query User{77D14DB9-788A-4735-9ACF-D82562D1556D}C:\program files\assassins creed iii\ac3sp.exe" = protocol=6 | dir=in | app=c:\program files\assassins creed iii\ac3sp.exe | 
"TCP Query User{78F59F4C-76B8-4E6A-8144-B5E1F225E79C}C:\gbe games\aurora world\area00\bin\release\tuclient.exe" = protocol=6 | dir=in | app=c:\gbe games\aurora world\area00\bin\release\tuclient.exe | 
"TCP Query User{791D7306-9EA9-4CBF-8B1E-ED752EA38322}C:\users\porew\desktop\b\vanguard.exe" = protocol=6 | dir=in | app=c:\users\porew\desktop\b\vanguard.exe | 
"TCP Query User{7FCC715C-26A1-4FFA-B30D-EA764C684AB9}C:\users\porew\appdata\roaming\copy\copyagent.exe" = protocol=6 | dir=in | app=c:\users\porew\appdata\roaming\copy\copyagent.exe | 
"TCP Query User{94CE6966-8266-459C-A64B-4B72D5CB0AE3}C:\users\porew\desktop\new folder (3)\vanguard.exe" = protocol=6 | dir=in | app=c:\users\porew\desktop\new folder (3)\vanguard.exe | 
"TCP Query User{ABCD1ED7-47CE-4443-B6DD-AD17EE46B831}C:\users\porew\desktop\new folder\vanguard.exe" = protocol=6 | dir=in | app=c:\users\porew\desktop\new folder\vanguard.exe | 
"TCP Query User{B64C1D46-C1F7-4859-91FD-83F35FCB8B15}C:\program files\byond\bin\byond.exe" = protocol=6 | dir=in | app=c:\program files\byond\bin\byond.exe | 
"TCP Query User{B6945335-5A32-4952-80D4-1D1E90AD74C2}C:\users\porew\appdata\roaming\copy\copyagent.exe" = protocol=6 | dir=in | app=c:\users\porew\appdata\roaming\copy\copyagent.exe | 
"TCP Query User{BC308374-8629-41A7-9A67-8AEBA07FB0D3}C:\users\porew\desktop\dmc devil may cry-sc\binaries\win32\dmc-devilmaycry.exe" = protocol=6 | dir=in | app=c:\users\porew\desktop\dmc devil may cry-sc\binaries\win32\dmc-devilmaycry.exe | 
"TCP Query User{C4221E2F-DA82-4F1E-A6BA-0651C33E9267}C:\users\porew\desktop\dishonored-3dm\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=c:\users\porew\desktop\dishonored-3dm\dishonored\binaries\win32\dishonored.exe | 
"TCP Query User{CBFDF830-516C-49ED-B3AF-B8567628760F}C:\program files\ttplayer\ttplayer.exe" = protocol=6 | dir=in | app=c:\program files\ttplayer\ttplayer.exe | 
"TCP Query User{D021FFE5-47A0-461A-8829-6FEF8098BE75}C:\program files\byond\bin\byond.exe" = protocol=6 | dir=in | app=c:\program files\byond\bin\byond.exe | 
"TCP Query User{D358876B-B9EF-4C78-B950-B3FC6EE5DDA3}C:\users\porew\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\porew\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{F8D9CCEC-7229-4DFE-8DB2-FB2EA025297E}C:\program files\farcry 3\bin\farcry3.exe" = protocol=6 | dir=in | app=c:\program files\farcry 3\bin\farcry3.exe | 
"UDP Query User{035A7254-6B6F-42E0-AA46-97ED02B78868}C:\users\porew\desktop\b\vanguard.exe" = protocol=17 | dir=in | app=c:\users\porew\desktop\b\vanguard.exe | 
"UDP Query User{1A611BBA-ED42-4D24-83B0-EE995DA8C795}C:\users\porew\appdata\roaming\copy\copyagent.exe" = protocol=17 | dir=in | app=c:\users\porew\appdata\roaming\copy\copyagent.exe | 
"UDP Query User{400F6C46-A2F0-43BE-BECB-B00B9C6A7A34}C:\gbe games\aurora world\area00\bin\release\tuclient.exe" = protocol=17 | dir=in | app=c:\gbe games\aurora world\area00\bin\release\tuclient.exe | 
"UDP Query User{4EFB704A-1676-4768-B6E8-0B4D037537A1}C:\users\porew\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\porew\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{5A1485CD-FDD5-4CD6-BC71-3741C4E255B4}C:\program files\sony\media go\mediago.exe" = protocol=17 | dir=in | app=c:\program files\sony\media go\mediago.exe | 
"UDP Query User{66FBA974-0641-4BC3-AC85-ED0E9D6BBB7C}C:\users\porew\desktop\new folder\vanguard.exe" = protocol=17 | dir=in | app=c:\users\porew\desktop\new folder\vanguard.exe | 
"UDP Query User{79A6C147-4A4B-4015-A82C-1B64091A5DA4}C:\users\porew\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\porew\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{7AD16838-3DCA-4FF7-A36E-318CEEBF7AA2}C:\aeriagames\dkonline\dkonline.exe" = protocol=17 | dir=in | app=c:\aeriagames\dkonline\dkonline.exe | 
"UDP Query User{A24DD5C6-95C9-4DE0-9B2C-2C6F2C20BC65}C:\users\porew\appdata\roaming\copy\copyagent.exe" = protocol=17 | dir=in | app=c:\users\porew\appdata\roaming\copy\copyagent.exe | 
"UDP Query User{A5EAE954-8E19-47CA-BF40-C139535E8A51}C:\users\porew\desktop\dmc devil may cry-sc\binaries\win32\dmc-devilmaycry.exe" = protocol=17 | dir=in | app=c:\users\porew\desktop\dmc devil may cry-sc\binaries\win32\dmc-devilmaycry.exe | 
"UDP Query User{AE9AE312-B6A6-4226-8ADF-A60C7E86A8D4}C:\program files\ttplayer\ttplayer.exe" = protocol=17 | dir=in | app=c:\program files\ttplayer\ttplayer.exe | 
"UDP Query User{B50FBAF8-BB53-49B5-B9BE-9825DD666715}C:\program files\sony\media go\mediago.exe" = protocol=17 | dir=in | app=c:\program files\sony\media go\mediago.exe | 
"UDP Query User{C1B8DCF1-CC57-4CBE-A072-4C698DEE5870}C:\program files\assassins creed iii\ac3sp.exe" = protocol=17 | dir=in | app=c:\program files\assassins creed iii\ac3sp.exe | 
"UDP Query User{CED247A1-E201-4DE1-BE58-7F4DAD3C7B31}C:\program files\farcry 3\bin\farcry3.exe" = protocol=17 | dir=in | app=c:\program files\farcry 3\bin\farcry3.exe | 
"UDP Query User{CF792136-DB45-4149-BFBB-77A943F730D6}C:\users\porew\desktop\spirited heart deluxe\winter_wolves_howler.exe" = protocol=17 | dir=in | app=c:\users\porew\desktop\spirited heart deluxe\winter_wolves_howler.exe | 
"UDP Query User{D2ED5A94-1947-4413-9C86-7E0936772957}C:\program files\byond\bin\byond.exe" = protocol=17 | dir=in | app=c:\program files\byond\bin\byond.exe | 
"UDP Query User{DA9C0243-755F-4960-976A-9CCF6FD15D98}C:\users\porew\desktop\new folder (3)\vanguard.exe" = protocol=17 | dir=in | app=c:\users\porew\desktop\new folder (3)\vanguard.exe | 
"UDP Query User{E37B834C-764E-43C0-BE09-26A8FEAEFF26}C:\users\porew\desktop\dishonored-3dm\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=c:\users\porew\desktop\dishonored-3dm\dishonored\binaries\win32\dishonored.exe | 
"UDP Query User{E50F8B19-EDF1-4819-8850-225FE84244D3}C:\program files\blood bowl chaos edition\bb_chaos.exe" = protocol=17 | dir=in | app=c:\program files\blood bowl chaos edition\bb_chaos.exe | 
"UDP Query User{E8FDFA5E-0CC0-44DA-BAD2-90E27B2C2EF6}C:\program files\byond\bin\byond.exe" = protocol=17 | dir=in | app=c:\program files\byond\bin\byond.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00E094E1-A852-11E2-803D-ACEA632352B4}" = Adobe Dreamweaver CC
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{12BEF00E-ECFF-4820-BEDF-CCB9CC06A955}" = Sound Blaster X-Fi Surround 5.1
"{14B79826-8E53-30C2-8D88-28B8726C90FF}" = Microsoft .NET Framework 4 Client Profile JPN Language Pack
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.5.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3A787631-66A2-4634-B928-A37E73B58FB6}" = Slick Savings
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{49D9CE9D-C8B7-B941-90E1-608044A0FC8D}" = Media Go Video Playback Engine 2.0.111.09020
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24
"{5492BA72-5332-4F65-AED8-A935E48973A9}" = Microsoft SQL Server Compact 4.0 JPN
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5A42BC5B-07C7-424D-AE22-7854FE446633}" = ブンコビューア
"{5CDFBF03-D1B2-466B-AA19-B10FDA43E2BB}" = YTD Toolbar v8.6
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8D92969D-A6A3-44C8-9D63-D377E94F44B5}" = Media Go
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B683A28-2172-4CF1-B85D-41375E80652A}" = Acronis True Image WD Edition
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{D7C5114D-6235-480C-AAC5-0FF8EB9C8495}" = 天神乱漫
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{EF3F883E-1A54-44B3-ABB7-E2DEC1C56451}" = Copy
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"AlicesoftGame_Pascha3" = パステルチャイム3
"BitComet" = BitComet 1.33
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2014-01-17
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DAEMON Tools Lite" = DAEMON Tools Lite
"DomDomSoft Manga Downloader" = DomDomSoft Manga Downloader (remove only)
"É¢»ªÀñÃÖ(Sankarea) WINDOWS 7 THEME_is1" = É¢»ªÀñÃÖ(Sankarea) WINDOWS 7 THEME 1.00
"EPSON Scanner" = EPSON Scan
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IObit Surfing Protection_is1" = Surfing Protection
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.3.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile JPN Language Pack" = Microsoft .NET Framework 4 Client Profile Language Pack - 日本語
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MpcStar" = MpcStar 5.4
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OptimizerPro1" = OptimizerPro1
"QWdhcmVzdEdlbmVyYXRpb25zb2ZXYXI=_is1" = Agarest Generations of War
"Samsung SCX-4623 Series" = Maintenance Samsung SCX-4623 Series
"sp6" = Logitech SetPoint 6.32
"SysInfo" = Creative System Information
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WxDFast" = WxDFast Updater
"ぜったい遵守☆強制子作り許可証!! スカートずり下げパッチ_is1" = ぜったい遵守☆強制子作り許可証!! スカートずり下げパッチ
"ぜったい遵守☆強制子作り許可証!!_is1" = ぜったい遵守☆強制子作り許可証!! 1.00
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"IGG Web3D Player_is1" = IGG Web3D Player version 1.0.0.38
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2/8/2014 11:37:07 AM | Computer Name = Porew-PC | Source = WxDFastUpdater | ID = 0
Description = 
 
Error - 2/8/2014 11:37:08 AM | Computer Name = Porew-PC | Source = WxDFastUpdater | ID = 0
Description = 
 
Error - 2/8/2014 11:37:09 AM | Computer Name = Porew-PC | Source = WxDFastUpdater | ID = 0
Description = 
 
Error - 2/8/2014 11:37:16 AM | Computer Name = Porew-PC | Source = OptimizerPro1Updater | ID = 0
Description = 
 
Error - 2/8/2014 11:37:17 AM | Computer Name = Porew-PC | Source = OptimizerPro1Updater | ID = 0
Description = 
 
Error - 2/8/2014 11:37:18 AM | Computer Name = Porew-PC | Source = OptimizerPro1Updater | ID = 0
Description = 
 
Error - 2/8/2014 9:05:06 PM | Computer Name = Porew-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2/8/2014 9:19:24 PM | Computer Name = Porew-PC | Source = Application Hang | ID = 1002
Description = The program SmartDefrag.exe version 2.9.0.1225 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1a78    Start
 Time: 01cf2534e3427a84    Termination Time: 53    Application Path: C:\Program Files\IObit\Smart
 Defrag 2\SmartDefrag.exe    Report Id: 2cfe43b2-9128-11e3-8a9a-00acd12b7ba8  
 
Error - 2/8/2014 9:22:25 PM | Computer Name = Porew-PC | Source = VSS | ID = 8194
Description = 
 
Error - 2/8/2014 9:50:28 PM | Computer Name = Porew-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2/8/2014 10:35:54 PM | Computer Name = Porew-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 1778    Start Time:
 01cf253e345c9ed8    Termination Time: 0    Application Path: C:\Users\Porew\Desktop\OTL.exe
 
Report
 Id:   
 
[ System Events ]
Error - 2/8/2014 9:50:48 PM | Computer Name = Porew-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 2/8/2014 9:50:48 PM | Computer Name = Porew-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 2/8/2014 9:50:55 PM | Computer Name = Porew-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 2/8/2014 9:50:55 PM | Computer Name = Porew-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 2/8/2014 9:50:55 PM | Computer Name = Porew-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 2/8/2014 9:50:55 PM | Computer Name = Porew-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 2/8/2014 9:50:55 PM | Computer Name = Porew-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 2/8/2014 9:50:55 PM | Computer Name = Porew-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 2/8/2014 9:51:01 PM | Computer Name = Porew-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).
 
Error - 2/8/2014 9:51:01 PM | Computer Name = Porew-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
 
< End of report >

#3 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 10 February 2014 - 05:31 PM

Hi porew,

  :welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

utorrent
You have utorrent, a P2P/file sharing program installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

References for the risk of these programs can be found in these links:
http://www.microsoft...protection.mspx
http://www.techweb.com/wire/160500554
[url=http://www.internetworldstats.com/articles/art053.htm]http://www.internetworldstats.com/articles/art053.htm


I would recommend that you uninstall utorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Double click on OTL

:Processes

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn....opt=0&ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{055436DA-05BA-40C1-A53A-B022792A0473}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{0661DAD9-3379-435D-8268-D6955DDD623C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{082F00B5-1000-44C8-84CB-18BB34BBD8D2}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0A1E502D-3ED2-4D24-9870-B9A0E621E724}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0A6A7F9E-3FAC-45B2-94FB-E7E1A18CCC49}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0A85E31A-2DE6-46A3-9AA1-4636E202B164}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0CA6C45C-39CF-49E7-88AE-2E318AC6536F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0D0A2CD7-3DC5-4557-863D-A1DBEFB40030}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0E14EA38-2E3D-4EA6-8B00-EE59B6F85D3A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0EF50C8B-E11E-4D35-8B42-52D61131B1C2}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0F48C673-3D58-4F03-9572-A47B869A4F48}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{0FB29380-9FB6-43E0-88EE-77F45569C307}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{10EEE150-DD46-4A02-BFE5-50D9FF82040B}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{119DCB9C-CD4C-4EBF-81CF-B6951435C2C6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{13C6ED5C-0A37-4877-844F-C85BB3D7F2E6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{1426545B-9B6E-4FB6-8C5B-918D90A360A6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{17254946-98CE-4500-B2FA-265D9E2BAE9E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{199CE0CC-56EC-48FB-9470-17CB817D6EE9}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{199CE2F7-A735-4945-8C07-E624F127B1FD}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{19E3E43E-1BE9-4BD6-B42D-AD581352F5A4}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{1A4542E9-F14A-4F6D-9F82-CE6324F2BF4C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{1EB81E2F-8627-4E4D-941C-202E170C98EC}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{1F06340A-9B81-4959-A505-A6E887B97D9A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{20A2D8B1-CC85-4A05-A2A3-0015128A1178}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{24F161CE-33E9-4F02-9E0F-E15028274175}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{26E908AF-391D-44BA-895F-969CBB483CF4}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{271F8F28-EC60-493B-9498-40FD74CED7EE}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{27A1C93E-6F06-4A9B-878A-26DC9AF33206}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2883A444-EF2C-4BC4-85A7-43D3271F2DB5}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{28D000A3-0312-40CE-A61B-8B41A3406D43}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{297E1EE7-7929-49CE-BE61-C7ABD3F985F0}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{299C9355-E438-45A3-B456-BD1AA397BD2B}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2A080ECA-E744-4F34-8515-7E68E5DD2EC3}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2B181C04-5825-404F-A785-16C2B4144B64}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2B355AA4-8846-4BFC-9C19-4FA16860DCF2}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2BAAFB28-F225-40BD-BBCB-621C0FBF4216}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2BBB21B6-4AFE-4D6B-9520-D6CC168908BA}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2C0787D8-FD51-4432-A218-EA7843787736}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2CD0EB02-4083-4B09-B7E8-0E26B5E43A3D}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2D4FF86E-461C-4460-B23A-FBDA0840D57C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{2DCC93E6-1DD2-40CB-9FAD-53C5229D6825}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{310845BA-7881-4635-88DC-9BE9A2401CF0}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{3150FD74-EB4A-4B14-8459-9C8F89BC6FCB}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{3222F42E-3031-477F-A1FF-96E061E732BE}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{33958D5B-2F9D-41DB-93A7-375B36A60066}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{33AD292A-E1F6-41CE-85E0-C9B99098A66C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{33C23E1B-2655-46CF-B1B9-EDFFD6F63B4A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{3536C68A-46AD-4FAF-8B38-6840E0D8319A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{36ABEE46-7158-4F28-BF22-72630E551FF6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{36D3C9B1-EFDF-42C7-BEB8-0EFBD6915B21}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{38504F5E-9D00-4141-892C-EF0A1FD60D1F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{38E1E66A-3310-4196-916F-EB8825C56A8E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{39007A1D-7242-4446-BDB1-B7334212C236}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{3964FFF0-9A9A-4A3D-BDA4-9098CB745DB4}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{39F5BD11-D12A-4A99-8EF5-0016CA4E8660}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{3A557624-A41B-436C-83BD-7A3C68B9DD57}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{3B8DA2E3-7C5D-4CFC-BD61-438B3637EAC8}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{3D4BE040-F095-40FF-B830-D4CA71917AEA}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{3D7CC8D4-D591-4379-8665-A64B912A50E9}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{3E23E29F-2A2E-4B97-8F37-CB03B3D4C564}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{3F517F1F-A8F6-4D5E-B7BC-9F4A7E026875}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{3FBD84EC-62ED-40C4-BAFD-F5B4268201D3}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{3FC41641-A1DF-40E1-9019-048669259B58}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{400B686B-C420-4F9F-8D90-5C8EA3587403}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{40CB4C3D-567A-40E5-8A19-0C185D70B226}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{40E97276-EA86-4A80-BE0D-4A102E7940A6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{41296825-A219-4B41-B545-13315CD98C8C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{41A19AF6-1549-4C17-B390-DF6EA16EEEAC}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{4376307A-499E-41B1-9D84-06175371FD6D}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{438F6603-40C1-4AC3-AC4B-414A26583C8E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{43FF7164-86F2-4FC2-A845-CBBC19E05E3F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{451503B3-25ED-41CB-8D64-8D2B8B8EAD70}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{45E51F25-BBF8-4D99-9C4A-E9F86ACCA356}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{488265C7-6FFE-40F3-BC37-46AB99B1C69A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{48BBA6DB-7C47-4BBE-B9FF-8AC6F54E2D8C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{4A29DFC5-858A-4BDD-9FAD-00675E634BC9}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{4C3DAD4F-8ECF-4A50-8A89-206F6CD9B092}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{4E55DED3-D5BF-4961-A154-E803A9446130}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{4EBD9649-2CEA-4C3C-A590-E78C5AC1E81B}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{4EE209DB-D702-4342-8726-E1B1A70AC883}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{4FC1FA19-434B-4838-A05C-65F40C52C7B4}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{50B1DF32-4044-46A9-A257-B73FC1177D83}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{50BC2CBB-2F6F-4D4F-B42B-F7D2E8C7632C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{515759FB-4B28-4954-A5B8-4281EF25E36A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{51587A2A-6211-4DAC-A6A0-DD6774578897}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{51BB91BF-7FF9-4B72-AAC5-24053886E355}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{538A3AE4-391B-4E01-BDEC-B2F17993107F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{54B96705-B2D5-48BA-A51E-AD48914950BE}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{567147CD-738D-46F4-8C51-6B5E6492DD82}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{56AFB48E-CDB3-4F2E-BFA0-D9C69AEB38AD}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{5795C147-6EAF-4B4A-81AF-DB70D0D5976C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{57FA4139-3852-4A3B-83EF-C1977D01FE8E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{5AABBE92-C5E4-4E64-A7C2-7C24A5962891}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{5BA7570B-FD88-4EA0-AAC8-46F6D25441AE}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{5BF6DBCE-3400-4DDE-945D-C8AA08DE0FD5}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{5DC6A2C3-ADF6-4C56-A302-B2F71F9E5D8E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{5E6F5095-CD31-4730-A91E-A0F5A85E329F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{5F9C31BC-45EC-405D-8675-9A81EA4FCF69}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{5FCFCFBC-4EEB-4682-9916-8F714C6A2F52}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{60538AC5-48A9-4C46-99CF-3B52A728E94D}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{605C85D5-869F-4761-A211-2E157A30EEF5}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{617C0D38-33A7-4A4E-A400-36B5E9AF0791}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{618DC1C4-2AF5-4629-B4C7-B5D55C473CA4}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{6196E2B7-925C-4567-A414-98DA14E3212A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{62440F63-8845-4285-8E87-8C49A5C0D428}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{627E5324-1E40-422D-BB0B-E4C259D8642F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{63686394-7151-4BEA-9AF1-0FFFE48BAC05}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{650338F4-E479-4ABC-9525-A002B0E8C155}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{67611255-0BE1-4ED0-A787-294CACE96745}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{680B27DB-C92A-47C4-B567-2D21D5622DD0}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{69F82FD8-7B46-424C-9492-6263838ABB3C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{6A01F2C2-5F00-4EB4-9488-637FD813030F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{6AC90675-E394-4C98-9B45-FB52C08E29E6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{6BDBC343-DE6A-43B7-BB8F-61CD29455E88}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{6D3037A5-E203-4D0D-AE71-C742D1B202D8}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{6F9CF137-01F9-4CE0-8205-AA8C74D4FADD}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{70DC9430-5EEC-4F97-9FDB-62287739AB81}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{73391210-AB98-46A8-83E1-8DFB126F9B2A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{73491C78-EF0F-4351-9F95-67571B73C9B7}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{73A6AC4F-160D-47F5-8711-6C62048F1EB2}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{73A715B2-C1C3-45FC-9166-19BC0541C827}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{73B69B46-7400-408F-A87A-3F5F29F0686E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{74E94711-5999-4DE6-9DEA-83F7EDB9B8FE}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{76243BCE-9713-4E8F-BE1A-341C7E69F896}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{764BB876-45A8-4889-A51E-ACB52DD70B30}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{77A4A71E-5997-437B-813E-96F9B9164A40}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{78B70348-8721-418E-BFFC-C336DAEF5D2A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{7923BC9A-CE2D-446B-88C6-CCE4A749856C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{79286752-3ACC-4965-91A4-3E4AFEE411DA}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{79F990E8-407A-40A5-B02B-3AAD1BDCD656}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{7ABCD128-A1B1-40B0-BDC4-EB030EDE59E6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{7AF19D25-3AF6-4009-9FC0-063470BE4257}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{7D072B9F-E4A8-4058-91F3-FD47754B5140}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{7F24B5BB-CBE0-46FC-AC39-F69DFDEB4F2C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{7FF03F1E-A28F-4460-8DFE-EF5FA46E6D37}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{84A83ECC-AFEA-4357-8621-4570382FF28F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{84D92816-70C9-42ED-A72B-3F9D3E329D3E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{8534DF83-2579-49F9-B43A-921F64439389}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{85854B17-6DDB-416C-984D-A2F4AA81E4C8}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{85BD2F43-7D41-4126-8137-BD8C7208F9BA}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{869A0D40-87E6-4E73-864D-2B490BDF5C1E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{87D60AB0-D7A4-4497-8EBD-7600044CDFE0}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{88D59494-1D1B-4989-AE89-578EBCB07AC9}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{8979788E-03A6-4F52-A72C-5CEFB10359F1}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{89EB679B-3AD2-4DC6-B57E-DE1DD0663016}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{8B438605-623D-4FC5-9C8E-D40DB9232992}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{8B9AE4B0-9A9C-4C2A-9126-176635473A4B}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{8D0BB5B1-660B-4F2E-8E7B-46A40C96569C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{8D4F3865-914A-43F1-8704-159F18570CC6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{8F30CAD3-CAD6-4C34-AD4E-A8CBF0958274}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{903C9DE9-C581-4BFB-BC7C-230F5006CE9E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{90E6CDAA-4403-41F5-B3EA-28BEE307910F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9134D9B5-90FB-4B9F-B76F-75FB458FAE82}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{938B7EA1-250D-4F5C-ABE7-FC6F8D5AA28D}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{93E0234C-72AB-41B9-AF40-97B54F49DB83}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{93F8F818-3530-4465-ADE2-4E26B598CD2E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{948FC138-D15A-4781-BAB5-1F7155A50C37}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{95AC3189-6F6E-4B49-BC17-62ECE7B67D48}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{97127ACD-082A-49B0-8CE8-3A3F7E3AD059}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{97246DFE-6D61-4924-B104-FCEB1B7CA1E9}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{973F62E2-FE95-42A5-9F9F-1BD3E6E05B9F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9843A498-A1D7-4342-A787-1F42AB7A3233}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9A6A8284-0586-4BBD-A5EA-B9E3D3874250}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9B50AD3F-B8E8-46B3-9A40-6950AF270572}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9B96340B-B611-4B6E-B7D1-384D78D95168}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9BF959C3-5D00-46C4-B409-E1260A955F7A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9D00197F-33A4-4632-96F6-142A35825B96}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9D38E30E-B30D-43B0-A239-8E6FFAE674DB}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9DBF795F-1A91-4A48-A647-A6C1AD51F00C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9DF9D890-46C8-4AF8-93DC-57D98917355D}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{9F076907-9060-473F-853F-A5CBAE452930}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A0022194-C233-4F7B-966D-4CEE66DAAB1E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A0EA8D67-9459-4BC5-88C8-B2A2FFF6B723}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A165ACCE-044A-42E2-B4D6-FFD44291A26F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A2B0A0FD-412F-48C0-81F4-772E94478A58}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A3002983-C361-479A-99C0-417440818DAC}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A3FB8E3A-0F05-4ADE-A91D-8AF26DDEC0AA}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A4CBDBFA-1EC8-489B-AD10-F74A1604731F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A567B4DC-2488-4D2B-8859-1A23AC95F6D9}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A5A16DAC-317D-4D7A-8D13-9CE5D28B05BF}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A6B9C26A-A5A8-42E1-942D-98FDA6D00F11}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A791D6A3-CACF-428A-A224-7C38F12EB788}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A7E93B1E-34DC-4540-BC40-2CF096AD645B}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A80BDA84-54C3-462F-BF8E-515E4AA93BA2}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A80E38CF-D351-4CDD-AC79-5F8E8840AE1A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A8CD29F4-7086-45B3-B74E-DBEE1CEE4D54}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A9A794CD-77D2-4683-B947-C3FA5852D831}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{A9CC271A-763B-45CA-A2E4-8F4D84C43726}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{AA4F6F28-188E-4CCD-B6D9-FC69CBCEB414}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{AB8AB697-2878-4421-81E6-8DBE10E776A5}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{ACDE207A-7114-4836-A274-F5269B8040F7}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{AD37C185-0C21-4B10-889C-C791B0E32744}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{ADE13379-3624-473B-9301-3837F798FF7F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{B4487C88-B63E-419D-9F00-E872259AAB20}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{B45476ED-EB2D-4F5C-854A-07B1B7D8C257}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{B5309723-CC62-4027-948C-AB10FBB4E0EF}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{B55EB642-AFBD-43E9-9F70-E08DCF296073}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{B6520987-E40B-48B8-A7BD-5C56720DD003}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{B662BC93-2EE6-4E67-917A-27727A944530}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{B6E791B8-DBED-4BE6-88F2-71D5B8FF77A8}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{B71FCA53-C8F9-4888-BCFD-28D7809E8FF3}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{B80C4090-1D3E-4411-9714-F6E44D14108B}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com...ar=2&tn=baidudg
IE - HKCU\..\SearchScopes\{B9160106-58DA-4CDD-8AED-2ED35669DCB3}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{B991FDE7-16F2-420E-937B-D029C4D31BA1}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{BA3F86F2-BB20-4ADD-B684-37FE75C01AD0}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{BB022D91-80A0-44D8-9809-3A664EA36DCF}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{BB77F9E2-7808-4DB3-A30C-55B3EE9B0EC8}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{BC3E83D8-39FB-48BF-B26F-07A1BD32DCD6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{BCD39AC3-82FF-40D0-A8F2-5532697BAAA0}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{BD827490-A657-4397-B357-8DCAD2E16D11}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{C1D17B17-D1CC-44F7-812A-E7851AE157CA}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{C26360BC-BA68-44EA-952E-DD537CF54975}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{C3797575-1A95-47A6-B83C-FF8822FF41BA}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{C49DDD5E-E609-4E30-89DE-9B3701074985}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{C51E8D4C-D1D8-460B-A9C8-BF919C9C1CC2}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{C602B217-9D41-4701-9316-CB0A1C5D2319}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{C67C13A7-CA0C-49C7-B205-1C8D00A997F6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{C99CF812-394E-4A73-B904-82C44E91DE74}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{CA28DD1D-A27D-4299-AD35-2D67E8C52296}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{CB2C0548-48E2-4650-BC31-1D07E2122DB7}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{CCD6A0A3-97A4-4E30-B760-13DA77F620D4}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{CF03614B-2D07-4384-855B-E753E14C0430}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{CF98E32C-0119-4D4D-8B16-F5009701BF53}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{D1DBCFBA-6D31-4CF2-A137-2E7BE020A880}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{D2ACDBD3-3A9A-487B-B913-D57DA4188F2F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{D32655FA-24E1-4538-90A1-07DEA482DE8A}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{D3E9A2BC-C307-4BA1-9133-2C1E70FD94C2}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{D3EA280B-8731-4187-B5E5-EF759730B32F}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{D47A32D6-83F5-46AD-9390-E0DB63D39706}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{D9EBCBB8-D637-405C-8DE2-3133255D6008}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{DA8F192B-3940-476F-B45A-22DF3273B3FF}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{DB863D09-D503-49AF-87A9-F6127DEDBB7E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{DC026EFD-B5C8-4443-9BB0-B0DB1F909875}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{DC1B4ABC-89BF-4E0B-8A1A-D0F2660B1CCF}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{DC59EEF0-1A08-45F1-B8D0-532129CE97FC}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{DCCDE333-3E20-4587-8E9A-213EEEB126C5}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{DD82E70C-A3FB-4EDE-B7E1-AF2F5846CA28}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{DDDC5647-5EA4-4A40-A05E-F79A316B666B}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{DEAC5E26-AD29-409D-8C1F-EDF9154C7D19}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{DF5E73E5-D364-45DD-8956-8107BBEFE20B}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{DFE94E63-BB54-49E6-9675-03A5EF2FE8E6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{E024FD72-BD12-4974-B6B0-A9BA93D48831}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{E330521E-9E76-416F-A8DB-30B530E9A523}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{E350BA06-0E14-41BE-99F6-DE160CBBDFD3}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{E4CD6B20-2363-46C5-9E7D-CF93A2463DB9}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{E511BC53-38A0-492B-A919-5E2FD8424943}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{E579FFAE-2CB7-4C3F-B687-3202E591D1A0}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{E6BA734A-1E2D-4E23-A020-A1E306CED671}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{E788E7D9-6B2F-4F84-9914-8A1A07018FF6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{E8D52468-F254-4067-A6AB-2A9B2D58B12E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{E941021D-BDDB-467E-B8E1-04DDA72B2520}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{E95B8EAE-A83C-413E-989E-38D598C3B909}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{E96461BB-25D8-456E-83B1-C8E3F172869C}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{EA5A9605-5BB7-463F-A026-D0AA2B955EF1}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{EB55243D-1024-497C-9657-360E1FC925F5}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{EBDFCCE0-3950-4FD3-BBF0-34201DADA265}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{F0A453AF-7903-4CF7-B8CB-359DFF28FB85}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{F14A97D8-906E-4410-A4BF-4EB08BA94CAF}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{F19CCD89-12B6-4F11-8DC4-738FE55886B6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{F22EF83B-4FC0-409F-9B00-0D5857F48AEE}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{F5815406-D4C2-49E8-8416-80D09E7D41B6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{F8528161-4F37-4349-8263-26AEF1DFCEDA}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{F86A0B97-0B72-464E-A5B4-7036589B08CC}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{F9C0C042-90B0-4C3B-A8D4-E82D9C589CE4}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FA6E8332-3A73-4463-B36A-E1C42C2D1955}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FAF3AB99-9C63-4207-9C86-FE3EA536D744}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FB2B8657-5A54-4335-A132-DE8991AA5020}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FB604CFA-B0D3-47F6-B1A3-227F375EE5DC}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FC08FB4D-13DF-4BA8-9B24-80923D58CE6B}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FCDC7BDA-A400-4BCA-9816-F72E467FF789}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FCF841BA-A2AE-41F0-B0A0-D4E20C9CF3C6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FD46F805-BFC6-4934-B754-79A0ED04994E}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FD7AFDB4-750D-4BC1-926D-928AD41428F6}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FE67827F-DA82-4C8C-BD76-B266BCDE7165}: "URL" = http://www.burstfile...ampaign=search
IE - HKCU\..\SearchScopes\{FEE5E580-3EE6-4B88-8148-BA3D0BF9BFBE}: "URL" = http://www.burstfile...ampaign=search
O2 - BHO: (Slick Savings) - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Porew\AppData\Roaming\Slick Savings\Coupons.dll (Spigot, Inc.)
O2 - BHO: (7575219A-8C16-687D-FA22-ABE7DD9786E8 Class) - {7575219A-8C16-687D-FA22-ABE7DD9786E8} - c:\program files\baidu\{7575219a-8c16-687d-fa22-abe7dd9786e8}\addressbar.dll File not found
O2 - BHO: (BitAcceleratorBHO Class) - {CAC42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\BitAccelerator\BitAccelerator.dll (TODO: <Company name>)
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [37wan??] C:\Users\Porew\AppData\Roaming\37wan\wz\wz.exe ()
O4 - HKCU..\Run: [Slick Savings] C:\Users\Porew\AppData\Roaming\Slick Savings\CouponsHelper.exe (Spigot, Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{24ce1b12-ede7-11e1-ba1a-90e6bae39cb3}\Shell - "" = AutoRun
O33 - MountPoints2\{24ce1b12-ede7-11e1-ba1a-90e6bae39cb3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{ef1066f7-ef7f-11e1-b52d-90e6bae39cb3}\Shell - "" = AutoRun
O33 - MountPoints2\{ef1066f7-ef7f-11e1-b52d-90e6bae39cb3}\Shell\AutoRun\command - "" = J:\Startme.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :

  • Then click the Run Fix button at the top
    • Let the program run unhindered
    • Please save the resulting log to be posted in your next reply.
    • Reboot your computer
    Please post the OTL log.


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#4 porew

porew

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 10 February 2014 - 06:52 PM

here is the log All processes killed ========== PROCESSES ========== ========== OTL ========== HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{055436DA-05BA-40C1-A53A-B022792A0473}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{055436DA-05BA-40C1-A53A-B022792A0473}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0661DAD9-3379-435D-8268-D6955DDD623C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0661DAD9-3379-435D-8268-D6955DDD623C}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{082F00B5-1000-44C8-84CB-18BB34BBD8D2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{082F00B5-1000-44C8-84CB-18BB34BBD8D2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0A1E502D-3ED2-4D24-9870-B9A0E621E724}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A1E502D-3ED2-4D24-9870-B9A0E621E724}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0A6A7F9E-3FAC-45B2-94FB-E7E1A18CCC49}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A6A7F9E-3FAC-45B2-94FB-E7E1A18CCC49}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0A85E31A-2DE6-46A3-9AA1-4636E202B164}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A85E31A-2DE6-46A3-9AA1-4636E202B164}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0CA6C45C-39CF-49E7-88AE-2E318AC6536F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CA6C45C-39CF-49E7-88AE-2E318AC6536F}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D0A2CD7-3DC5-4557-863D-A1DBEFB40030}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D0A2CD7-3DC5-4557-863D-A1DBEFB40030}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0E14EA38-2E3D-4EA6-8B00-EE59B6F85D3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E14EA38-2E3D-4EA6-8B00-EE59B6F85D3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0EF50C8B-E11E-4D35-8B42-52D61131B1C2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EF50C8B-E11E-4D35-8B42-52D61131B1C2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0F48C673-3D58-4F03-9572-A47B869A4F48}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F48C673-3D58-4F03-9572-A47B869A4F48}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0FB29380-9FB6-43E0-88EE-77F45569C307}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB29380-9FB6-43E0-88EE-77F45569C307}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{10EEE150-DD46-4A02-BFE5-50D9FF82040B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EEE150-DD46-4A02-BFE5-50D9FF82040B}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{119DCB9C-CD4C-4EBF-81CF-B6951435C2C6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{119DCB9C-CD4C-4EBF-81CF-B6951435C2C6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{13C6ED5C-0A37-4877-844F-C85BB3D7F2E6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13C6ED5C-0A37-4877-844F-C85BB3D7F2E6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1426545B-9B6E-4FB6-8C5B-918D90A360A6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1426545B-9B6E-4FB6-8C5B-918D90A360A6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{17254946-98CE-4500-B2FA-265D9E2BAE9E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17254946-98CE-4500-B2FA-265D9E2BAE9E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{199CE0CC-56EC-48FB-9470-17CB817D6EE9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{199CE0CC-56EC-48FB-9470-17CB817D6EE9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{199CE2F7-A735-4945-8C07-E624F127B1FD}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{199CE2F7-A735-4945-8C07-E624F127B1FD}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{19E3E43E-1BE9-4BD6-B42D-AD581352F5A4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19E3E43E-1BE9-4BD6-B42D-AD581352F5A4}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1A4542E9-F14A-4F6D-9F82-CE6324F2BF4C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A4542E9-F14A-4F6D-9F82-CE6324F2BF4C}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1EB81E2F-8627-4E4D-941C-202E170C98EC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1EB81E2F-8627-4E4D-941C-202E170C98EC}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F06340A-9B81-4959-A505-A6E887B97D9A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F06340A-9B81-4959-A505-A6E887B97D9A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{20A2D8B1-CC85-4A05-A2A3-0015128A1178}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20A2D8B1-CC85-4A05-A2A3-0015128A1178}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{24F161CE-33E9-4F02-9E0F-E15028274175}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24F161CE-33E9-4F02-9E0F-E15028274175}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{26E908AF-391D-44BA-895F-969CBB483CF4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26E908AF-391D-44BA-895F-969CBB483CF4}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{271F8F28-EC60-493B-9498-40FD74CED7EE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{271F8F28-EC60-493B-9498-40FD74CED7EE}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{27A1C93E-6F06-4A9B-878A-26DC9AF33206}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27A1C93E-6F06-4A9B-878A-26DC9AF33206}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2883A444-EF2C-4BC4-85A7-43D3271F2DB5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2883A444-EF2C-4BC4-85A7-43D3271F2DB5}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28D000A3-0312-40CE-A61B-8B41A3406D43}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28D000A3-0312-40CE-A61B-8B41A3406D43}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{297E1EE7-7929-49CE-BE61-C7ABD3F985F0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{297E1EE7-7929-49CE-BE61-C7ABD3F985F0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{299C9355-E438-45A3-B456-BD1AA397BD2B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{299C9355-E438-45A3-B456-BD1AA397BD2B}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2A080ECA-E744-4F34-8515-7E68E5DD2EC3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A080ECA-E744-4F34-8515-7E68E5DD2EC3}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2B181C04-5825-404F-A785-16C2B4144B64}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B181C04-5825-404F-A785-16C2B4144B64}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2B355AA4-8846-4BFC-9C19-4FA16860DCF2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B355AA4-8846-4BFC-9C19-4FA16860DCF2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2BAAFB28-F225-40BD-BBCB-621C0FBF4216}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BAAFB28-F225-40BD-BBCB-621C0FBF4216}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2BBB21B6-4AFE-4D6B-9520-D6CC168908BA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BBB21B6-4AFE-4D6B-9520-D6CC168908BA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2C0787D8-FD51-4432-A218-EA7843787736}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C0787D8-FD51-4432-A218-EA7843787736}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2CD0EB02-4083-4B09-B7E8-0E26B5E43A3D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CD0EB02-4083-4B09-B7E8-0E26B5E43A3D}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2D4FF86E-461C-4460-B23A-FBDA0840D57C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D4FF86E-461C-4460-B23A-FBDA0840D57C}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2DCC93E6-1DD2-40CB-9FAD-53C5229D6825}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DCC93E6-1DD2-40CB-9FAD-53C5229D6825}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{310845BA-7881-4635-88DC-9BE9A2401CF0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{310845BA-7881-4635-88DC-9BE9A2401CF0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3150FD74-EB4A-4B14-8459-9C8F89BC6FCB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3150FD74-EB4A-4B14-8459-9C8F89BC6FCB}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3222F42E-3031-477F-A1FF-96E061E732BE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3222F42E-3031-477F-A1FF-96E061E732BE}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33958D5B-2F9D-41DB-93A7-375B36A60066}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33958D5B-2F9D-41DB-93A7-375B36A60066}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33AD292A-E1F6-41CE-85E0-C9B99098A66C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33AD292A-E1F6-41CE-85E0-C9B99098A66C}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33C23E1B-2655-46CF-B1B9-EDFFD6F63B4A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33C23E1B-2655-46CF-B1B9-EDFFD6F63B4A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3536C68A-46AD-4FAF-8B38-6840E0D8319A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3536C68A-46AD-4FAF-8B38-6840E0D8319A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36ABEE46-7158-4F28-BF22-72630E551FF6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36ABEE46-7158-4F28-BF22-72630E551FF6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36D3C9B1-EFDF-42C7-BEB8-0EFBD6915B21}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36D3C9B1-EFDF-42C7-BEB8-0EFBD6915B21}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{38504F5E-9D00-4141-892C-EF0A1FD60D1F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38504F5E-9D00-4141-892C-EF0A1FD60D1F}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{38E1E66A-3310-4196-916F-EB8825C56A8E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38E1E66A-3310-4196-916F-EB8825C56A8E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{39007A1D-7242-4446-BDB1-B7334212C236}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39007A1D-7242-4446-BDB1-B7334212C236}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3964FFF0-9A9A-4A3D-BDA4-9098CB745DB4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3964FFF0-9A9A-4A3D-BDA4-9098CB745DB4}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{39F5BD11-D12A-4A99-8EF5-0016CA4E8660}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F5BD11-D12A-4A99-8EF5-0016CA4E8660}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3A557624-A41B-436C-83BD-7A3C68B9DD57}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A557624-A41B-436C-83BD-7A3C68B9DD57}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3B8DA2E3-7C5D-4CFC-BD61-438B3637EAC8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B8DA2E3-7C5D-4CFC-BD61-438B3637EAC8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3D4BE040-F095-40FF-B830-D4CA71917AEA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D4BE040-F095-40FF-B830-D4CA71917AEA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3D7CC8D4-D591-4379-8665-A64B912A50E9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D7CC8D4-D591-4379-8665-A64B912A50E9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3E23E29F-2A2E-4B97-8F37-CB03B3D4C564}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E23E29F-2A2E-4B97-8F37-CB03B3D4C564}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3F517F1F-A8F6-4D5E-B7BC-9F4A7E026875}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F517F1F-A8F6-4D5E-B7BC-9F4A7E026875}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3FBD84EC-62ED-40C4-BAFD-F5B4268201D3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3FBD84EC-62ED-40C4-BAFD-F5B4268201D3}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3FC41641-A1DF-40E1-9019-048669259B58}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3FC41641-A1DF-40E1-9019-048669259B58}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{400B686B-C420-4F9F-8D90-5C8EA3587403}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{400B686B-C420-4F9F-8D90-5C8EA3587403}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{40CB4C3D-567A-40E5-8A19-0C185D70B226}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40CB4C3D-567A-40E5-8A19-0C185D70B226}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{40E97276-EA86-4A80-BE0D-4A102E7940A6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40E97276-EA86-4A80-BE0D-4A102E7940A6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{41296825-A219-4B41-B545-13315CD98C8C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41296825-A219-4B41-B545-13315CD98C8C}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{41A19AF6-1549-4C17-B390-DF6EA16EEEAC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41A19AF6-1549-4C17-B390-DF6EA16EEEAC}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4376307A-499E-41B1-9D84-06175371FD6D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4376307A-499E-41B1-9D84-06175371FD6D}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{438F6603-40C1-4AC3-AC4B-414A26583C8E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438F6603-40C1-4AC3-AC4B-414A26583C8E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{43FF7164-86F2-4FC2-A845-CBBC19E05E3F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43FF7164-86F2-4FC2-A845-CBBC19E05E3F}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{451503B3-25ED-41CB-8D64-8D2B8B8EAD70}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{451503B3-25ED-41CB-8D64-8D2B8B8EAD70}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{45E51F25-BBF8-4D99-9C4A-E9F86ACCA356}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45E51F25-BBF8-4D99-9C4A-E9F86ACCA356}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{488265C7-6FFE-40F3-BC37-46AB99B1C69A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{488265C7-6FFE-40F3-BC37-46AB99B1C69A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{48BBA6DB-7C47-4BBE-B9FF-8AC6F54E2D8C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48BBA6DB-7C47-4BBE-B9FF-8AC6F54E2D8C}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4A29DFC5-858A-4BDD-9FAD-00675E634BC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A29DFC5-858A-4BDD-9FAD-00675E634BC9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4C3DAD4F-8ECF-4A50-8A89-206F6CD9B092}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C3DAD4F-8ECF-4A50-8A89-206F6CD9B092}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4E55DED3-D5BF-4961-A154-E803A9446130}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E55DED3-D5BF-4961-A154-E803A9446130}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4EBD9649-2CEA-4C3C-A590-E78C5AC1E81B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EBD9649-2CEA-4C3C-A590-E78C5AC1E81B}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4EE209DB-D702-4342-8726-E1B1A70AC883}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EE209DB-D702-4342-8726-E1B1A70AC883}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4FC1FA19-434B-4838-A05C-65F40C52C7B4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4FC1FA19-434B-4838-A05C-65F40C52C7B4}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{50B1DF32-4044-46A9-A257-B73FC1177D83}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50B1DF32-4044-46A9-A257-B73FC1177D83}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{50BC2CBB-2F6F-4D4F-B42B-F7D2E8C7632C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50BC2CBB-2F6F-4D4F-B42B-F7D2E8C7632C}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{515759FB-4B28-4954-A5B8-4281EF25E36A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{515759FB-4B28-4954-A5B8-4281EF25E36A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{51587A2A-6211-4DAC-A6A0-DD6774578897}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51587A2A-6211-4DAC-A6A0-DD6774578897}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{51BB91BF-7FF9-4B72-AAC5-24053886E355}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51BB91BF-7FF9-4B72-AAC5-24053886E355}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{538A3AE4-391B-4E01-BDEC-B2F17993107F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{538A3AE4-391B-4E01-BDEC-B2F17993107F}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{54B96705-B2D5-48BA-A51E-AD48914950BE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54B96705-B2D5-48BA-A51E-AD48914950BE}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{567147CD-738D-46F4-8C51-6B5E6492DD82}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{567147CD-738D-46F4-8C51-6B5E6492DD82}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56AFB48E-CDB3-4F2E-BFA0-D9C69AEB38AD}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56AFB48E-CDB3-4F2E-BFA0-D9C69AEB38AD}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5795C147-6EAF-4B4A-81AF-DB70D0D5976C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5795C147-6EAF-4B4A-81AF-DB70D0D5976C}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{57FA4139-3852-4A3B-83EF-C1977D01FE8E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57FA4139-3852-4A3B-83EF-C1977D01FE8E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5AABBE92-C5E4-4E64-A7C2-7C24A5962891}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AABBE92-C5E4-4E64-A7C2-7C24A5962891}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BA7570B-FD88-4EA0-AAC8-46F6D25441AE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BA7570B-FD88-4EA0-AAC8-46F6D25441AE}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BF6DBCE-3400-4DDE-945D-C8AA08DE0FD5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BF6DBCE-3400-4DDE-945D-C8AA08DE0FD5}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5DC6A2C3-ADF6-4C56-A302-B2F71F9E5D8E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5DC6A2C3-ADF6-4C56-A302-B2F71F9E5D8E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5E6F5095-CD31-4730-A91E-A0F5A85E329F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E6F5095-CD31-4730-A91E-A0F5A85E329F}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5F9C31BC-45EC-405D-8675-9A81EA4FCF69}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F9C31BC-45EC-405D-8675-9A81EA4FCF69}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5FCFCFBC-4EEB-4682-9916-8F714C6A2F52}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FCFCFBC-4EEB-4682-9916-8F714C6A2F52}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{60538AC5-48A9-4C46-99CF-3B52A728E94D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60538AC5-48A9-4C46-99CF-3B52A728E94D}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{605C85D5-869F-4761-A211-2E157A30EEF5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{605C85D5-869F-4761-A211-2E157A30EEF5}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{617C0D38-33A7-4A4E-A400-36B5E9AF0791}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{617C0D38-33A7-4A4E-A400-36B5E9AF0791}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{618DC1C4-2AF5-4629-B4C7-B5D55C473CA4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{618DC1C4-2AF5-4629-B4C7-B5D55C473CA4}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6196E2B7-925C-4567-A414-98DA14E3212A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6196E2B7-925C-4567-A414-98DA14E3212A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{62440F63-8845-4285-8E87-8C49A5C0D428}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62440F63-8845-4285-8E87-8C49A5C0D428}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{627E5324-1E40-422D-BB0B-E4C259D8642F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{627E5324-1E40-422D-BB0B-E4C259D8642F}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{63686394-7151-4BEA-9AF1-0FFFE48BAC05}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63686394-7151-4BEA-9AF1-0FFFE48BAC05}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{650338F4-E479-4ABC-9525-A002B0E8C155}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{650338F4-E479-4ABC-9525-A002B0E8C155}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67611255-0BE1-4ED0-A787-294CACE96745}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67611255-0BE1-4ED0-A787-294CACE96745}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{680B27DB-C92A-47C4-B567-2D21D5622DD0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{680B27DB-C92A-47C4-B567-2D21D5622DD0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{69F82FD8-7B46-424C-9492-6263838ABB3C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69F82FD8-7B46-424C-9492-6263838ABB3C}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A01F2C2-5F00-4EB4-9488-637FD813030F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A01F2C2-5F00-4EB4-9488-637FD813030F}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6AC90675-E394-4C98-9B45-FB52C08E29E6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6AC90675-E394-4C98-9B45-FB52C08E29E6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6BDBC343-DE6A-43B7-BB8F-61CD29455E88}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BDBC343-DE6A-43B7-BB8F-61CD29455E88}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6D3037A5-E203-4D0D-AE71-C742D1B202D8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D3037A5-E203-4D0D-AE71-C742D1B202D8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6F9CF137-01F9-4CE0-8205-AA8C74D4FADD}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F9CF137-01F9-4CE0-8205-AA8C74D4FADD}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70DC9430-5EEC-4F97-9FDB-62287739AB81}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70DC9430-5EEC-4F97-9FDB-62287739AB81}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{73391210-AB98-46A8-83E1-8DFB126F9B2A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73391210-AB98-46A8-83E1-8DFB126F9B2A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{73491C78-EF0F-4351-9F95-67571B73C9B7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73491C78-EF0F-4351-9F95-67571B73C9B7}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{73A6AC4F-160D-47F5-8711-6C62048F1EB2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73A6AC4F-160D-47F5-8711-6C62048F1EB2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{73A715B2-C1C3-45FC-9166-19BC0541C827}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73A715B2-C1C3-45FC-9166-19BC0541C827}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{73B69B46-7400-408F-A87A-3F5F29F0686E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73B69B46-7400-408F-A87A-3F5F29F0686E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{74E94711-5999-4DE6-9DEA-83F7EDB9B8FE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74E94711-5999-4DE6-9DEA-83F7EDB9B8FE}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{76243BCE-9713-4E8F-BE1A-341C7E69F896}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76243BCE-9713-4E8F-BE1A-341C7E69F896}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{764BB876-45A8-4889-A51E-ACB52DD70B30}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{764BB876-45A8-4889-A51E-ACB52DD70B30}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77A4A71E-5997-437B-813E-96F9B9164A40}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77A4A71E-5997-437B-813E-96F9B9164A40}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{78B70348-8721-418E-BFFC-C336DAEF5D2A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78B70348-8721-418E-BFFC-C336DAEF5D2A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7923BC9A-CE2D-446B-88C6-CCE4A749856C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7923BC9A-CE2D-446B-88C6-CCE4A749856C}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{79286752-3ACC-4965-91A4-3E4AFEE411DA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79286752-3ACC-4965-91A4-3E4AFEE411DA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{79F990E8-407A-40A5-B02B-3AAD1BDCD656}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79F990E8-407A-40A5-B02B-3AAD1BDCD656}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7ABCD128-A1B1-40B0-BDC4-EB030EDE59E6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ABCD128-A1B1-40B0-BDC4-EB030EDE59E6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7AF19D25-3AF6-4009-9FC0-063470BE4257}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AF19D25-3AF6-4009-9FC0-063470BE4257}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7D072B9F-E4A8-4058-91F3-FD47754B5140}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D072B9F-E4A8-4058-91F3-FD47754B5140}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F24B5BB-CBE0-46FC-AC39-F69DFDEB4F2C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F24B5BB-CBE0-46FC-AC39-F69DFDEB4F2C}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7FF03F1E-A28F-4460-8DFE-EF5FA46E6D37}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FF03F1E-A28F-4460-8DFE-EF5FA46E6D37}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{84A83ECC-AFEA-4357-8621-4570382FF28F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84A83ECC-AFEA-4357-8621-4570382FF28F}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{84D92816-70C9-42ED-A72B-3F9D3E329D3E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84D92816-70C9-42ED-A72B-3F9D3E329D3E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8534DF83-2579-49F9-B43A-921F64439389}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8534DF83-2579-49F9-B43A-921F64439389}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{85854B17-6DDB-416C-984D-A2F4AA81E4C8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85854B17-6DDB-416C-984D-A2F4AA81E4C8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{85BD2F43-7D41-4126-8137-BD8C7208F9BA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85BD2F43-7D41-4126-8137-BD8C7208F9BA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{869A0D40-87E6-4E73-864D-2B490BDF5C1E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{869A0D40-87E6-4E73-864D-2B490BDF5C1E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{87D60AB0-D7A4-4497-8EBD-7600044CDFE0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87D60AB0-D7A4-4497-8EBD-7600044CDFE0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{88D59494-1D1B-4989-AE89-578EBCB07AC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D59494-1D1B-4989-AE89-578EBCB07AC9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8979788E-03A6-4F52-A72C-5CEFB10359F1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8979788E-03A6-4F52-A72C-5CEFB10359F1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{89EB679B-3AD2-4DC6-B57E-DE1DD0663016}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89EB679B-3AD2-4DC6-B57E-DE1DD0663016}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8B438605-623D-4FC5-9C8E-D40DB9232992}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B438605-623D-4FC5-9C8E-D40DB9232992}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8B9AE4B0-9A9C-4C2A-9126-176635473A4B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B9AE4B0-9A9C-4C2A-9126-176635473A4B}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8D0BB5B1-660B-4F2E-8E7B-46A40C96569C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D0BB5B1-660B-4F2E-8E7B-46A40C96569C}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8D4F3865-914A-43F1-8704-159F18570CC6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D4F3865-914A-43F1-8704-159F18570CC6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8F30CAD3-CAD6-4C34-AD4E-A8CBF0958274}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F30CAD3-CAD6-4C34-AD4E-A8CBF0958274}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{903C9DE9-C581-4BFB-BC7C-230F5006CE9E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{903C9DE9-C581-4BFB-BC7C-230F5006CE9E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{90E6CDAA-4403-41F5-B3EA-28BEE307910F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90E6CDAA-4403-41F5-B3EA-28BEE307910F}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9134D9B5-90FB-4B9F-B76F-75FB458FAE82}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9134D9B5-90FB-4B9F-B76F-75FB458FAE82}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{938B7EA1-250D-4F5C-ABE7-FC6F8D5AA28D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{938B7EA1-250D-4F5C-ABE7-FC6F8D5AA28D}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{93E0234C-72AB-41B9-AF40-97B54F49DB83}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93E0234C-72AB-41B9-AF40-97B54F49DB83}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{93F8F818-3530-4465-ADE2-4E26B598CD2E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93F8F818-3530-4465-ADE2-4E26B598CD2E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{948FC138-D15A-4781-BAB5-1F7155A50C37}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{948FC138-D15A-4781-BAB5-1F7155A50C37}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95AC3189-6F6E-4B49-BC17-62ECE7B67D48}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95AC3189-6F6E-4B49-BC17-62ECE7B67D48}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{97127ACD-082A-49B0-8CE8-3A3F7E3AD059}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97127ACD-082A-49B0-8CE8-3A3F7E3AD059}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{97246DFE-6D61-4924-B104-FCEB1B7CA1E9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97246DFE-6D61-4924-B104-FCEB1B7CA1E9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{973F62E2-FE95-42A5-9F9F-1BD3E6E05B9F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{973F62E2-FE95-42A5-9F9F-1BD3E6E05B9F}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9843A498-A1D7-4342-A787-1F42AB7A3233}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9843A498-A1D7-4342-A787-1F42AB7A3233}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A6A8284-0586-4BBD-A5EA-B9E3D3874250}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A6A8284-0586-4BBD-A5EA-B9E3D3874250}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9B50AD3F-B8E8-46B3-9A40-6950AF270572}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B50AD3F-B8E8-46B3-9A40-6950AF270572}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9B96340B-B611-4B6E-B7D1-384D78D95168}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B96340B-B611-4B6E-B7D1-384D78D95168}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BF959C3-5D00-46C4-B409-E1260A955F7A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BF959C3-5D00-46C4-B409-E1260A955F7A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9D00197F-33A4-4632-96F6-142A35825B96}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D00197F-33A4-4632-96F6-142A35825B96}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9D38E30E-B30D-43B0-A239-8E6FFAE674DB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D38E30E-B30D-43B0-A239-8E6FFAE674DB}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9DBF795F-1A91-4A48-A647-A6C1AD51F00C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9DBF795F-1A91-4A48-A647-A6C1AD51F00C}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9DF9D890-46C8-4AF8-93DC-57D98917355D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9DF9D890-46C8-4AF8-93DC-57D98917355D}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9F076907-9060-473F-853F-A5CBAE452930}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F076907-9060-473F-853F-A5CBAE452930}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A0022194-C233-4F7B-966D-4CEE66DAAB1E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0022194-C233-4F7B-966D-4CEE66DAAB1E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A0EA8D67-9459-4BC5-88C8-B2A2FFF6B723}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0EA8D67-9459-4BC5-88C8-B2A2FFF6B723}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A165ACCE-044A-42E2-B4D6-FFD44291A26F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A165ACCE-044A-42E2-B4D6-FFD44291A26F}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A2B0A0FD-412F-48C0-81F4-772E94478A58}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2B0A0FD-412F-48C0-81F4-772E94478A58}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A3002983-C361-479A-99C0-417440818DAC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3002983-C361-479A-99C0-417440818DAC}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A3FB8E3A-0F05-4ADE-A91D-8AF26DDEC0AA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3FB8E3A-0F05-4ADE-A91D-8AF26DDEC0AA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A4CBDBFA-1EC8-489B-AD10-F74A1604731F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4CBDBFA-1EC8-489B-AD10-F74A1604731F}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A567B4DC-2488-4D2B-8859-1A23AC95F6D9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A567B4DC-2488-4D2B-8859-1A23AC95F6D9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5A16DAC-317D-4D7A-8D13-9CE5D28B05BF}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A5A16DAC-317D-4D7A-8D13-9CE5D28B05BF}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A6B9C26A-A5A8-42E1-942D-98FDA6D00F11}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6B9C26A-A5A8-42E1-942D-98FDA6D00F11}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A791D6A3-CACF-428A-A224-7C38F12EB788}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A791D6A3-CACF-428A-A224-7C38F12EB788}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A7E93B1E-34DC-4540-BC40-2CF096AD645B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7E93B1E-34DC-4540-BC40-2CF096AD645B}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A80BDA84-54C3-462F-BF8E-515E4AA93BA2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A80BDA84-54C3-462F-BF8E-515E4AA93BA2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A80E38CF-D351-4CDD-AC79-5F8E8840AE1A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A80E38CF-D351-4CDD-AC79-5F8E8840AE1A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A8CD29F4-7086-45B3-B74E-DBEE1CEE4D54}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8CD29F4-7086-45B3-B74E-DBEE1CEE4D54}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A9A794CD-77D2-4683-B947-C3FA5852D831}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9A794CD-77D2-4683-B947-C3FA5852D831}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A9CC271A-763B-45CA-A2E4-8F4D84C43726}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9CC271A-763B-45CA-A2E4-8F4D84C43726}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA4F6F28-188E-4CCD-B6D9-FC69CBCEB414}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA4F6F28-188E-4CCD-B6D9-FC69CBCEB414}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AB8AB697-2878-4421-81E6-8DBE10E776A5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB8AB697-2878-4421-81E6-8DBE10E776A5}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ACDE207A-7114-4836-A274-F5269B8040F7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ACDE207A-7114-4836-A274-F5269B8040F7}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD37C185-0C21-4B10-889C-C791B0E32744}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD37C185-0C21-4B10-889C-C791B0E32744}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ADE13379-3624-473B-9301-3837F798FF7F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADE13379-3624-473B-9301-3837F798FF7F}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B4487C88-B63E-419D-9F00-E872259AAB20}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4487C88-B63E-419D-9F00-E872259AAB20}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B45476ED-EB2D-4F5C-854A-07B1B7D8C257}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B45476ED-EB2D-4F5C-854A-07B1B7D8C257}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B5309723-CC62-4027-948C-AB10FBB4E0EF}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5309723-CC62-4027-948C-AB10FBB4E0EF}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B55EB642-AFBD-43E9-9F70-E08DCF296073}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B55EB642-AFBD-43E9-9F70-E08DCF296073}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B6520987-E40B-48B8-A7BD-5C56720DD003}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B6520987-E40B-48B8-A7BD-5C56720DD003}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B662BC93-2EE6-4E67-917A-27727A944530}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B662BC93-2EE6-4E67-917A-27727A944530}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B6E791B8-DBED-4BE6-88F2-71D5B8FF77A8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B6E791B8-DBED-4BE6-88F2-71D5B8FF77A8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B71FCA53-C8F9-4888-BCFD-28D7809E8FF3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B71FCA53-C8F9-4888-BCFD-28D7809E8FF3}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B80C4090-1D3E-4411-9714-F6E44D14108B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B80C4090-1D3E-4411-9714-F6E44D14108B}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B9160106-58DA-4CDD-8AED-2ED35669DCB3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9160106-58DA-4CDD-8AED-2ED35669DCB3}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B991FDE7-16F2-420E-937B-D029C4D31BA1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B991FDE7-16F2-420E-937B-D029C4D31BA1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BA3F86F2-BB20-4ADD-B684-37FE75C01AD0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA3F86F2-BB20-4ADD-B684-37FE75C01AD0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB022D91-80A0-44D8-9809-3A664EA36DCF}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB022D91-80A0-44D8-9809-3A664EA36DCF}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB77F9E2-7808-4DB3-A30C-55B3EE9B0EC8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB77F9E2-7808-4DB3-A30C-55B3EE9B0EC8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC3E83D8-39FB-48BF-B26F-07A1BD32DCD6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC3E83D8-39FB-48BF-B26F-07A1BD32DCD6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BCD39AC3-82FF-40D0-A8F2-5532697BAAA0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCD39AC3-82FF-40D0-A8F2-5532697BAAA0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BD827490-A657-4397-B357-8DCAD2E16D11}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD827490-A657-4397-B357-8DCAD2E16D11}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C1D17B17-D1CC-44F7-812A-E7851AE157CA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1D17B17-D1CC-44F7-812A-E7851AE157CA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C26360BC-BA68-44EA-952E-DD537CF54975}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C26360BC-BA68-44EA-952E-DD537CF54975}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C3797575-1A95-47A6-B83C-FF8822FF41BA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3797575-1A95-47A6-B83C-FF8822FF41BA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C49DDD5E-E609-4E30-89DE-9B3701074985}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C49DDD5E-E609-4E30-89DE-9B3701074985}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C51E8D4C-D1D8-460B-A9C8-BF919C9C1CC2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C51E8D4C-D1D8-460B-A9C8-BF919C9C1CC2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C602B217-9D41-4701-9316-CB0A1C5D2319}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C602B217-9D41-4701-9316-CB0A1C5D2319}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C67C13A7-CA0C-49C7-B205-1C8D00A997F6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C67C13A7-CA0C-49C7-B205-1C8D00A997F6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C99CF812-394E-4A73-B904-82C44E91DE74}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C99CF812-394E-4A73-B904-82C44E91DE74}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CA28DD1D-A27D-4299-AD35-2D67E8C52296}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA28DD1D-A27D-4299-AD35-2D67E8C52296}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CB2C0548-48E2-4650-BC31-1D07E2122DB7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB2C0548-48E2-4650-BC31-1D07E2122DB7}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCD6A0A3-97A4-4E30-B760-13DA77F620D4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCD6A0A3-97A4-4E30-B760-13DA77F620D4}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF03614B-2D07-4384-855B-E753E14C0430}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF03614B-2D07-4384-855B-E753E14C0430}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF98E32C-0119-4D4D-8B16-F5009701BF53}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF98E32C-0119-4D4D-8B16-F5009701BF53}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D1DBCFBA-6D31-4CF2-A137-2E7BE020A880}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1DBCFBA-6D31-4CF2-A137-2E7BE020A880}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D2ACDBD3-3A9A-487B-B913-D57DA4188F2F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2ACDBD3-3A9A-487B-B913-D57DA4188F2F}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D32655FA-24E1-4538-90A1-07DEA482DE8A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D32655FA-24E1-4538-90A1-07DEA482DE8A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D3E9A2BC-C307-4BA1-9133-2C1E70FD94C2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3E9A2BC-C307-4BA1-9133-2C1E70FD94C2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D3EA280B-8731-4187-B5E5-EF759730B32F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3EA280B-8731-4187-B5E5-EF759730B32F}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D47A32D6-83F5-46AD-9390-E0DB63D39706}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D47A32D6-83F5-46AD-9390-E0DB63D39706}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D9EBCBB8-D637-405C-8DE2-3133255D6008}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9EBCBB8-D637-405C-8DE2-3133255D6008}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DA8F192B-3940-476F-B45A-22DF3273B3FF}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA8F192B-3940-476F-B45A-22DF3273B3FF}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DB863D09-D503-49AF-87A9-F6127DEDBB7E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB863D09-D503-49AF-87A9-F6127DEDBB7E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC026EFD-B5C8-4443-9BB0-B0DB1F909875}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC026EFD-B5C8-4443-9BB0-B0DB1F909875}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC1B4ABC-89BF-4E0B-8A1A-D0F2660B1CCF}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC1B4ABC-89BF-4E0B-8A1A-D0F2660B1CCF}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC59EEF0-1A08-45F1-B8D0-532129CE97FC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC59EEF0-1A08-45F1-B8D0-532129CE97FC}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DCCDE333-3E20-4587-8E9A-213EEEB126C5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCCDE333-3E20-4587-8E9A-213EEEB126C5}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DD82E70C-A3FB-4EDE-B7E1-AF2F5846CA28}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD82E70C-A3FB-4EDE-B7E1-AF2F5846CA28}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DDDC5647-5EA4-4A40-A05E-F79A316B666B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDDC5647-5EA4-4A40-A05E-F79A316B666B}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DEAC5E26-AD29-409D-8C1F-EDF9154C7D19}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEAC5E26-AD29-409D-8C1F-EDF9154C7D19}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DF5E73E5-D364-45DD-8956-8107BBEFE20B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF5E73E5-D364-45DD-8956-8107BBEFE20B}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DFE94E63-BB54-49E6-9675-03A5EF2FE8E6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFE94E63-BB54-49E6-9675-03A5EF2FE8E6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E024FD72-BD12-4974-B6B0-A9BA93D48831}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E024FD72-BD12-4974-B6B0-A9BA93D48831}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E330521E-9E76-416F-A8DB-30B530E9A523}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E330521E-9E76-416F-A8DB-30B530E9A523}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E350BA06-0E14-41BE-99F6-DE160CBBDFD3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E350BA06-0E14-41BE-99F6-DE160CBBDFD3}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E4CD6B20-2363-46C5-9E7D-CF93A2463DB9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E4CD6B20-2363-46C5-9E7D-CF93A2463DB9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E511BC53-38A0-492B-A919-5E2FD8424943}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E511BC53-38A0-492B-A919-5E2FD8424943}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E579FFAE-2CB7-4C3F-B687-3202E591D1A0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E579FFAE-2CB7-4C3F-B687-3202E591D1A0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E6BA734A-1E2D-4E23-A020-A1E306CED671}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6BA734A-1E2D-4E23-A020-A1E306CED671}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E788E7D9-6B2F-4F84-9914-8A1A07018FF6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E788E7D9-6B2F-4F84-9914-8A1A07018FF6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E8D52468-F254-4067-A6AB-2A9B2D58B12E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8D52468-F254-4067-A6AB-2A9B2D58B12E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E941021D-BDDB-467E-B8E1-04DDA72B2520}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E941021D-BDDB-467E-B8E1-04DDA72B2520}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E95B8EAE-A83C-413E-989E-38D598C3B909}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E95B8EAE-A83C-413E-989E-38D598C3B909}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E96461BB-25D8-456E-83B1-C8E3F172869C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E96461BB-25D8-456E-83B1-C8E3F172869C}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EA5A9605-5BB7-463F-A026-D0AA2B955EF1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA5A9605-5BB7-463F-A026-D0AA2B955EF1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EB55243D-1024-497C-9657-360E1FC925F5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB55243D-1024-497C-9657-360E1FC925F5}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EBDFCCE0-3950-4FD3-BBF0-34201DADA265}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBDFCCE0-3950-4FD3-BBF0-34201DADA265}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F0A453AF-7903-4CF7-B8CB-359DFF28FB85}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0A453AF-7903-4CF7-B8CB-359DFF28FB85}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F14A97D8-906E-4410-A4BF-4EB08BA94CAF}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F14A97D8-906E-4410-A4BF-4EB08BA94CAF}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F19CCD89-12B6-4F11-8DC4-738FE55886B6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F19CCD89-12B6-4F11-8DC4-738FE55886B6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F22EF83B-4FC0-409F-9B00-0D5857F48AEE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F22EF83B-4FC0-409F-9B00-0D5857F48AEE}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F5815406-D4C2-49E8-8416-80D09E7D41B6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5815406-D4C2-49E8-8416-80D09E7D41B6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F8528161-4F37-4349-8263-26AEF1DFCEDA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8528161-4F37-4349-8263-26AEF1DFCEDA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F86A0B97-0B72-464E-A5B4-7036589B08CC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F86A0B97-0B72-464E-A5B4-7036589B08CC}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F9C0C042-90B0-4C3B-A8D4-E82D9C589CE4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9C0C042-90B0-4C3B-A8D4-E82D9C589CE4}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FA6E8332-3A73-4463-B36A-E1C42C2D1955}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA6E8332-3A73-4463-B36A-E1C42C2D1955}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FAF3AB99-9C63-4207-9C86-FE3EA536D744}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FAF3AB99-9C63-4207-9C86-FE3EA536D744}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FB2B8657-5A54-4335-A132-DE8991AA5020}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB2B8657-5A54-4335-A132-DE8991AA5020}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FB604CFA-B0D3-47F6-B1A3-227F375EE5DC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB604CFA-B0D3-47F6-B1A3-227F375EE5DC}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FC08FB4D-13DF-4BA8-9B24-80923D58CE6B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC08FB4D-13DF-4BA8-9B24-80923D58CE6B}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FCDC7BDA-A400-4BCA-9816-F72E467FF789}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCDC7BDA-A400-4BCA-9816-F72E467FF789}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FCF841BA-A2AE-41F0-B0A0-D4E20C9CF3C6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCF841BA-A2AE-41F0-B0A0-D4E20C9CF3C6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FD46F805-BFC6-4934-B754-79A0ED04994E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD46F805-BFC6-4934-B754-79A0ED04994E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FD7AFDB4-750D-4BC1-926D-928AD41428F6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD7AFDB4-750D-4BC1-926D-928AD41428F6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FE67827F-DA82-4C8C-BD76-B266BCDE7165}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE67827F-DA82-4C8C-BD76-B266BCDE7165}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FEE5E580-3EE6-4B88-8148-BA3D0BF9BFBE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEE5E580-3EE6-4B88-8148-BA3D0BF9BFBE}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}\ not found. File C:\Users\Porew\AppData\Roaming\Slick Savings\Coupons.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7575219A-8C16-687D-FA22-ABE7DD9786E8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7575219A-8C16-687D-FA22-ABE7DD9786E8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAC42510-9B41-42c1-9DCD-7282A2D07C61}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAC42510-9B41-42c1-9DCD-7282A2D07C61}\ deleted successfully. C:\Program Files\BitAccelerator\BitAccelerator.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\37wan?? not found. C:\Users\Porew\AppData\Roaming\37wan\wz\wz.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Slick Savings not found. File C:\Users\Porew\AppData\Roaming\Slick Savings\CouponsHelper.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully. C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ce1b12-ede7-11e1-ba1a-90e6bae39cb3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ce1b12-ede7-11e1-ba1a-90e6bae39cb3}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ce1b12-ede7-11e1-ba1a-90e6bae39cb3}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ce1b12-ede7-11e1-ba1a-90e6bae39cb3}\ not found. File G:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef1066f7-ef7f-11e1-b52d-90e6bae39cb3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef1066f7-ef7f-11e1-b52d-90e6bae39cb3}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef1066f7-ef7f-11e1-b52d-90e6bae39cb3}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef1066f7-ef7f-11e1-b52d-90e6bae39cb3}\ not found. File J:\Startme.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found. File G:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. File H:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found. File I:\LaunchU3.exe -a not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 57472 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Porew ->Temp folder emptied: 863379574 bytes ->Temporary Internet Files folder emptied: 369126398 bytes ->Java cache emptied: 7774242 bytes ->Google Chrome cache emptied: 478399396 bytes ->Flash cache emptied: 181306 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 401408 bytes %systemroot%\System32 .tmp files removed: 1564672 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 370084579 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1,994.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02112014_084612 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...

#5 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 10 February 2014 - 08:42 PM

Download ComboFix from here:  http://download.blee...Bs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html 
     
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix.  If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#6 porew

porew

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 11 February 2014 - 05:19 AM

ComboFix 14-02-05.02 - Porew 1/2014 Tue  19:08:30.1.2 - x86

Microsoft Windows 7 Professional   6.1.7601.1.932.81.1033.18.3071.1874 [GMT 8:00]
Running from: c:\users\Porew\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\desktop.ini
c:\program files\BitAccelerator
c:\programdata\hpeC82F.dll
c:\programdata\ie169.ico
c:\programdata\SEC94D0.tmp
c:\users\Porew\AppData\Local\assembly\tmp
c:\users\Porew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenBitCoin.exe.lnk
c:\users\Porew\AppData\Roaming\Porewlog.dat
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\config.ini
c:\windows\system32\DEBUG.log
c:\windows\system32\Explorer
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-11 to 2014-02-11  )))))))))))))))))))))))))))))))
.
.
2014-02-11 00:46 . 2014-02-11 00:46 -------- d-----w- C:\_OTL
2014-02-10 14:10 . 2014-02-10 14:10 -------- d-----w- c:\program files\iPod
2014-02-10 14:10 . 2014-02-10 14:11 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-10 14:10 . 2014-02-10 14:11 -------- d-----w- c:\program files\iTunes
2014-02-09 06:49 . 2014-02-09 06:49 -------- d-----w- c:\program files\SubaGames
2014-02-09 05:26 . 2014-02-09 05:26 -------- d-----w- c:\programdata\boost_interprocess
2014-02-09 01:43 . 2014-02-09 01:47 -------- d-----w- C:\AdwCleaner
2014-02-09 01:18 . 2014-02-09 01:21 -------- d-----w- c:\programdata\ProductData
2014-02-09 01:18 . 2014-02-09 01:18 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-02-09 01:15 . 2014-02-09 01:18 -------- d-----w- c:\programdata\IObit
2014-02-09 01:15 . 2014-02-09 01:19 -------- d-----w- c:\users\Porew\AppData\Roaming\IObit
2014-02-09 01:15 . 2014-02-09 01:48 -------- d-----w- c:\program files\IObit
2014-02-07 17:56 . 2014-02-07 17:56 -------- d-----w- c:\programdata\suns4
2014-02-07 17:48 . 2014-02-07 17:48 -------- d-----w- c:\programdata\Oracle
2014-02-07 17:47 . 2014-02-07 17:47 -------- d-----w- c:\program files\Common Files\Java
2014-02-07 17:46 . 2014-02-07 17:46 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-02-03 09:00 . 2014-01-22 10:52 12128 ----a-w- c:\windows\system32\drivers\5DriverHelper.sys
2014-02-03 09:00 . 2014-02-03 09:00 -------- d-----w- c:\programdata\91Mobile
2014-02-03 08:57 . 2014-02-03 08:57 -------- d-----w- c:\users\Porew\AppData\Roaming\DcrSysOpt
2014-02-03 08:57 . 2014-02-03 08:57 -------- d-----w- c:\programdata\DcrSysOpt
2014-02-03 08:57 . 2014-02-03 08:57 -------- d-----w- c:\users\Porew\AppData\Roaming\37wan
2014-02-03 08:57 . 2014-02-03 08:57 -------- d-----w- c:\users\Porew\AppData\Roaming\data
2014-02-03 08:46 . 2014-02-03 08:46 -------- d-----w- c:\users\Porew\AppData\Roaming\MPC-HC
2014-01-30 08:03 . 2014-01-30 08:03 -------- d-----w- c:\users\Porew\AppData\Roaming\TheBannerSaga
2014-01-25 07:25 . 2014-01-25 07:25 -------- d-----w- c:\program files\Combined Community Codec Pack
2014-01-15 11:07 . 2013-11-26 10:10 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 11:07 . 2013-11-26 11:11 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 11:07 . 2013-11-27 01:14 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 11:07 . 2013-11-27 01:13 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 11:07 . 2013-11-27 01:13 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 11:07 . 2013-11-27 01:13 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 11:07 . 2013-11-27 01:13 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 11:07 . 2013-11-27 01:13 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 11:07 . 2013-11-27 01:13 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-05 13:23 . 2012-09-12 08:52 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 13:23 . 2012-09-12 08:52 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-29 08:41 . 2013-12-29 08:41 26376 ------w- c:\windows\system32\apl004.sys
2013-12-29 08:41 . 2013-12-29 08:41 15112 ------w- c:\windows\system32\apf004.sys
2013-12-17 22:13 . 2012-08-24 03:55 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-03 16:14 . 2012-09-02 07:23 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-11-26 09:23 . 2013-12-11 16:47 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 09:22 . 2013-12-11 16:47 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53 . 2013-12-11 16:47 61952 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 08:52 . 2013-12-11 16:47 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29 . 2013-12-11 16:47 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 08:29 . 2013-12-11 16:47 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28 . 2013-12-11 16:47 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 16:47 4243968 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 07:32 . 2013-12-11 16:47 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 06:33 . 2013-12-11 16:47 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-11-23 18:26 . 2013-12-11 10:02 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-22 10:14 . 2012-08-26 14:11 59744 ----a-r- c:\users\Porew\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2013-11-20 16:33 . 2013-11-20 16:33 86016 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-20 16:33 . 2013-11-20 16:33 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-20 16:33 . 2013-11-20 16:33 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-20 16:33 . 2013-11-20 16:33 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-20 16:33 . 2013-11-20 16:33 645120 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-20 16:33 . 2013-11-20 16:33 62464 ----a-w- c:\windows\system32\tdc.ocx
2013-11-20 16:33 . 2013-11-20 16:33 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-20 16:33 . 2013-11-20 16:33 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-20 16:33 . 2013-11-20 16:33 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-11-20 16:33 . 2013-11-20 16:33 36352 ----a-w- c:\windows\system32\imgutil.dll
2013-11-20 16:33 . 2013-11-20 16:33 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-20 16:33 . 2013-11-20 16:33 337408 ----a-w- c:\windows\system32\html.iec
2013-11-20 16:33 . 2013-11-20 16:33 24576 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-20 16:33 . 2013-11-20 16:33 194048 ----a-w- c:\windows\system32\elshyph.dll
2013-11-20 16:33 . 2013-11-20 16:33 182272 ----a-w- c:\windows\system32\msls31.dll
2013-11-20 16:33 . 2013-11-20 16:33 151552 ----a-w- c:\windows\system32\iexpress.exe
2013-11-20 16:33 . 2013-11-20 16:33 139264 ----a-w- c:\windows\system32\wextract.exe
2013-11-20 16:33 . 2013-11-20 16:33 13312 ----a-w- c:\windows\system32\mshta.exe
2013-11-20 16:33 . 2013-11-20 16:33 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-20 16:33 . 2013-11-20 16:33 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7601.21669] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[-] 2011-02-25 . 6B164504B6E28E0104612F20C1D13CF9 . 2616320 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7601.17567] . . c:\windows\ACGDIYBAK\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7601.17567] . . c:\windows\ACGDIYBAK\2012826211321\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7601.17567] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-12-13 04:20 2602864 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-12-13 04:20 2602864 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-12-13 04:20 2602864 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1aCopyShExtError]
@="{83BEA36E-7680-4598-A4DF-994426F6E78D}"
[HKEY_CLASSES_ROOT\CLSID\{83BEA36E-7680-4598-A4DF-994426F6E78D}]
2013-12-12 10:16 3111424 ----a-w- c:\users\Porew\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2aCopyShExtSynced]
@="{845B7388-6F85-4F32-9FD5-F02DC7882B89}"
[HKEY_CLASSES_ROOT\CLSID\{845B7388-6F85-4F32-9FD5-F02DC7882B89}]
2013-12-12 10:16 3111424 ----a-w- c:\users\Porew\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3aCopyShExtSyncing]
@="{F6378A7A-F753-449B-AE1B-997A96132E61}"
[HKEY_CLASSES_ROOT\CLSID\{F6378A7A-F753-449B-AE1B-997A96132E61}]
2013-12-12 10:16 3111424 ----a-w- c:\users\Porew\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4aCopyShExtSyncingProg1]
@="{3A511828-777D-46F8-82F4-5B530C1B3D9E}"
[HKEY_CLASSES_ROOT\CLSID\{3A511828-777D-46F8-82F4-5B530C1B3D9E}]
2013-12-12 10:16 3111424 ----a-w- c:\users\Porew\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5aCopyShExtSyncingProg2]
@="{C8C88204-5B14-40EC-BA72-8AEBC762047E}"
[HKEY_CLASSES_ROOT\CLSID\{C8C88204-5B14-40EC-BA72-8AEBC762047E}]
2013-12-12 10:16 3111424 ----a-w- c:\users\Porew\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6aCopyShExtSyncingProg3]
@="{ACFF45C3-3EEB-4351-86C2-6696BA264239}"
[HKEY_CLASSES_ROOT\CLSID\{ACFF45C3-3EEB-4351-86C2-6696BA264239}]
2013-12-12 10:16 3111424 ----a-w- c:\users\Porew\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7aCopyShExtSyncingProg4]
@="{29AF997F-488B-46F0-AE78-7146F1B89CC3}"
[HKEY_CLASSES_ROOT\CLSID\{29AF997F-488B-46F0-AE78-7146F1B89CC3}]
2013-12-12 10:16 3111424 ----a-w- c:\users\Porew\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8aCopyShExtSyncingProg5]
@="{03F9AD29-1C78-4B66-8890-B177B5430C53}"
[HKEY_CLASSES_ROOT\CLSID\{03F9AD29-1C78-4B66-8890-B177B5430C53}]
2013-12-12 10:16 3111424 ----a-w- c:\users\Porew\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Porew\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Porew\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Porew\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Porew\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"websuns4"="c:\programdata\suns4\89AM005Y" [X]
"Akamai NetSession Interface"="c:\users\Porew\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2012-12-19 3093624]
"MSIDLL"="msiekx32.dll" [2013-03-16 653824]
"Copy"="c:\users\Porew\AppData\Roaming\Copy\CopyAgent.exe" [2014-02-07 13473936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" [2008-11-24 237693]
"Module Loader"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]
"Creative SB Monitoring Utility"="sbavmon.dll" [2008-12-01 94720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-05 43848]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-04-27 2637784]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-04-27 395384]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-12-10 472984]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-24 1075296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-04-30 421888]
"Adobe Creative Cloud"="c:\program files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-12-18 2239376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-06 152392]
.
c:\users\Porew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Porew\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
Facebook Messenger.lnk - c:\users\Porew\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R1 MoborobodriverHelper;MoborobodriverHelpe;SysWOW64\drivers\MoborobodriverHelper64.sys [x]
R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2013-12-03 2151200]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 apf004;apf004;c:\windows\system32\apf004.sys [2013-12-29 15112]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-08-23 79360]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-24 46432]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-26 108032]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2012-10-24 4702568]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys [2009-05-25 90280]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys [2009-05-25 15016]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys [2009-05-25 122280]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys [2009-05-25 115880]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys [2009-05-25 26024]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys [2009-05-25 111912]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys [2009-05-25 116904]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [x]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-24 1343400]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [2012-12-15 666720]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-09-22 125472]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-09-22 83392]
S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [2013-01-26 2627760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-12 242240]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-02-06 5120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-12 21096]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-12 25448]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2008-12-09 802176]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2011-09-02 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2011-09-02 12184]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0096.sys [2012-12-05 22264]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-09 394856]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-26 13:23]
.
2014-02-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2480959248-112055760-2502070270-1001Core.job
- c:\users\Porew\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-23 14:52]
.
2014-02-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2480959248-112055760-2502070270-1001UA.job
- c:\users\Porew\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-23 14:52]
.
2014-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2480959248-112055760-2502070270-1001Core.job
- c:\users\Porew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-23 13:39]
.
2014-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2480959248-112055760-2502070270-1001UA.job
- c:\users\Porew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-23 13:39]
.
.
------- Supplementary Scan -------
.
uStart Page = about:Tabs
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;<local>
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
HKCU-Run-Overwolf - c:\program files\Overwolf\Overwolf.exe
HKCU-Run-NCsoft Launcher - c:\program files\ncsoft\launcher\NCLauncher.exe
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-37wanホ葫 - c:\users\Porew\AppData\Roaming\37wan\wz\wz.exe
HKU-Default-Run-Advanced SystemCare 7 - c:\program files\IObit\Advanced SystemCare 7\ASCTray.exe
AddRemove-WxDFast - c:\programdata\WxDFast\WxDFast.exe
AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-11  19:18:26
ComboFix-quarantined-files.txt  2014-02-11 11:18
.
Pre-Run: 65,110,507,520 bytes free
Post-Run: 64,831,545,344 bytes free
.
- - End Of File - - 090719B3EC6F0A2937544E8CA4A1C7F3
A36C5E4F47E84449FF07ED3517B43A31

#7 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 11 February 2014 - 09:46 AM

COMBOFIX-Script
 

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    
FCopy::

c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe | C:\windows\explorer.exe

c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe | c:\windows\system32\dllcache\explorer.exe
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
 

 


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#8 porew

porew

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 11 February 2014 - 10:24 AM

ComboFix 14-02-11.01 - Porew 2/2014 Wed   0:14.2.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.932.81.1033.18.3071.1834 [GMT 8:00]
Running from: c:\users\Porew\Desktop\ComboFix.exe
Command switches used :: c:\users\Porew\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe --> c:\windows\explorer.exe
c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe --> c:\windows\system32\dllcache\explorer.exe
.
(((((((((((((((((((((((((   Files Created from 2014-01-11 to 2014-02-11  )))))))))))))))))))))))))))))))
.
.
2014-02-11 16:21 . 2014-02-11 16:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-02-11 16:21 . 2014-02-11 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-11 16:14 . 2014-02-11 16:14 -------- d-----w- c:\windows\system32\dllcache
2014-02-11 11:13 . 2014-02-11 11:13 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6948CCCB-AB46-49B9-8DFC-935DA165BE35}\offreg.dll
2014-02-11 11:07 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6948CCCB-AB46-49B9-8DFC-935DA165BE35}\mpengine.dll
2014-02-11 00:46 . 2014-02-11 00:46 -------- d-----w- C:\_OTL
2014-02-10 14:10 . 2014-02-10 14:10 -------- d-----w- c:\program files\iPod
2014-02-10 14:10 . 2014-02-10 14:11 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-10 14:10 . 2014-02-10 14:11 -------- d-----w- c:\program files\iTunes
2014-02-09 06:49 . 2014-02-09 06:49 -------- d-----w- c:\program files\SubaGames
2014-02-09 05:26 . 2014-02-11 14:12 -------- d-----w- c:\programdata\boost_interprocess
2014-02-09 01:43 . 2014-02-09 01:47 -------- d-----w- C:\AdwCleaner
2014-02-09 01:18 . 2014-02-09 01:21 -------- d-----w- c:\programdata\ProductData
2014-02-09 01:18 . 2014-02-09 01:18 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-02-09 01:15 . 2014-02-09 01:18 -------- d-----w- c:\programdata\IObit
2014-02-09 01:15 . 2014-02-09 01:19 -------- d-----w- c:\users\Porew\AppData\Roaming\IObit
2014-02-09 01:15 . 2014-02-09 01:48 -------- d-----w- c:\program files\IObit
2014-02-07 17:56 . 2014-02-07 17:56 -------- d-----w- c:\programdata\suns4
2014-02-07 17:48 . 2014-02-07 17:48 -------- d-----w- c:\programdata\Oracle
2014-02-07 17:47 . 2014-02-07 17:47 -------- d-----w- c:\program files\Common Files\Java
2014-02-07 17:46 . 2014-02-07 17:46 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-02-03 09:00 . 2014-01-22 10:52 12128 ----a-w- c:\windows\system32\drivers\5DriverHelper.sys
2014-02-03 09:00 . 2014-02-03 09:00 -------- d-----w- c:\programdata\91Mobile
2014-02-03 08:57 . 2014-02-03 08:57 -------- d-----w- c:\users\Porew\AppData\Roaming\DcrSysOpt
2014-02-03 08:57 . 2014-02-03 08:57 -------- d-----w- c:\programdata\DcrSysOpt
2014-02-03 08:57 . 2014-02-03 08:57 -------- d-----w- c:\users\Porew\AppData\Roaming\37wan
2014-02-03 08:57 . 2014-02-03 08:57 -------- d-----w- c:\users\Porew\AppData\Roaming\data
2014-02-03 08:46 . 2014-02-03 08:46 -------- d-----w- c:\users\Porew\AppData\Roaming\MPC-HC
2014-01-30 08:03 . 2014-01-30 08:03 -------- d-----w- c:\users\Porew\AppData\Roaming\TheBannerSaga
2014-01-25 07:25 . 2014-01-25 07:25 -------- d-----w- c:\program files\Combined Community Codec Pack
2014-01-15 11:07 . 2013-11-26 10:10 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 11:07 . 2013-11-26 11:11 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 11:07 . 2013-11-27 01:14 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 11:07 . 2013-11-27 01:13 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 11:07 . 2013-11-27 01:13 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 11:07 . 2013-11-27 01:13 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 11:07 . 2013-11-27 01:13 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 11:07 . 2013-11-27 01:13 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 11:07 . 2013-11-27 01:13 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-05 13:23 . 2012-09-12 08:52 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 13:23 . 2012-09-12 08:52 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-29 08:41 . 2013-12-29 08:41 26376 ------w- c:\windows\system32\apl004.sys
2013-12-29 08:41 . 2013-12-29 08:41 15112 ------w- c:\windows\system32\apf004.sys
2013-12-17 22:13 . 2012-08-24 03:55 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-03 16:14 . 2012-09-02 07:23 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-11-26 09:23 . 2013-12-11 16:47 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 09:22 . 2013-12-11 16:47 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53 . 2013-12-11 16:47 61952 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 08:52 . 2013-12-11 16:47 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29 . 2013-12-11 16:47 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 08:29 . 2013-12-11 16:47 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28 . 2013-12-11 16:47 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 16:47 4243968 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 07:32 . 2013-12-11 16:47 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 06:33 . 2013-12-11 16:47 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-11-23 18:26 . 2013-12-11 10:02 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-22 10:14 . 2012-08-26 14:11 59744 ----a-r- c:\users\Porew\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2013-11-20 16:33 . 2013-11-20 16:33 86016 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-20 16:33 . 2013-11-20 16:33 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-20 16:33 . 2013-11-20 16:33 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-20 16:33 . 2013-11-20 16:33 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-20 16:33 . 2013-11-20 16:33 645120 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-20 16:33 . 2013-11-20 16:33 62464 ----a-w- c:\windows\system32\tdc.ocx
2013-11-20 16:33 . 2013-11-20 16:33 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-20 16:33 . 2013-11-20 16:33 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-20 16:33 . 2013-11-20 16:33 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-11-20 16:33 . 2013-11-20 16:33 36352 ----a-w- c:\windows\system32\imgutil.dll
2013-11-20 16:33 . 2013-11-20 16:33 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-20 16:33 . 2013-11-20 16:33 337408 ----a-w- c:\windows\system32\html.iec
2013-11-20 16:33 . 2013-11-20 16:33 24576 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-20 16:33 . 2013-11-20 16:33 194048 ----a-w- c:\windows\system32\elshyph.dll
2013-11-20 16:33 . 2013-11-20 16:33 182272 ----a-w- c:\windows\system32\msls31.dll
2013-11-20 16:33 . 2013-11-20 16:33 151552 ----a-w- c:\windows\system32\iexpress.exe
2013-11-20 16:33 . 2013-11-20 16:33 139264 ----a-w- c:\windows\system32\wextract.exe
2013-11-20 16:33 . 2013-11-20 16:33 13312 ----a-w- c:\windows\system32\mshta.exe
2013-11-20 16:33 . 2013-11-20 16:33 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-20 16:33 . 2013-11-20 16:33 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-12-13 04:20 2602864 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-12-13 04:20 2602864 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-12-13 04:20 2602864 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1aCopyShExtError]
@="{83BEA36E-7680-4598-A4DF-994426F6E78D}"
[HKEY_CLASSES_ROOT\CLSID\{83BEA36E-7680-4598-A4DF-994426F6E78D}]
2013-12-12 10:16 3111424 ----a-w- c:\users\Porew\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2aCopyShExtSynced]
@="{845B7388-6F85-4F32-9FD5-F02DC7882B89}"
[HKEY_CLASSES_ROOT\CLSID\{845B7388-6F85-4F32-9FD5-F02DC7882B89}]
2013-12-12 10:16 3111424 ----a-w- c:\users\Porew\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3aCopyShExtSyncing]
@="{F6378A7A-F753-449B-AE1B-997A96132E61}"
[HKEY_CLASSES_ROOT\CLSID\{F6378A7A-F753-449B-AE1B-997A96132E61}]
2013-12-12 10:16 3111424 ----a-w- c:\users\Porew\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4aCopyShExtSyncingProg1]
@="{3A511828-777D-46F8-82F4-5B530C1B3D9E}"
[HKEY_CLASSES_ROOT\CLSID\{3A511828-777D-46F8-82F4-5B530C1B3D9E}]
2013-12-12 10:16 3111424 ----a-w- c:\users\Porew\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5aCopyShExtSyncingProg2]
@="{C8C88204-5B14-40EC-BA72-8AEBC762047E}"
[HKEY_CLASSES_ROOT\CLSID\{C8C88204-5B14-40EC-BA72-8AEBC762047E}]
2013-12-12 10:16 3111424 ----a-w- c:\users\Porew\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6aCopyShExtSyncingProg3]
@="{ACFF45C3-3EEB-4351-86C2-6696BA264239}"
[HKEY_CLASSES_ROOT\CLSID\{ACFF45C3-3EEB-4351-86C2-6696BA264239}]
2013-12-12 10:16 3111424 ----a-w- c:\users\Porew\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7aCopyShExtSyncingProg4]
@="{29AF997F-488B-46F0-AE78-7146F1B89CC3}"
[HKEY_CLASSES_ROOT\CLSID\{29AF997F-488B-46F0-AE78-7146F1B89CC3}]
2013-12-12 10:16 3111424 ----a-w- c:\users\Porew\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8aCopyShExtSyncingProg5]
@="{03F9AD29-1C78-4B66-8890-B177B5430C53}"
[HKEY_CLASSES_ROOT\CLSID\{03F9AD29-1C78-4B66-8890-B177B5430C53}]
2013-12-12 10:16 3111424 ----a-w- c:\users\Porew\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Porew\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Porew\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Porew\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Porew\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"websuns4"="c:\programdata\suns4\89AM005Y" [X]
"Akamai NetSession Interface"="c:\users\Porew\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2012-12-19 3093624]
"MSIDLL"="msiekx32.dll" [2013-03-16 653824]
"Copy"="c:\users\Porew\AppData\Roaming\Copy\CopyAgent.exe" [2014-02-07 13473936]
"37wanホ葫"="c:\users\Porew\AppData\Roaming\37wan\wz\wz.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" [2008-11-24 237693]
"Module Loader"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]
"Creative SB Monitoring Utility"="sbavmon.dll" [2008-12-01 94720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-05 43848]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-04-27 2637784]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-04-27 395384]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-12-10 472984]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-24 1075296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-04-30 421888]
"Adobe Creative Cloud"="c:\program files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-12-18 2239376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-06 152392]
.
c:\users\Porew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Porew\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
Facebook Messenger.lnk - c:\users\Porew\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R1 MoborobodriverHelper;MoborobodriverHelpe;SysWOW64\drivers\MoborobodriverHelper64.sys [x]
R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2013-12-03 2151200]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 apf004;apf004;c:\windows\system32\apf004.sys [2013-12-29 15112]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-08-23 79360]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-24 46432]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-26 108032]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2012-10-24 4702568]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys [2009-05-25 90280]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys [2009-05-25 15016]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys [2009-05-25 122280]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys [2009-05-25 115880]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys [2009-05-25 26024]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys [2009-05-25 111912]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys [2009-05-25 116904]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [x]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-24 1343400]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [2012-12-15 666720]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-09-22 125472]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-09-22 83392]
S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [2013-01-26 2627760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-12 242240]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-02-06 5120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-12 21096]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-12 25448]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2008-12-09 802176]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2011-09-02 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2011-09-02 12184]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0096.sys [2012-12-05 22264]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-09 394856]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-26 13:23]
.
2014-02-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2480959248-112055760-2502070270-1001Core.job
- c:\users\Porew\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-23 14:52]
.
2014-02-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2480959248-112055760-2502070270-1001UA.job
- c:\users\Porew\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-23 14:52]
.
2014-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2480959248-112055760-2502070270-1001Core.job
- c:\users\Porew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-23 13:39]
.
2014-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2480959248-112055760-2502070270-1001UA.job
- c:\users\Porew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-23 13:39]
.
.
------- Supplementary Scan -------
.
uStart Page = about:Tabs
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;<local>
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-12  00:23:24
ComboFix-quarantined-files.txt  2014-02-11 16:23
ComboFix2.txt  2014-02-11 11:18
.
Pre-Run: 64,557,105,152 bytes free
Post-Run: 64,494,985,216 bytes free
.
- - End Of File - - EF1888852F74B97019AE1884CD58F22A
A36C5E4F47E84449FF07ED3517B43A31

#9 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 11 February 2014 - 12:38 PM

Good.

 

Now let's sweep out the dross.

 

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 2

Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

Step 3
Please download Malwarebytes' Anti-Malware to your desktop.
 


  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).

 


In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log

 


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#10 porew

porew

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 12 February 2014 - 05:33 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Professional x86
Ran by Porew on 02/12/2014 Wed at 19:10:13.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\asbarbroker.bdbroker
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\asbarbroker.bdbroker.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2480959248-112055760-2502070270-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Porew\appdata\local\directdownloader"
Successfully deleted: [Folder] "C:\Users\Porew\appdata\local\slick savings"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/12/2014 Wed at 19:12:40.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



# AdwCleaner v3.018 - Report created 12/02/2014 at 19:17:47
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Porew - POREW-PC
# Running from : C:\Users\Porew\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v
 
[ File : C:\Users\Porew\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [9669 octets] - [09/02/2014 09:43:27]
AdwCleaner[R1].txt - [9729 octets] - [09/02/2014 09:45:55]
AdwCleaner[R2].txt - [953 octets] - [12/02/2014 19:16:50]
AdwCleaner[S0].txt - [9343 octets] - [09/02/2014 09:46:46]
AdwCleaner[S1].txt - [875 octets] - [12/02/2014 19:17:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [934 octets] ##########


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.12.04
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Porew :: POREW-PC [administrator]
 
2/12/2014 7:20:01 PM
mbam-log-2014-02-12 (19-20-01).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237727
Time elapsed: 8 minute(s), 14 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 1
C:\Windows\System32\msiekx32.dll (Trojan.Agent) -> Delete on reboot.
 
Registry Keys Detected: 5
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Optional.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Optional.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Optional.Funshion) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75} (PUP.Optional.Funshion) -> Quarantined and deleted successfully.
HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Optional.Funshion) -> Quarantined and deleted successfully.
 
Registry Values Detected: 1
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MSIDLL (Trojan.Agent) -> Data: rundll32.exe msiekx32.dll,run -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
C:\ProgramData\InstallMate\OptimizerPro (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
 
Files Detected: 10
C:\ProgramData\InstallMate\{A9C769B1-1EAE-437C-A197-568C72244B47}\Custom.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\OpenBitCoin\obcupd.exe (PUP.BitCoinMiner) -> Quarantined and deleted successfully.
C:\Windows\System32\msiekx32.dll (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\InstallMate\OptimizerPro\Custom.dll (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\OptimizerPro\Readme.txt (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\OptimizerPro\Setup.dat (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\OptimizerPro\Setup.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\OptimizerPro\Setup.ico (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\OptimizerPro\TsuDll.dll (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\OptimizerPro\_Setup.dll (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
 
(end)
 

    Advertisements

Register to Remove

#11 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 12 February 2014 - 09:25 AM

Good.

 

Let's get an online scan.  This will take hours to run.

 

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: EOLS1.gif

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option   YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 

 

Also, please let me know how things seem to be running now.


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#12 porew

porew

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 12 February 2014 - 02:06 PM

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=196856fd2fda424386d5d751847388e2
# engine=17045
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-12 05:17:35
# local_time=2014-02-13 01:17:35 (+0800, Malay Peninsula Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 21581 143856646 0 0
# scanned=170044
# found=31
# cleaned=0
# scan_time=5735
sh=EB0FFBD00CE81473580960CB631E8BCB0DF25363 ft=1 fh=4f99459f14a5e2d4 vn="Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Application Updater\ApplicationUpdater.exe.vir"
sh=7C5AB9F60143CB277AA423E3C55787D636328F29 ft=1 fh=c2682fc7988677f1 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\spigot\Search Settings\SearchSettings.exe.vir"
sh=01601864D15B1DE13891E105953DCC4FA93AC66F ft=1 fh=45c0a29ac4ab99ad vn="a variant of Win64/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\spigot\Search Settings\SearchSettings64.exe.vir"
sh=67F216543767669CA8C00616A3DFE44316AA858A ft=1 fh=3b5e5715eacafafa vn="Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\spigot\Search Settings\wth176.dll.vir"
sh=1C073FD34FD597F677E31DF8831A89F1EA0A484F ft=1 fh=c839902e211d412e vn="Win64/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\spigot\Search Settings\wthx176.dll.vir"
sh=AE347EA987803F01FD415262A2002E3BEB69E041 ft=1 fh=4694d227a2233c38 vn="Win32/GenUpdater potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe.vir"
sh=6C5F221B49AD2693D21EE0528FE6286A410D7517 ft=1 fh=fdf8e68f729f4ef4 vn="a variant of Win32/Adware.MultiPlug.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\cconntinuuetoossavee\51a61b0c04f21.dll.vir"
sh=6B2BA4FB670452206B0D47365F2F5953A32AA77F ft=1 fh=1e12043e7c643432 vn="Win32/GenUpdater potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Premium\OptimizerPro1\runtime.dll.vir"
sh=078FB2A3E5DE54C3737A4541242A4725C02C6B9C ft=1 fh=d760d12103e04038 vn="a variant of Win32/Adware.MultiPlug.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\safe  savEE\51e20dac81420.dll.vir"
sh=078FB2A3E5DE54C3737A4541242A4725C02C6B9C ft=1 fh=d760d12103e04038 vn="a variant of Win32/Adware.MultiPlug.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SearchNewTab\51e20de50361d.dll.vir"
sh=A883CCC9F69305E3FE07297E036BABF446E104FA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wxDfast\background.html.vir"
sh=8E842BF068B04F36475A3BF86C5EA6A9839BBB5E ft=1 fh=e5da1a6b62afb1d7 vn="Win32/Adware.MultiPlug application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wxDfast\bhoclass.dll.vir"
sh=40FA3D98B88E8478F24510A67A5A4365D5D1A07F ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wxDfast\cghaehhepjbkmgncchllkobioapfjcac.crx.vir"
sh=5F83EC091F2E56C574A626FFEF768EFB632D7EDE ft=1 fh=4031d79ff4418eb0 vn="Win32/GenUpdater potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wxDfast\runtime.dll.vir"
sh=1E246B8649EB422FE678A107667DC1C6932EC2A9 ft=1 fh=b9875c38bf01df1c vn="Win32/GenUpdater potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wxDfast\WxDFast.exe.vir"
sh=A1BE1BB03CD1061B694C06B241E2BB9EB9978A95 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wxDownload\fmdnbdlmdibnahmjeijlhlgepndheafk.crx.vir"
sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Porew\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=7F260E14E0C817195F3A905CFBFCDB0F9C25B3B8 ft=1 fh=12a3c7993c198000 vn="a variant of Win32/HackTool.Crack.BL potentially unsafe application" ac=I fn="C:\Program Files\Agarest Generations of War\steam_api.dll"
sh=F793E42097B7C6A05D9E9EB35DF18600DDF32C96 ft=1 fh=893c682395d4a4ae vn="Win32/HackTool.CheatEngine.AB potentially unsafe application" ac=I fn="C:\Program Files\Gokuaku\trainer_english.exe"
sh=B318CDCB44A19E999FA55DAA8726DE8F3EAF024B ft=1 fh=1670e15e1ca4e768 vn="a variant of Win32/BitCoinMiner.I potentially unsafe application" ac=I fn="C:\Program Files\OpenBitCoin\daemon.exe"
sh=6FB286ED1A8170621143A1517455D771A31EC3C0 ft=1 fh=4cae41e2963dd76d vn="a variant of Win32/BitCoinMiner.I potentially unsafe application" ac=I fn="C:\Program Files\OpenBitCoin\obcupd.exe"
sh=6FB286ED1A8170621143A1517455D771A31EC3C0 ft=1 fh=4cae41e2963dd76d vn="a variant of Win32/BitCoinMiner.I potentially unsafe application" ac=I fn="C:\Program Files\OpenBitCoin\updater.exe"
sh=9233C3E8CA6C723EEDB60A9F3FEDEEE4F6DBBD4B ft=1 fh=94819bbbd391db5a vn="a variant of Win32/BitCoinMiner.I potentially unsafe application" ac=I fn="C:\ProgramData\OpenBitCoin\daemon.exe"
sh=55C87EAEAB2B0C0EBE410524AC60B2681CD68352 ft=1 fh=5c301d3ae05d5429 vn="a variant of Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{37495FB1-ABCC-447C-9ED3-0E84EF47151E}\RP407\A0244459.dll"
sh=25748CB4A67856FF52E6A7475D79B56F59785B4B ft=1 fh=187512ea3fa27dfc vn="Win32/SoftonicDownloader.D potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{37495FB1-ABCC-447C-9ED3-0E84EF47151E}\RP426\A0248347.exe"
sh=9233C3E8CA6C723EEDB60A9F3FEDEEE4F6DBBD4B ft=1 fh=94819bbbd391db5a vn="a variant of Win32/BitCoinMiner.I potentially unsafe application" ac=I fn="C:\Users\All Users\OpenBitCoin\daemon.exe"
sh=28472ECFC110799183BE8EB51A0CEE12B546F52D ft=1 fh=51d25f99e23b9d4d vn="Win32/Somoto.A potentially unwanted application" ac=I fn="C:\Users\Porew\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000"
sh=28472ECFC110799183BE8EB51A0CEE12B546F52D ft=1 fh=51d25f99e23b9d4d vn="Win32/Somoto.A potentially unwanted application" ac=I fn="C:\Users\Porew\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000001"
sh=28472ECFC110799183BE8EB51A0CEE12B546F52D ft=1 fh=51d25f99e23b9d4d vn="Win32/Somoto.A potentially unwanted application" ac=I fn="C:\Users\Porew\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000002"
sh=6EE45A5E7180F213F37A563B28840CF68AC15342 ft=1 fh=699218179de539fd vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\Users\Porew\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000"
sh=D70460685B573C217FF1FED932EA175A949D5F3C ft=1 fh=c4f86b35d8fb8723 vn="a variant of Win32/Nebuler.DA trojan" ac=I fn="C:\Windows\System32\msitry32.dll"



the mhsta pop-up is still here

#13 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 12 February 2014 - 02:59 PM

COMBOFIX-Script
 

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    
File::

C:\Program Files\Gokuaku\trainer_english.exe

C:\Windows\System32\msitry32.dll

C:\Windows\tasks\schedule!3036567561.job
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
 

 


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#14 porew

porew

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 13 February 2014 - 06:47 AM

sadly the pop-up is still there 
 

ComboFix 14-02-12.01 - Porew 3/2014 Thu  20:23:46.3.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.932.81.1033.18.3071.1437 [GMT 8:00]
Running from: c:\users\Porew\Desktop\ComboFix.exe
Command switches used :: c:\users\Porew\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Gokuaku\trainer_english.exe"
"c:\windows\System32\msitry32.dll"
"c:\windows\tasks\schedule!3036567561.job"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Gokuaku\trainer_english.exe
c:\windows\System32\msitry32.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-13 to 2014-02-13  )))))))))))))))))))))))))))))))
.
.
2014-02-13 12:33 . 2014-02-13 12:33 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-02-13 12:33 . 2014-02-13 12:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-12 19:02 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-02-12 15:39 . 2014-02-12 15:39 -------- d-----w- c:\program files\ESET
2014-02-12 13:39 . 2014-02-12 13:39 -------- d-----w- c:\programdata\boost_interprocess
2014-02-12 11:16 . 2014-02-12 11:16 -------- d-----w- c:\users\Porew\AppData\Roaming\Malwarebytes
2014-02-12 11:15 . 2014-02-12 11:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-12 11:15 . 2014-02-12 11:15 -------- d-----w- c:\programdata\Malwarebytes
2014-02-12 11:15 . 2013-04-04 06:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-12 11:10 . 2014-02-12 11:10 -------- d-----w- c:\windows\ERUNT
2014-02-11 16:14 . 2014-02-11 16:14 -------- d-----w- c:\windows\system32\dllcache
2014-02-11 11:07 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6948CCCB-AB46-49B9-8DFC-935DA165BE35}\mpengine.dll
2014-02-11 00:46 . 2014-02-11 00:46 -------- d-----w- C:\_OTL
2014-02-10 14:10 . 2014-02-10 14:10 -------- d-----w- c:\program files\iPod
2014-02-10 14:10 . 2014-02-10 14:11 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-10 14:10 . 2014-02-10 14:11 -------- d-----w- c:\program files\iTunes
2014-02-09 06:49 . 2014-02-09 06:49 -------- d-----w- c:\program files\SubaGames
2014-02-09 01:43 . 2014-02-12 11:17 -------- d-----w- C:\AdwCleaner
2014-02-09 01:18 . 2014-02-09 01:21 -------- d-----w- c:\programdata\ProductData
2014-02-09 01:18 . 2014-02-09 01:18 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-02-09 01:15 . 2014-02-09 01:18 -------- d-----w- c:\programdata\IObit
2014-02-09 01:15 . 2014-02-09 01:19 -------- d-----w- c:\users\Porew\AppData\Roaming\IObit
2014-02-09 01:15 . 2014-02-09 01:48 -------- d-----w- c:\program files\IObit
2014-02-07 17:56 . 2014-02-07 17:56 -------- d-----w- c:\programdata\suns4
2014-02-07 17:48 . 2014-02-07 17:48 -------- d-----w- c:\programdata\Oracle
2014-02-07 17:47 . 2014-02-07 17:47 -------- d-----w- c:\program files\Common Files\Java
2014-02-07 17:46 . 2014-02-07 17:46 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-02-03 09:00 . 2014-01-22 10:52 12128 ----a-w- c:\windows\system32\drivers\5DriverHelper.sys
2014-02-03 09:00 . 2014-02-03 09:00 -------- d-----w- c:\programdata\91Mobile
2014-02-03 08:57 . 2014-02-03 08:57 -------- d-----w- c:\users\Porew\AppData\Roaming\DcrSysOpt
2014-02-03 08:57 . 2014-02-03 08:57 -------- d-----w- c:\programdata\DcrSysOpt
2014-02-03 08:57 . 2014-02-03 08:57 -------- d-----w- c:\users\Porew\AppData\Roaming\37wan
2014-02-03 08:57 . 2014-02-03 08:57 -------- d-----w- c:\users\Porew\AppData\Roaming\data
2014-02-03 08:46 . 2014-02-03 08:46 -------- d-----w- c:\users\Porew\AppData\Roaming\MPC-HC
2014-01-30 08:03 . 2014-01-30 08:03 -------- d-----w- c:\users\Porew\AppData\Roaming\TheBannerSaga
2014-01-25 07:25 . 2014-01-25 07:25 -------- d-----w- c:\program files\Combined Community Codec Pack
2014-01-15 11:07 . 2013-11-26 10:10 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 11:07 . 2013-11-26 11:11 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 11:07 . 2013-11-27 01:14 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 11:07 . 2013-11-27 01:13 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 11:07 . 2013-11-27 01:13 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 11:07 . 2013-11-27 01:13 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 11:07 . 2013-11-27 01:13 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 11:07 . 2013-11-27 01:13 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 11:07 . 2013-11-27 01:13 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-05 13:23 . 2012-09-12 08:52 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 13:23 . 2012-09-12 08:52 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-29 08:41 . 2013-12-29 08:41 26376 ------w- c:\windows\system32\apl004.sys
2013-12-29 08:41 . 2013-12-29 08:41 15112 ------w- c:\windows\system32\apf004.sys
2013-12-17 22:13 . 2012-08-24 03:55 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-03 16:14 . 2012-09-02 07:23 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-11-23 18:26 . 2013-12-11 10:02 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-22 10:14 . 2012-08-26 14:11 59744 ----a-r- c:\users\Porew\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2013-11-20 16:33 . 2013-11-20 16:33 86016 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-20 16:33 . 2013-11-20 16:33 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-20 16:33 . 2013-11-20 16:33 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-20 16:33 . 2013-11-20 16:33 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-20 16:33 . 2013-11-20 16:33 645120 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-20 16:33 . 2013-11-20 16:33 62464 ----a-w- c:\windows\system32\tdc.ocx
2013-11-20 16:33 . 2013-11-20 16:33 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-20 16:33 . 2013-11-20 16:33 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-20 16:33 . 2013-11-20 16:33 36352 ----a-w- c:\windows\system32\imgutil.dll
2013-11-20 16:33 . 2013-11-20 16:33 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-20 16:33 . 2013-11-20 16:33 337408 ----a-w- c:\windows\system32\html.iec
2013-11-20 16:33 . 2013-11-20 16:33 24576 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-20 16:33 . 2013-11-20 16:33 194048 ----a-w- c:\windows\system32\elshyph.dll
2013-11-20 16:33 . 2013-11-20 16:33 182272 ----a-w- c:\windows\system32\msls31.dll
2013-11-20 16:33 . 2013-11-20 16:33 151552 ----a-w- c:\windows\system32\iexpress.exe
2013-11-20 16:33 . 2013-11-20 16:33 139264 ----a-w- c:\windows\system32\wextract.exe
2013-11-20 16:33 . 2013-11-20 16:33 13312 ----a-w- c:\windows\system32\mshta.exe
2013-11-20 16:33 . 2013-11-20 16:33 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-20 16:33 . 2013-11-20 16:33 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-12-13 04:20 2602864 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-12-13 04:20 2602864 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-12-13 04:20 2602864 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1aCopyShExtError]
@="{83BEA36E-7680-4598-A4DF-994426F6E78D}"
[HKEY_CLASSES_ROOT\CLSID\{83BEA36E-7680-4598-A4DF-994426F6E78D}]
2013-12-12 10:16 3111424 ----a-w- c:\users\Porew\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2aCopyShExtSynced]
@="{845B7388-6F85-4F32-9FD5-F02DC7882B89}"
[HKEY_CLASSES_ROOT\CLSID\{845B7388-6F85-4F32-9FD5-F02DC7882B89}]
2013-12-12 10:16 3111424 ----a-w- c:\users\Porew\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3aCopyShExtSyncing]
@="{F6378A7A-F753-449B-AE1B-997A96132E61}"
[HKEY_CLASSES_ROOT\CLSID\{F6378A7A-F753-449B-AE1B-997A96132E61}]
2013-12-12 10:16 3111424 ----a-w- c:\users\Porew\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4aCopyShExtSyncingProg1]
@="{3A511828-777D-46F8-82F4-5B530C1B3D9E}"
[HKEY_CLASSES_ROOT\CLSID\{3A511828-777D-46F8-82F4-5B530C1B3D9E}]
2013-12-12 10:16 3111424 ----a-w- c:\users\Porew\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5aCopyShExtSyncingProg2]
@="{C8C88204-5B14-40EC-BA72-8AEBC762047E}"
[HKEY_CLASSES_ROOT\CLSID\{C8C88204-5B14-40EC-BA72-8AEBC762047E}]
2013-12-12 10:16 3111424 ----a-w- c:\users\Porew\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6aCopyShExtSyncingProg3]
@="{ACFF45C3-3EEB-4351-86C2-6696BA264239}"
[HKEY_CLASSES_ROOT\CLSID\{ACFF45C3-3EEB-4351-86C2-6696BA264239}]
2013-12-12 10:16 3111424 ----a-w- c:\users\Porew\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7aCopyShExtSyncingProg4]
@="{29AF997F-488B-46F0-AE78-7146F1B89CC3}"
[HKEY_CLASSES_ROOT\CLSID\{29AF997F-488B-46F0-AE78-7146F1B89CC3}]
2013-12-12 10:16 3111424 ----a-w- c:\users\Porew\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8aCopyShExtSyncingProg5]
@="{03F9AD29-1C78-4B66-8890-B177B5430C53}"
[HKEY_CLASSES_ROOT\CLSID\{03F9AD29-1C78-4B66-8890-B177B5430C53}]
2013-12-12 10:16 3111424 ----a-w- c:\users\Porew\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Porew\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Porew\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Porew\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Porew\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"websuns4"="c:\programdata\suns4\89AM005Y" [X]
"Akamai NetSession Interface"="c:\users\Porew\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2012-12-19 3093624]
"Copy"="c:\users\Porew\AppData\Roaming\Copy\CopyAgent.exe" [2014-02-07 13473936]
"37wanホ葫"="c:\users\Porew\AppData\Roaming\37wan\wz\wz.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" [2008-11-24 237693]
"Module Loader"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]
"Creative SB Monitoring Utility"="sbavmon.dll" [2008-12-01 94720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-05 43848]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-04-27 2637784]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-04-27 395384]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-12-10 472984]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-24 1075296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-04-30 421888]
"Adobe Creative Cloud"="c:\program files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-12-18 2239376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-06 152392]
.
c:\users\Porew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Porew\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
Facebook Messenger.lnk - c:\users\Porew\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R1 MoborobodriverHelper;MoborobodriverHelpe;SysWOW64\drivers\MoborobodriverHelper64.sys [x]
R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2013-12-03 2151200]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 apf004;apf004;c:\windows\system32\apf004.sys [2013-12-29 15112]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-08-23 79360]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-24 46432]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-02-06 108032]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2012-10-24 4702568]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys [2009-05-25 90280]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys [2009-05-25 15016]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys [2009-05-25 122280]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys [2009-05-25 115880]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys [2009-05-25 26024]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys [2009-05-25 111912]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys [2009-05-25 116904]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [x]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-24 1343400]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [2012-12-15 666720]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-09-22 125472]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-09-22 83392]
S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [2013-01-26 2627760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-12 242240]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-02-06 5120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-12 21096]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-12 25448]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2008-12-09 802176]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2011-09-02 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2011-09-02 12184]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0096.sys [2012-12-05 22264]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-09 394856]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-26 13:23]
.
2014-02-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2480959248-112055760-2502070270-1001Core.job
- c:\users\Porew\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-23 14:52]
.
2014-02-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2480959248-112055760-2502070270-1001UA.job
- c:\users\Porew\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-23 14:52]
.
2014-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2480959248-112055760-2502070270-1001Core.job
- c:\users\Porew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-23 13:39]
.
2014-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2480959248-112055760-2502070270-1001UA.job
- c:\users\Porew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-23 13:39]
.
.
------- Supplementary Scan -------
.
uStart Page = about:Tabs
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;<local>
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-13  20:35:30
ComboFix-quarantined-files.txt  2014-02-13 12:35
ComboFix2.txt  2014-02-11 16:23
ComboFix3.txt  2014-02-11 11:18
.
Pre-Run: 100,057,137,152 bytes free
Post-Run: 99,670,200,320 bytes free
.
- - End Of File - - 6AE1A7FD120220F61B56DB1B999E7103
A36C5E4F47E84449FF07ED3517B43A31

#15 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 13 February 2014 - 09:14 AM

Let's try this:

 

 

  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    RGKRScan.png
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    RGKRDelete.png
  • Next click on the ShortcutsFix
    RGKRShortcutsFix.png
  • another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.
 
 
 

 


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·