Delta Search and Babylon keep returning

Solved
By Marie Olgin
Jun 19, 2013
  1. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    OTL Extras logfile created on: 6/23/2013 2:35:51 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marie\Dropbox\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.99 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 66.75% Memory free
    12.09 Gb Paging File | 9.88 Gb Available in Paging File | 81.70% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 450.69 Gb Total Space | 80.73 Gb Free Space | 17.91% Space Free | Partition Type: NTFS
    Drive D: | 15.00 Gb Total Space | 7.26 Gb Free Space | 48.43% Space Free | Partition Type: NTFS

    Computer Name: ADMIN-PC | User Name: Marie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = D8 05 5F 39 DC 72 CA 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0BC983C1-D2ED-4EEA-ACE4-44CAB460453A}" = lport=40080 | protocol=6 | dir=in | name=remote access media server |
    "{110D04DF-28E7-41ED-88E1-BA4A2AE4E817}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1149577D-7090-4BA2-8E3E-32F5DD3A34CB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{13DE940B-16B8-4EAF-BA1F-9C156A501CF4}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam |
    "{14C6B14C-6C6C-40FD-A418-9982B7BCB84C}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam |
    "{1A193BC1-BA4A-42B3-B6EE-27B3DDEA6657}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{1C0F61C5-549C-4BF9-BB5A-8A87A25A5CF7}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{1F069A56-1736-417C-846C-3ACA03F6AA4F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{20485A4C-AC31-4A46-936B-F88F8411F5B7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{229B2E81-854D-49DC-A98D-31CE85C94DD4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{237238F4-16BB-4286-A707-B0CDC45FDA60}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{240AECE1-11F2-4D28-AFC4-6E63282ED355}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{249ABFD8-F1C8-444B-8658-243448E66B57}" = rport=10244 | protocol=6 | dir=out | app=system |
    "{298D3D02-8898-4C3F-88E1-FC63B030C769}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{3B68D5D6-1D32-453B-A0FF-F525A2C27A25}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{4B46D378-10BF-441C-90BF-5A10E2861EF6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4DAD5103-47C9-4275-AFF6-808F90EEEEAC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{576177F4-2673-44DD-9643-36A07B9C4198}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{5823C674-CB03-415D-A51F-89326B74B578}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{59F0196D-E289-4781-9420-18FC70C58484}" = rport=10244 | protocol=6 | dir=out | app=system |
    "{5B07E1C4-75A1-436E-99E5-4B837FD29D72}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5B95956B-4AA6-42B6-A588-A963934B3596}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{5CC51B66-F238-47A3-97E6-8016758739BD}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{5CD83181-EF29-4DE2-BC7B-950F4D9561BF}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{671CB1A2-BB7C-4706-AD28-18FBD3953A36}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{69584812-26B5-4495-A408-141590AB4E1C}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6C06B41E-FB5B-414E-AC3C-4614EA59141F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{6E3EB9F5-8EF9-4CBE-8003-DB6F68291206}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{6FAE0A13-B61E-4F1C-A227-4455AFBAF53E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{75833F58-3DB7-418C-A860-1AAA185D068D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{7A502ED7-B0FD-4670-A5A0-6D652CA731CD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{7BEEC133-CF89-493C-A275-2468DEDFAA84}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{7D9DA985-0468-40D1-A5AE-B00068F96AF1}" = rport=137 | protocol=17 | dir=out | app=system |
    "{803DEF6F-70EE-4EF7-8692-4B6C5056EC1D}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{8921C703-804A-46B8-B8D3-9ABB5879E1A0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{8B97571F-4231-4996-A6B9-1D79C7D01B01}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{8CD521D3-8DDA-44FD-9DCB-6DEABD7064F5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{911C62C5-68EC-4A24-AD49-05C353ACBAAE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{915AD26A-8313-4761-90F0-D66A2754D128}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam |
    "{92CB85C2-A36D-444C-9F65-664ED7817AF7}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{948685E0-C3D5-49FF-9E20-B3EF38A749AD}" = lport=137 | protocol=17 | dir=in | app=system |
    "{975870A2-37B6-4045-A117-114150FFB4D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{98C5646F-113F-4277-A04D-5F79FCE39C50}" = lport=445 | protocol=6 | dir=in | app=system |
    "{99B6D8BC-A74E-40DE-9102-744DC9F0BAA1}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{A03150AE-694A-45BB-B740-C3E0ED63F624}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A54AE22F-E02F-44CE-9AA1-732899BEC615}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{A96038A0-8A35-45DB-897E-E00B2E296212}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam |
    "{A97E1231-7D50-4C7F-A674-9CFDAA9F5452}" = rport=138 | protocol=17 | dir=out | app=system |
    "{B0AFC472-B3F3-4DF9-962D-A91475608F32}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{B43887CD-5A9F-4BBE-85E2-B20ABF63E469}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B4EE9705-6FA5-4A10-9758-FF10EBDE47D9}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam |
    "{B4FF6FFA-5ED3-4C5B-96AB-8CBE238790B1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B827D519-E246-4720-BBEF-4DF6790B06BF}" = lport=139 | protocol=6 | dir=in | app=system |
    "{BB252072-9640-4828-982B-C5EC61BA3BF2}" = lport=138 | protocol=17 | dir=in | app=system |
    "{BFC6093B-423A-45A8-99EB-695CDC9C1E05}" = lport=5900 | protocol=6 | dir=in | name=ultravnc server |
    "{C4D0E297-1BD5-4D5A-969E-823ADC4EBF8F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CA5D5104-4519-45EE-8CA0-3C35221CA4A1}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{D4D17E36-A99B-4B0E-BFFB-6C8C7F470FEC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{DBEE46A1-74AC-4B85-9DE3-7937A1992B4C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{DF0BF26B-42C8-4393-ABC7-A763BD787406}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E878FFF0-E9C4-48D9-B5C0-12EEBC35CB8A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EBB98E53-05E8-4D8F-ABF0-35C3F2791026}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{F4B7D705-3FB9-4CD8-A7FB-A46107E65D7B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F795727C-FBAB-4D3F-8A68-86B09FDF0473}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{FA442705-9C92-404D-8AB4-9F2D065CB8DB}" = rport=445 | protocol=6 | dir=out | app=system |
    "{FD854CB1-1E98-40A1-AADF-94E0B1B33F3B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FDBF8989-5A4C-486A-8893-0AFD0B4BA4CB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{013D694A-6C24-4829-B1B7-3D0E4ECCAA37}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{0144221C-E2C5-4B56-939B-D19A560FFBD3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{02F6C235-9E08-446F-B66B-42D15182769F}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe |
    "{03B39BA4-A9AB-479C-B1E8-D9AA5D4CAABB}" = protocol=17 | dir=in | app=c:\users\marie\appdata\roaming\dropbox\bin\dropbox.exe |
    "{07F472D5-0C7A-45E2-96DA-686EB0725F7D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
    "{099A40C4-80F5-42E1-AE26-304124697623}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{0CAC50B4-5FC5-4668-8BAC-6DDC318DCD9C}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{0F014101-C892-411A-90FB-5318C677FD3F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysql.exe |
    "{0FEA2215-116F-45AE-922E-F5ACAF4B44F8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{109B77A0-617B-4CA5-A1A4-C6976BFD8F76}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\apache\bin\httpd.exe |
    "{13423D55-609E-4737-AF1A-7FB7519EA389}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{144984B4-0922-424E-92E0-CF7C318D8C90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{1A7035FA-CBE3-492A-9618-1DE0B270818A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
    "{1B846503-B427-444C-A239-D822C5095ACD}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\apache\bin\httpd.exe |
    "{21A28268-A57A-4CEC-AB92-5276047BA136}" = dir=in | app=tracsrvwrapper.exe |
    "{282FEE7E-491C-4C3C-A277-553C99F3C5B9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{28FCB6F9-5A69-402D-A3B4-9F8C47C34A8A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{29DAEA33-7AF9-423A-9A47-79EC30AC98F8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
    "{2BE7E735-9A88-4752-8FD3-3478406F9435}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
    "{2CEC4974-397C-4F70-9A0B-CD013878CD4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{33267A97-FF2E-4DDA-8426-16F3E74F0E38}" = dir=in | app=c:\program files (x86)\checkpoint\securemote\bin\sr_service.exe |
    "{352E7ED3-79AA-4BFD-BCCC-A7AA3FCAB884}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{36DC7654-719E-4B39-8505-78F006F345CD}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
    "{3A0BD7EF-EE09-4C2A-8A5B-69C4C6ED4463}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
    "{3B058E27-6D77-43DA-84A4-68E0A95FB08A}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |
    "{3B8DC91E-A4F6-4355-A1FF-9E7382537CD1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{3C269FA9-2569-4F20-BCE3-D2B88C1C6A66}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{482F17EA-97AF-4BA8-BA03-64A0DA44A368}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\apache\php.exe |
    "{4929F89D-2F73-498C-9A62-A6D305B46504}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
    "{4B331E71-1BA7-4654-B1DA-9286673E9E86}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{4E145EE3-B63A-4177-A40E-453F100B7F59}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "{4E1DFA30-D6D3-4A90-85F3-301F84A8B7B6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{50D52633-6312-43E2-A198-CE9F1B79DE6F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\apache\php.exe |
    "{51F84165-FE98-41BC-9E0C-3259E104D03B}" = protocol=17 | dir=in | app=c:\programdata\ultravnc\winvnc.exe |
    "{55724F4E-12B7-4BD2-9E52-A58250B259E6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{5722E152-E2B9-4817-95BF-3E8ED720F811}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{5BC41D47-540F-4726-9F48-E2CE3316B890}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{5CA582FF-F6C9-4E82-9CC7-D716177CD774}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
    "{5CA66D63-1E35-45D6-9E98-797FF2AE99CA}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{66535982-AC25-4669-BD4A-A311C768128B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
    "{6E2F6D72-2D2D-4FB2-A814-0A8C9B6C73F8}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
    "{6EABFA1C-3E20-48C0-B89C-A2714141250D}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\devicesetup.exe |
    "{6F9650D7-8669-4235-9422-78355AA97460}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{7264DB74-7CA9-4DD2-A22A-B2366BFE36AF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{73EC2E8B-6EE3-40B8-990E-733F41E0F7E4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{7460FF57-95C6-4A09-B1E6-5B8C444BCE50}" = dir=in | app=c:\program files (x86)\checkpoint\securemote\bin\sr_gui.exe |
    "{76954E87-E3F5-40D1-9937-C22C93B64A2A}" = protocol=6 | dir=out | app=system |
    "{7816547E-8718-49B2-8958-1385B1B34D62}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
    "{7835BB78-50D1-4E64-A126-E8D7E9756515}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
    "{7A72198D-EA94-4BB4-8E1B-3844457D7BAF}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
    "{7CDD1163-5181-4353-9DF1-8AB7226771CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{7D363997-1EEC-4F8E-BB90-EA82072DD613}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{7F6677D0-9ECC-4478-B6D7-20675B26DC15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7FF7A5BB-0DE2-484C-A18F-EF9B426EC8FF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
    "{81C928F0-8E1E-4F5A-BF7C-D216E67B7544}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysql.exe |
    "{820F534C-211F-4C98-8525-9B094CBE8521}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{82A7AA83-570C-42A2-96DD-29919152B9A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{83A9C709-EC1F-4D8E-AAEC-24EF3749568A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{8BBC299C-F325-4BA9-A29B-BDA5F158575F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{8E23B41B-CF37-4AD4-8859-D7D45B3F764B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9202FE1C-A6E2-4E18-9B3C-AF383CC60FE1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{9373FAF0-2A3F-4E2C-9437-C5E22F22530F}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{938740F5-889E-40A3-ABA4-9D7E9111091D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{93B07C1B-8FAE-4AC3-A4C3-57D96A3EAD81}" = protocol=6 | dir=in | app=c:\programdata\ultravnc\winvnc.exe |
    "{96029AC9-3228-4638-83B6-CEFF5E04FC10}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9728EB0D-B8A6-4E96-BA90-16D534AEF556}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{988626C3-AA09-418E-AC8D-401FB2ADB743}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{9B443C55-4D75-4BA3-98AD-33329C3B949D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
    "{9D7A4E8C-A2FD-44B9-9556-C18753B8AF43}" = dir=in | app=c:\program files (x86)\checkpoint\securemote\bin\scc.exe |
    "{9E45168F-A653-4BFD-ABFF-AAD9C5649EF2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
    "{9EFEF532-ECEC-45A2-ACA4-19930DB393CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{A7E5F410-0C8F-48EE-A5E3-5290349825F3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{AC7A930E-D275-4DAB-841C-0F99A9C3EBB3}" = dir=in | app=trgui.exe |
    "{AD4C4973-BB89-4C02-B8D2-CA2CFA9C0EF2}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{AF0289D6-DEA9-4428-83B5-D36D5A6EFB65}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
    "{B0381D70-FE38-4090-AB00-DB6BE4BF5F28}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B328CC70-EE12-4582-A5A2-E1C1907D47A4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
    "{B67F0036-1C03-469F-AD1A-C45D81B84B15}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicatorcom.exe |
    "{B84B7B01-34CE-4499-BF99-56FDAA3D4E58}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{B9734F1F-4A69-4FA5-A97B-12DB8DE23FBF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BD2E4BD2-5E5E-4B89-BB15-DC0BF71F90B9}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{C114B8F0-F2A5-4656-8F70-55199575216E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe |
    "{C3177110-CC2A-44BD-89F3-D5D6A39CF90A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{C5318E33-33C9-4955-8CC7-10BA0A332D37}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{C913A520-7236-4A30-8A96-D5F125F3AEA1}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
    "{CDA20227-35B5-4B9D-9A12-DF8B4058656F}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{CDE0D37F-4950-479D-9981-02A635357538}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{D0152CDB-2F4A-4AD5-A332-7D98DF28721C}" = dir=in | app=c:\program files (x86)\checkpoint\endpoint connect\trgui.exe |
    "{D1DCACF8-B1F9-41DA-8407-108D14B20628}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{D3750468-D431-424C-A16D-EEEB137991EF}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe |
    "{D4440A63-8CE3-470D-98CC-5D7F3A3A9DC7}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
    "{D58E3663-2A99-48EF-AD95-E8903FABD9FD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{DEF4EDDB-DC02-4110-B48A-48AD3452F5FB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{DF72939A-EA73-44F3-BA67-132507EEA922}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{DFEA7901-9E65-4544-9D94-40D4C13912BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E415B23D-06E6-4825-9ABF-A2C28A685A7D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{EA98B1F8-333B-4BA3-B1B2-D259515C78AE}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "{EED6C3C7-114F-4C41-AB6A-14E973E385AE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{F014BFFE-5861-49D7-9A64-EE0969B527E6}" = protocol=6 | dir=in | app=c:\users\marie\appdata\roaming\dropbox\bin\dropbox.exe |
    "{F6128022-3541-4C06-B3EE-0C03DFD2192A}" = dir=in | app=c:\program files (x86)\checkpoint\endpoint connect\tracsrvwrapper.exe |
    "{F94DF9F5-DEB7-4E58-BD3A-A0779C7C90D5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe |
    "{F9F9667C-F91C-4F82-BADE-91FBB1C08147}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{FA38D644-FB2B-44A1-A659-EB31055BB4CA}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
    "{FA5732A6-8DCD-42CC-A95C-63696AF369D7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{FE50ADAA-9E50-4EF0-86E6-5DBCFF04573E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe |
    "{FE7E375B-EBD8-4042-82DA-11493622147B}" = dir=in | app=c:\program files (x86)\checkpoint\securemote\bin\sr_diagnostics.exe |
    "{FF0E6F59-37F4-4ED8-BA83-089B9759C88B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "TCP Query User{0AD1D6CD-2F7C-4696-98F9-7BB817525246}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
    "TCP Query User{1BB1E82A-FF04-4A9D-ACE9-CAB9AE3503D1}C:\users\marie\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\marie\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
    "TCP Query User{1E9629FC-D7CD-4823-9A41-32E269DCFEEB}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "TCP Query User{4A0CB4A0-EAAD-4114-825E-8E1538BBACBB}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe |
    "TCP Query User{55060A4B-C64E-4846-90C1-7202B2F1AD15}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
    "TCP Query User{82066DA3-E310-4412-981F-C1BDD49FEE93}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
    "TCP Query User{870B98E9-BE7B-4477-945B-9280EF596455}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
    "TCP Query User{8CB7FB7B-1B90-49D1-9793-B1CF12DFB935}C:\program files (x86)\ncp\secureclient\ncpmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ncp\secureclient\ncpmon.exe |
    "TCP Query User{C2023E34-36D6-47AF-96E0-D376D649059F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
    "TCP Query User{C23BC181-EE2C-478C-8F13-07731839D036}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "TCP Query User{CA2437F7-306A-4B68-AE5E-4598CD931321}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "TCP Query User{DE110466-2B17-463E-AB1A-8FC1171250F1}C:\users\marie\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\marie\appdata\roaming\mjusbsp\magicjack.exe |
    "TCP Query User{F496B85D-767A-4258-96EC-11F601B8A225}C:\users\marie\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\marie\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{152EB6DF-58FD-445E-854C-C99BD82DEAB2}C:\users\marie\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\marie\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{291656F8-4450-4CB0-9529-790BDA424597}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "UDP Query User{3C985922-4517-4B1D-AFE2-96627FF07B96}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
    "UDP Query User{4BDA11D8-9363-4AB8-8A80-D6E32444D58E}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe |
    "UDP Query User{8308F56B-39C9-43A3-A739-2956E29FFC9E}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "UDP Query User{8B2CAE9C-4C2D-4AD6-81A1-C8E152F119D2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "UDP Query User{903E7072-6AC2-49CE-9381-FB56C12E8AEA}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
    "UDP Query User{A0A1E8A9-693D-450F-97B6-8E86B223C190}C:\users\marie\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\marie\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
    "UDP Query User{A294ECD6-1D47-4E7C-9B24-4BB88E38296F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
    "UDP Query User{A2A1DC5B-CB39-443B-97B9-073DA44DD796}C:\users\marie\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\marie\appdata\roaming\mjusbsp\magicjack.exe |
    "UDP Query User{A7B263A6-9899-47DE-856E-AD931EED4C69}C:\program files (x86)\ncp\secureclient\ncpmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ncp\secureclient\ncpmon.exe |
    "UDP Query User{AC7CA63A-C40E-4A53-8267-E02C706BAF6E}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
    "UDP Query User{F1491C00-379B-4011-A3E1-44CFBBA1F77F}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
  2. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
    "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4303
    "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
    "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
    "{14ABDFC2-491B-4AF0-8134-CC5596D0EF57}" = HP Deskjet 3520 series Product Improvement Study
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{5848A26C-E4BC-4A13-AA8D-810BA344475A}" = HP Deskjet 1050 J410 series Product Improvement Study
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
    "{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
    "{893D9341-6AEA-8463-83E1-70D004A56AD3}" = ccc-utility64
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
    "{A0A03B53-927D-4454-A456-CB0A72A4912F}" = HP Deskjet 3520 series Basic Device Software
    "{BB94D541-A747-4A5D-B0ED-72FA5C158EA5}" = HP Deskjet 1050 J410 series Basic Device Software
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "lvdrivers_12.10" = Logitech Webcam Software Driver Package
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MyPC Backup" = MyPC Backup
    "PROSetDX" = Intel(R) Network Connections 13.1.33.0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{0764694E-4C2E-1A05-B6A2-3C0B4F061AB5}" = CCC Help Hungarian
    "{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C2D2976-6F6B-EB9A-57CB-0F479510E29D}" = Catalyst Control Center Localization Portuguese
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1833C9AB-38B3-2B52-6A66-46B366327FE8}" = Catalyst Control Center Localization French
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.7
    "{1E9A9E08-0366-45EE-9B66-51852F8D9812}" = Open Workbench
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}" = Serif PagePlus SE 1.0
    "{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
    "{27979F37-AF9C-33DE-8437-76F7AEFAABAD}" = Google Talk Plugin
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{292E1FC7-C42A-5ED5-0904-94C1A0A1538A}" = Catalyst Control Center InstallProxy
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2AF983E8-983E-AEAD-BB41-D7CAED800C03}" = CCC Help Chinese Traditional
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{319397B7-88C3-FF5E-788E-6EC3D9C7F10F}" = Catalyst Control Center Localization Chinese Standard
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{33303B83-3081-5C68-EBD9-9140DD374B5A}" = Catalyst Control Center Core Implementation
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3544DED1-07DB-40C0-98F3-435A6DA195C7}" = Google SketchUp 8
    "{364F416C-CA2E-20FA-193C-267192F339A7}" = CCC Help Japanese
    "{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
    "{4250568D-A456-7DF3-4832-21CC15E7D0B1}" = CCC Help Korean
    "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
    "{4F668F8E-56FC-6DFF-4F2F-603542D7413B}" = Catalyst Control Center Graphics Full Existing
    "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{5070E761-C5ED-A868-CE4E-B3C7B4674E06}" = Catalyst Control Center Localization Hungarian
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{58192647-B4DD-45E1-9C3C-1614B4A03897}" = 64 bit Windows Card Reader Driver
    "{59B8EE7B-A449-A1F5-45A2-6F58C305925E}" = Catalyst Control Center Graphics Light
    "{5AED8F22-D3F2-C924-4F2A-1D6C80162C78}" = CCC Help Italian
    "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
    "{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
    "{5CDEC102-451E-4D1D-A091-9D93F41532F5}" = Dell Client Configuration Utility - Powered by Altiris
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{63A7AA0B-6EDC-40F0-B14E-5289599EE2A3}" = Catalyst Control Center - Branding
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69A01F5F-EF07-C3C6-3B94-E895E931FCF1}" = Catalyst Control Center Graphics Full New
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant
    "{7CD0118B-FE1C-6513-7FCC-2D4BC220DD1F}" = Shutterfly Express Uploader
    "{7CF115FC-BA7C-E81A-631A-B9545D446AF0}" = Catalyst Control Center Graphics Previews Common
    "{80250615-2FF1-0AAE-9C71-375BA6E5CF7E}" = ccc-core-static
    "{80F0EB59-D25F-2A39-92E9-B1D593255E64}" = Skins
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B5A3788-7DE7-668B-437A-2EDF278F8324}" = CCC Help English
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9AE79FD8-90DD-AA27-06FA-0DF8A0FFCE88}" = CCC Help French
    "{9B947CCE-D5B2-1AE4-D3EE-B073D5D5D4D7}" = Catalyst Control Center Graphics Previews Vista
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A2233F8C-B7AC-0E77-0DF3-57678388A816}" = Catalyst Control Center Localization Japanese
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}" = HP Deskjet 3520 series Setup Guide
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B4E24CA6-5254-7E2D-F1FC-B01881AD4556}" = Catalyst Control Center Localization Italian
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{BAEF9F3A-D10C-40DF-819D-D21D9600AE1A}" = Extreme Flash Player
    "{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}" = HP Deskjet 3520 series Help
    "{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{C4A40111-4DD6-C90E-27E7-CA8F3E647DF0}" = CCC Help Chinese Standard
    "{C61798EC-C148-DCAF-0BBB-983E3F2A358A}" = CCC Help German
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D0B7DE9F-D63D-57DD-1872-3F0207A437AC}" = CCC Help Turkish
    "{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DDEE3690-E766-135E-39F9-1069E44364FF}" = Catalyst Control Center Localization Turkish
    "{DE6D0FDB-3B65-48B9-6F71-A61D5A7B576F}" = CCC Help Portuguese
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DF0B1D6F-DEC5-4831-00B7-FC2ACB464C31}" = The Sims Carnival SnapCity
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E14D7E83-C764-F6D9-FA7E-DA50596C8B02}" = Catalyst Control Center Localization Spanish
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F39A1538-F97D-702B-AD48-F8FD2A01D0B2}" = Catalyst Control Center Localization Korean
    "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
    "{F569D2CB-5BB9-B8A1-9B1D-AA813D974372}" = CCC Help Spanish
    "{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
    "{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
    "{FB997B37-623B-E151-6AC5-5EEA34FE4178}" = Catalyst Control Center Localization Chinese Traditional
    "{FCDDA9CC-10DC-F720-53DE-D23A96EA8792}" = Catalyst Control Center Localization German
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "AIM_7" = AIM 7
    "AOL Toolbar" = AOL Toolbar
    "Avidemux 2.6 (64-bit)" = Avidemux 2.6
    "CamStudio" = CamStudio
    "CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
    "EADM" = EA Download Manager
    "GIMPshop" = GIMPshop 2.2.8
    "Gizmo Central" = Gizmo Central
    "Google Chrome" = Google Chrome
    "GoToAssist" = GoToAssist 8.0.0.514
    "Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.26057)
    "Hauppauge WinTV" = Hauppauge WinTV
    "Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR
    "HP Photo Creations" = HP Photo Creations
    "HTC_WModemDriver" = WModem Driver Installer
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "IrfanView" = IrfanView (remove only)
    "KeePass Password Safe_is1" = KeePass Password Safe 1.21
    "Luxor2" = Luxor 2 (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
    "MP Navigator 2.2" = Canon MP Navigator 2.2
    "MPlayer" = MPlayer (remove only)
    "Office14.SingleImage" = Microsoft Office Professional 2010
    "RealPlayer 16.0" = RealPlayer
    "TeamViewer 8" = TeamViewer 8
    "WinGimp-2.0_is1" = GIMP 2.6.7
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.20 (32-bit)
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Marie
    "Consumer Input Chrome Extension" = Consumer Input Chrome Extension (remove only)
    "Dropbox" = Dropbox
    "GCalc 3" = GCalc 3
    "Move Media Player" = Move Media Player
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
    "WinDirStat" = WinDirStat 1.1.2

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Marie
    "AOL Toolbar" = AOL Toolbar
    "Dropbox" = Dropbox
    "magicJack" = magicJack
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

    ========== Last 20 Event Log Errors ==========

    [ System Events ]
    Error - 6/23/2013 5:37:01 PM | Computer Name = Admin-PC | Source = netbt | ID = 4321
    Description = The name "OLGIN-PC :0" could not be registered on the interface
    with IP address 192.168.1.9. The computer with the IP address 192.168.1.18 did not
    allow the name to be claimed by this computer.


    < End of report >
  3. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    [​IMG] Make sure you reinstall AVG as soon as possible.

    [​IMG] Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\..\URLSearchHook: {22dfbf5b-a7cd-4b25-9471-3dc68c71855f} - No CLSID value found
    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found
    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\..\SearchScopes\{7E115A6A-1318-4591-A8B6-B7A0E83784CD}: "URL" = http://websearch.ask.com/redirect?c...n_sauid=B8A34246-72E6-4C2B-B874-F0E2762F9223&
    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\..\SearchScopes\{AE6A6BF8-FB8A-4BF1-9B5D-7B5D0EB16A8D}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3018509
    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - SOFTWARE\Classes\CLSID\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}\InprocServer32 File not found
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    [2013/04/24 21:28:29 | 000,001,102 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\u97bgjga.default\searchplugins\whitesmoke-new-customized-web-search.xml
    CHR - Extension: WhiteSmoke New = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.14.40.128_0\
    O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll File not found
    O3 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\..\Toolbar\WebBrowser: (no name) - {22DFBF5B-A7CD-4B25-9471-3DC68C71855F} - No CLSID value found.
    O3 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll File not found
    O4 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
    O4 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent File not found
    O4 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
    O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
    O18:64bit: - Protocol\Filter\ica - No CLSID value found
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3
    
    :Services
    
    :Reg
    
    :Files
    C:\FRST
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    Last scans....

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  4. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    When I went to download AVG Free, in addition to the AVG Installer, PC Utilities PRO popped up giving me "Scan results for your computer". Also, a rogue browser windows with a link to www.guifile.com/thanksyou/index.php... I closed that window and another chrome popup appeared saying: "Your preferences cannot be read. Some features may be unavailable and changes to the preferences won't be saved."

    Any advice?
  5. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    Really?!?! UGH! I clicked on the avg website (or so it looked) and it ended up taking me to a avg.guifile.... something or other. Crud, crud, crud! Sigh! Boy, am I making a mess of things now. :s
  6. Broni

    Broni Malware Annihilator Posts: 45,159   +242

  7. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    Running OTL fix now.
  8. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    Should it be prompting me to download FileOpenerPro express installer?
  9. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    FileHippo link?
  10. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    Nevermind. Found the download button on the right rather than the bigger (trickier) one on the left...can these sites make it any more difficult? :( LOL
  11. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    That's the point.
    You have to be always very careful when clicking on anything.
  12. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    I'm certainly trying. My apologies. And, yeah that was on FileHippo's site! Huge green download on the left - wrong; small download link on the right margin - right. It's not clear that the one on the left is taking you to anything else. As soon as it went to that site, I closed it. I now have AVG installed. I will continue forward with the rest of the steps you provided above.
  13. Broni

    Broni Malware Annihilator Posts: 45,159   +242

  14. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    OTL stalled with the custom code. Had to learn how to boot in Safe Mode on my Dell (no they don't provide a convenient F-key during booting -- can nothing be easy for me today?) Anyway, how long should I expect OTL to run that custom code in safe mode? I am getting ready to head out the door and need to know, because I won't be here to reboot if it takes too long.
     
  15. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    Is it stalled in safe mode as well?
    If so at what line?
    You should see it at the bottom of OTL window.
  16. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    Yes it seems to be stalled here as well.
    "[Reboot]"
  17. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    Same place it stalled in regular boot mode.
  18. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    Give it a few more minutes.
    If still stalled at "reboot" restart manually.
  19. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    Had to manually reboot, where will I find the log now?
  20. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    Results of screen317's Security Check version 0.99.67
    Windows Vista Service Pack 2 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG AntiVirus Free Edition 2013
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java 7 Update 21
    Java(TM) 6 Update 7
    Java version out of Date!
    Adobe Flash Player 11.7.700.224
    Adobe Reader 9
    Adobe Reader XI
    Mozilla Firefox (3.6.28) Firefox out of Date!
    Google Chrome 27.0.1453.110
    Google Chrome 27.0.1453.116
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgwdsvc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
  21. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    Farbar Service Scanner Version: 16-06-2013
    Ran by Marie (administrator) on 23-06-2013 at 16:50:31
    Running from "C:\Users\Marie\Dropbox\Downloads"
    Windows Vista (TM) Home Premium Service Pack 2 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcsvc.dll
    [2009-09-17 21:19] - [2009-04-11 00:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

    C:\Windows\System32\drivers\afd.sys
    [2012-02-15 04:20] - [2012-01-03 07:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2013-06-12 02:17] - [2013-05-07 21:50] - 1423720 ____A (Microsoft Corporation) C7C60777592EEF169A11647AAE7A91C3

    C:\Windows\System32\dnsrslvr.dll
    [2011-04-14 11:00] - [2011-03-02 09:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

    C:\Windows\System32\mpssvc.dll
    [2009-09-17 21:20] - [2009-04-11 00:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

    C:\Windows\System32\bfe.dll
    [2009-09-17 21:19] - [2009-04-11 00:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe
    [2009-09-17 21:20] - [2009-04-11 00:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

    C:\Windows\System32\wscsvc.dll
    [2009-09-17 21:19] - [2009-04-11 00:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

    C:\Windows\System32\wbem\WMIsvc.dll
    [2009-09-17 21:19] - [2009-04-11 00:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll
    [2009-09-17 21:20] - [2009-04-11 00:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

    C:\Windows\System32\es.dll
    [2009-09-17 21:20] - [2009-04-11 00:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

    C:\Windows\System32\cryptsvc.dll
    [2013-06-12 02:17] - [2013-04-23 21:09] - 0174592 ____A (Microsoft Corporation) 1B22BC0B71F65001479DAB792C3F626C

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2009-09-17 21:20] - [2009-04-11 00:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



    **** End of log ****
  22. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    TFC seems to be stalled at "User: Marie". I'm going to let it keep running while I'm gone. I also noticed that I'm getting backup messages from a program I don't recognize... sigh!
  23. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    Which would be?

    Sometimes TFC takes time.
  24. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    My apologies, I left and didn't see your post. It did finish indeed. If you aren't available right now, I understand. I will post the last two logs needed.
  25. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    I'm still here for few more minutes.
  26. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    I'm still here for few more minutes.
  27. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    C:\Users\All Users\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dllprobably a variant of Win32/Adware.Yontoo.B application
    C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dllprobably a variant of Win32/Adware.Yontoo.B applicationcleaned by deleting - quarantined
    C:\Users\Marie\Dropbox\Downloads\Setup (1).exea variant of Win32/Adware.iBryte.G applicationcleaned by deleting - quarantined
    C:\Users\Marie\Dropbox\Downloads\Setup.exea variant of Win32/Adware.iBryte.G applicationcleaned by deleting - quarantined


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.