TechSpot

PUM.UserWLoad

Solved
By Stesnees
Nov 23, 2012
  1. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E21433CE
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DCDE7C60
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CB0FEE2B
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B3196E8D
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:98DD1050
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8E5EA40F
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8204AA35
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:6C5EC3CD
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:6423D635
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:3D6B89CE
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:373DF935
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2DF54B62
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:237E4B91
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:13AA281B
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0919E696
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:07D9FF25
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:FB08C210
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:ECF3C50F
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E4EE99EF
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:DD842FD5
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:DA7655EA
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:CA99FD89
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AADC76BA
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8AA99C0C
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:7BB584AA
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:72598408
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:65B8AF94
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:63F8EC77
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5F1019FF
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5A9F1AE5
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:40BAD1B0
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2C678471
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:17F7AEA3
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:10F6E97E
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:078B239B
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:041C0562
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F1F936DF
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:DB2748F7
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D882BE37
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B8EB1B99
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:AC0528D9
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A9ABA3FF
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A56D6987
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A41FEAA2
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A05F750A
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9EE6560D
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:94874C0A
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8BE7A048
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:774A0E14
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:71A89A93
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:71112705
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:6677D85A
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:63CFD724
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:56C17A93
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:490BCC52
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:44B5FE44
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0860D6D6
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:077F4C77
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:008586AE
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F7370879
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:E2497090
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D7DA89B1
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:98DFF516
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7EBCAF87
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6BD304B9
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:69E3AF64
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:24C072FF
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E3C56885
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:DD95E6D9
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:CEF2A14E
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:C7B98566
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:C49A5AD1
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B8EA2C49
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8CCDAB14
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:65AB2A58
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2B9555D8
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:29861223
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D92485C9
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:BE6DC701
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:708BB0FA
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:53DF59D1
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:483AC68A
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:34EFF1F2
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:33384BC0
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:27F44544
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:0C13C008
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FC60E0F8
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:EC855C73
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:C3B5FCD5
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A0CB43B2
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:9026FFAC
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:8DA9DB01
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:8BFA0030
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:701B92FB
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:6FD26134
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:27C3CD07
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0DE96CF5
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:F7401CCF
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:F36BFA23
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:EC7C9796
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D708EEF9
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D507AEDA
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AFB24B00
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:95079543
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:86B7FDDB
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6BF0805F
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6813E7F4
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:63C29481
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:43301D1D
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:FECEF728
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E0EBA003
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:93877B62
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:723E56EC
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4AD2C54D
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:07C99568
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:9D5BB34A
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:3595B780
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:13DF9DD1
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:7CEDF9F3
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:551BED5F
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:3A6BC948
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:E1D818F7
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:BBF60A29
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A0C7D68A
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:957E9765
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:592D7272
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4673E9EA
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:C74009E5
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:67BA17B9
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:65929158
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:9ACB70D7
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:966CEAE7
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:561B1D2B
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:43E95997
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:0AE2C68F
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:00811B66
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:EEF1584F
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:CB16385F
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:883EDFB5
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:4EF94CF3
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:EB5BDBB0
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:CC7738DB
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:7920E530
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:71FA8B7F
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:33611CFB
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F7F6E6CB
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:E32966C0
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8B51CAAE
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4E6B8D68
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:49EB0FDC
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:E690114B
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:98AE08EA
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:514E900B
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:1ECED34B
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:15752405
    @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:80B291A7
    @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:126591AF
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:DE6EED8B
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:D0D17155
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:74091520
    @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:FB97DB91
    @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:95198126
    @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:6C13E971
    @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:3D36932D

    < End of report >
  2. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    OTL Extras logfile created on: 24/11/2012 23:42:38 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kaye\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    4.00 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 54.10% Memory free
    8.00 Gb Paging File | 6.04 Gb Available in Paging File | 75.56% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 341.45 Gb Total Space | 121.71 Gb Free Space | 35.64% Space Free | Partition Type: NTFS
    Drive D: | 342.08 Gb Total Space | 341.01 Gb Free Space | 99.69% Space Free | Partition Type: NTFS
    Drive E: | 264.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: KAYES-PC | User Name: Kaye | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
    "C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
    "C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0B3C1CF3-E8D5-48C8-8A0A-E4F8EC0BB89E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{19952D88-8B54-4802-9112-52170BA00F4C}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
    "{19C0B11D-846B-43FF-8C61-E2118A51792B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{2325686C-E15C-40C3-AE69-E492326DA9ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{277E381D-05C6-4709-AE77-EBB8776DFB99}" = lport=137 | protocol=17 | dir=in | app=system |
    "{2CEDD8F1-2859-49D9-B950-CB86615DD235}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{33E77DF0-770A-411F-B3B9-6AE1769AB355}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{37BDB72F-0A9A-437C-BE57-F8AD43D70933}" = rport=139 | protocol=6 | dir=out | app=system |
    "{37D6EEFA-4505-4E1B-99D3-221A68984BB0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{3BF10DC6-A69D-4B80-9CAF-8A1F6AF53A60}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{3DBC562C-7C40-438E-810B-81349EB6ED27}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{4450F491-3239-4CDD-90A9-1BD9EB6B6784}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5C76F5DD-285C-48D6-B9C6-DCDD277912EE}" = rport=138 | protocol=17 | dir=out | app=system |
    "{5E702670-156F-45E5-B9C5-EB53A2DC3325}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{65333DDE-2404-4481-87FE-FD068C9F4873}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{698754EA-1574-4E23-9942-DA6911A21ED0}" = rport=445 | protocol=6 | dir=out | app=system |
    "{7ED58A4E-BB62-40EC-A479-34054750E39C}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
    "{8E69F0FF-F751-4AC4-B1C8-AC7C83E0D012}" = lport=138 | protocol=17 | dir=in | app=system |
    "{8EA498C5-EF98-47BE-8FDD-8973299B6368}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A6C3C672-5DC2-435C-BA36-D222A95A960A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A7002DA7-CD94-45EE-9AB0-E42160E8A353}" = lport=445 | protocol=6 | dir=in | app=system |
    "{A7FD6BCD-D57D-4BD9-9E3F-D74ADB83FE33}" = lport=139 | protocol=6 | dir=in | app=system |
    "{ACF63EED-2DB4-4CB2-B028-96BEED1B4B17}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{AD44ACA0-1CC6-407D-A0DB-E6AC368917C7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D11CAE4D-1EC0-472F-B800-D9BD900CCEEA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{D937E904-4E6A-4F8D-82E0-E10009E41DE7}" = rport=137 | protocol=17 | dir=out | app=system |
    "{DDCE7C6E-9A40-442D-BB19-370F73A3FED8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{DE15E188-A7DB-409C-9A1F-952056BEB935}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E2ADABDD-8B9A-4A50-A9D1-47760C252D2F}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{F35FEAC5-554A-4913-AF1F-D37E87F318BB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F89B367D-C06D-449A-BE6C-998325FBEEC0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02B80AEE-CFD4-4D8B-BB5C-145267F4FF4C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{0A680BE7-9818-4794-BABB-776C6945A88A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
    "{101C8628-CAB3-4661-9A2A-FEC0E6185963}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdxcoms.exe |
    "{13AEA5E6-B86A-4D95-809C-08B50881FA03}" = protocol=6 | dir=in | app=c:\users\kaye\appdata\local\tversity\media server\mediaserver.exe |
    "{1BAD1B70-EF63-424F-8922-F9F6FDBD179F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
    "{1E533CD7-2683-41D5-B46D-02D1CEEDB6EF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{243A5E48-CF25-4432-9C1F-31CF5A389587}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{265DDBBE-0C39-4395-95CC-C3014FA1135E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{27FACABB-B5F2-477C-A0A7-4BC2DA061C2C}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
    "{2AF5C530-E3FA-40FC-BB30-9D3DBDD39D18}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{2EE0B271-FF8E-4FC8-8A2E-5381BC3C0C3D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{2F03431A-E92B-41BF-BA22-D822D8518492}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{30ABBCCF-40CD-43C5-9BE0-938787D46692}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
    "{38A9894B-84E8-430B-85AD-B0AD988FAF0B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{3F4C1AC2-09ED-43A6-8C58-D0D72A989194}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{3F8308E8-4C2E-4A6C-99ED-74882C0132E4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{46E74F71-29C6-4BB0-8FEF-6A07F9F11072}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{472E3958-D8E4-4485-A56A-D4FFF21E5D25}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 3600-4600 series\lxdxmon.exe |
    "{473A984B-B9F9-4E77-82A3-411329E57CF6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{4942E271-8F9A-4666-AAD2-1ACB727999A7}" = dir=in | app=e:\setup\hpznui40.exe |
    "{4AD394D9-0D2A-4AE0-885C-5D4EBA66082C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{4E87BB98-99F8-48A2-8FA0-B5DB51096E59}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{538F3418-AE0E-4E01-95A7-95AB358B62BF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{548F3CD4-0706-467B-85E9-873FF4E91A69}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
    "{57C28BE8-7B72-4541-AF43-FDEDA3B17D95}" = protocol=17 | dir=in | app=c:\windows\system32\lxdxcoms.exe |
    "{5A639E6A-9CF8-432A-8CCF-A0F04F576C3B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{5D5C1FFB-0055-4945-9EDB-087229DD8602}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{6301504C-DEA1-4561-985B-F86C3355D8DA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
    "{636374E1-C670-49D0-8DAD-4651204202F5}" = protocol=6 | dir=in | app=c:\users\kaye\appdata\roaming\dropbox\bin\dropbox.exe |
    "{640C4512-1B9B-4CAC-B586-4DD6C3FE8FF5}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
    "{6A357A2D-791C-41A8-B802-4110BECE3EFD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
    "{6B1898A9-BC9D-44DE-BF5A-3C57C0BF3697}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6B8F55E2-8222-434B-B93C-3392B3C1AEFC}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdxcoms.exe |
    "{74AAB004-A974-4535-B871-36147499D029}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{8439A661-9BE4-457A-8085-12F69728AE44}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
    "{850DE395-CF34-4BEE-ABCC-1CD9A73DEB5E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{86DBD267-A24D-486B-9F65-9EBAD67D9E5A}" = protocol=6 | dir=out | app=system |
    "{8D077E80-78EC-4AE2-8B67-59AB15F4D7E8}" = protocol=6 | dir=in | app=c:\windows\system32\lxdxcoms.exe |
    "{959EB041-6941-4DDB-81F3-E5B7AB3DA493}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 3600-4600 series\frun.exe |
    "{96CB4354-57E5-472B-98E6-79C3D65A7B4D}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{99862772-B086-4A46-870C-866366B6BDE7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9BFA8BB6-327C-4C94-8720-43924394D351}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 3600-4600 series\lxdxamon.exe |
    "{9E416A93-FD67-4DBB-8C22-3FE80554D237}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{A294E2F0-DC0F-43A1-9B72-A9BD518D7579}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 3600-4600 series\lxdxmon.exe |
    "{A61E4A8F-4B29-47E0-BEA9-5030B388E59E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{A8C01F1F-02E8-4FBF-90AA-8827216E122E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
    "{ABEF2A3C-27C7-473E-B7CE-3E6C69D54BD6}" = dir=in | app=c:\programdata\tversity\media server\mediaserver.exe |
    "{AC74CD19-A9F3-4E41-8090-EC5CF459B4C1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{ACFCBFD4-9A5A-4A0C-8B38-3F755CB42A9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{ADCA7520-AD23-41CB-AA97-F11A7F5E67CF}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
    "{ADD0F80E-1E63-4E8C-A24C-C086B99E4386}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{AEDA9823-117B-4FE0-971F-67E3D0C4A141}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{AF229867-01E5-48B6-9F67-3F4F90E397C5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{B3D14F58-3EDB-440B-9914-01C4A5026C7F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
    "{B423AE92-1C37-4844-BE82-275E8936EDE8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{B4E02646-E51C-4A57-A334-C6FEC8378D87}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
    "{B7310B83-09C5-494F-AFC2-010DC83DC28F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B899DD3A-ACEA-4AB5-B965-99A6661F2464}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 3600-4600 series\lxdxamon.exe |
    "{B9BDBA05-A525-407C-B2EA-F768387E0D03}" = protocol=17 | dir=in | app=c:\users\kaye\appdata\roaming\dropbox\bin\dropbox.exe |
    "{BB4CAA99-AA30-411C-9F37-3DDBDCB86934}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
    "{BD5EB880-7265-4A82-A635-50D3289C205D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CB7A1D78-2008-4D0C-949A-AC465280BBB5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
    "{CE87A6AD-F394-4851-BF63-60D7AD96F8B7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
    "{CF1B8B25-5AAC-45DB-A15E-990093C06D7F}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
    "{D61A5412-DE4A-4B81-A3FB-83C89150C232}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{DDA129B7-E583-4502-8A8B-DEFDA3C73FE8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E4C02B85-9E8C-48E1-9DDF-5EA81DB5E83E}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 3600-4600 series\frun.exe |
    "{E676CA4E-83DC-42AD-95E0-7738890BE041}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{E6F9A9CF-0877-446E-A76E-8BD35B28ACBD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{F19EF6F5-1463-44A6-9264-6800B0EC6277}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{F32153E8-5B5D-4878-98BB-D19D4C223246}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
    "{FE88DA42-A07C-43B9-9B69-34D9E064861C}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
    "TCP Query User{088067A5-B500-44DC-BD5A-0BF9627DFFA6}C:\program files (x86) (x86)\lexmark 3600-4600 series\lxdxmon.exe" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 3600-4600 series\lxdxmon.exe |
    "TCP Query User{16FEF6A2-941B-482E-883F-541A5AF8E26C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "TCP Query User{26F2C3F0-7C18-4FE3-815F-24D639C67BB6}C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe |
    "TCP Query User{8BA32750-927E-4D94-9413-A2CD70B19FEE}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "TCP Query User{F91FA470-E461-4BE7-A416-7FB7DCF442D9}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
    "UDP Query User{275FDBAC-EE36-433B-B8CF-F364A4D9023E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
    "UDP Query User{3E421DE2-329F-47A1-A20D-29B263CFAB0E}C:\program files (x86) (x86)\lexmark 3600-4600 series\lxdxmon.exe" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 3600-4600 series\lxdxmon.exe |
    "UDP Query User{757DF8B4-57FC-430C-827E-57064F23E2F1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "UDP Query User{DCD09421-E10F-429B-886A-F7B66DC502D9}C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe |
    "UDP Query User{F7014882-BD4A-4F83-B422-6AB535D63F76}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
  3. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{1F9241E8-87C1-FB9C-5D76-3FF7D0318A87}" = ATI Catalyst Install Manager
    "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
    "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
    "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
    "{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
    "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
    "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
    "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
    "{7E587F58-50BE-3557-89F6-14D99CB5FB2A}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
    "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
    "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
    "{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "HitmanPro36" = HitmanPro 3.6
    "HP Imaging Device Functions" = HP Imaging Device Functions 14.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
    "HPExtendedCapabilities" = HP Customer Participation Program 14.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "NVIDIA Drivers" = NVIDIA Drivers
    "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
    "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
    "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{22CB8ED7-DF57-4864-BD04-F63B9CE4B494}" = Microsoft Server Speech Platform Runtime (x86)
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 26
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3F04067F-0DA5-4F48-9A89-6FCFD2A9E040}" = TextPad 6
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin Wireless USB Adapter Setup
    "{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
    "{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5AC54C83-060F-9610-CC29-9310CBDF80CB}" = Mobilizer
    "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
    "{5B6CFCAF-7DDB-EDFE-3FF1-DB9BF2785B7A}" = Micro Manager
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6AA3853A-94D8-48E5-ACE1-8239CC50EC8B}" = Video Marketing Dominator Lite v1.0
    "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
    "{7AB01508-C2B2-43C8-8B44-514801E7CCC9}" = Jing
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95779C10-A9CE-1330-B833-E07FAFD972D1}" = Market Samurai
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B20F9D1C-A0A5-4cd8-8306-DA03872311B1}" = Belkin F7D1102 Surf Wireless Micro USB Adapter
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B672D77A-8BA3-24EF-3421-8FB8E35E2A8D}" = Catalyst Control Center InstallProxy
    "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
    "{B97A0C89-29C0-4682-902C-364109A9857C}" = Belkin F6D4050 Enhanced Wireless USB Adapter
    "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C7CDC27F-0952-4DF1-9E41-B75140933BC6}" = Microsoft Server Speech Text to Speech Voice (en-US, ZiraPro)
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF3A3816-7E48-4556-8614-654377EDE1B5}" = BlackBerry App World Browser Plugin
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
  4. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "Any Video Converter_is1" = Any Video Converter 3.4.0
    "avast" = avast! Free Antivirus
    "Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
    "BFG-Adelantado Trilogy - Book One" = Adelantado Trilogy: Book One
    "BFG-Boutique Boulevard" = Boutique Boulevard
    "BFGC" = Big Fish Games: Game Manager
    "BFG-Cases Of Stolen Beauty" = Cases Of Stolen Beauty
    "BFG-Doggie Dash" = Doggie Dash
    "BFG-Eternal Journey - New Atlantis Collector's Edition" = Eternal Journey: New Atlantis Collector's Edition
    "BFG-Fierce Tales - The Dog's Heart" = Fierce Tales: The Dog's Heart
    "BFG-Grim Facade - Sinister Obsession" = Grim Facade: Sinister Obsession
    "BFG-Jo's Dream - Organic Coffee" = Jo's Dream: Organic Coffee
    "BFG-Live Novels - Jane Austen’s Pride and Prejudice" = Live Novels: Jane Austen’s Pride and Prejudice
    "BFG-Monument Builders - Statue of Liberty" = Monument Builders: Statue of Liberty
    "BFG-Northern Tale" = Northern Tale
    "BFG-Shop-n-Spree - Shopping Paradise" = Shop-n-Spree: Shopping Paradise
    "BFG-Syberia - Part 2" = Syberia - Part 2
    "BFG-Tales of Terror - Crimson Dawn" = Tales of Terror: Crimson Dawn
    "BFG-The Timebuilders - Pyramid Rising" = The Timebuilders: Pyramid Rising
    "BFG-The TimeBuilders - Pyramid Rising 2" = The TimeBuilders: Pyramid Rising 2
    "BFG-The TimeBuilders - Pyramid Rising 2 Strategy Guide" = The TimeBuilders: Pyramid Rising 2 Strategy Guide
    "BFG-Wonder World" = Wonder World
    "Carlos' Page Optimization Tool" = Carlos' Page Optimization Tool
    "CoffeeCup Free HTML Editor" = CoffeeCup Free HTML Editor
    "com.springbox.mobilizer" = Mobilizer
    "com.toojoos.micro-manager" = Micro Manager
    "Domain Name Analyzer v6_is1" = Domain Name Analyzer v6.011412
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "FileZilla Client" = FileZilla Client 3.6.0
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
    "InstallShield_{B97A0C89-29C0-4682-902C-364109A9857C}" = Belkin F6D4050 Enhanced Wireless USB Adapter
    "IrfanView" = IrfanView (remove only)
    "KaraFun Player_is1" = KaraFun Player
    "Keyword Pad_is1" = Keyword Pad v1.0.112706
    "KLiteCodecPack_is1" = K-Lite Codec Pack 8.2.0 (Basic)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
    "Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
    "Mozilla Thunderbird 14.0 (x86 en-US)" = Mozilla Thunderbird 14.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NoteTab 7 Trial_is1" = NoteTab 7 Trial (Remove only)
    "Open Codecs" = Xiph.Org Open Codecs 0.85.17777
    "Packard Bell Registration" = Packard Bell Registration
    "Packard Bell Software Suite SE" = Packard Bell Software Suite SE
    "Packard Bell Welcome Center" = Welcome Center
    "PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
    "Rapport_msi" = Rapport
    "ST6UNST #1" = SingAlong 2008 (FREE Edition)
    "The Logo Creator v5.2" = The Logo Creator v5.2
    "Traffic Travis 4.1 Setup Wizard_is1" = Traffic Travis 4.1.0
    "TVersity Codec Pack" = TVersity Codec Pack 1.7
    "TVersity Media Server" = TVersity Media Server 2.2
    "uTorrent" = µTorrent
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3064149002-855071049-3629051399-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "8b70d735ffaad424" = GoogleSuggestor
    "b7a5e1c8bc79a5bd" = SEOCheck
    "BD4F486BB9396EFC30A39B83E40F2AE4C01690BF" = Bing Ads Intelligence
    "CoffeeCup HTML Editor" = CoffeeCup HTML Editor
    "Dropbox" = Dropbox
    "e41d61f2c67ad00f" = KeywordXtreme
    "Google Chrome" = Google Chrome
    "GoToMeeting" = GoToMeeting 5.3.0.1010

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 23/11/2012 04:31:40 | Computer Name = Kayes-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 23/11/2012 04:31:40 | Computer Name = Kayes-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 23/11/2012 04:31:40 | Computer Name = Kayes-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 23/11/2012 04:31:40 | Computer Name = Kayes-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 23/11/2012 08:20:39 | Computer Name = Kayes-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16455,
    time stamp: 0x507284ba Faulting module name: jscript.dll, version: 5.8.7601.16982,
    time stamp: 0x50728404 Exception code: 0xc0000005 Fault offset: 0x0000af44 Faulting
    process id: 0x17b4 Faulting application start time: 0x01cdc962f92d6460 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\system32\jscript.dll Report Id: 307e3a90-3568-11e2-aa79-00262d13719d

    Error - 24/11/2012 09:57:06 | Computer Name = Kayes-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files (x86)\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
    files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
    attribute "language" in element "assemblyIdentity" is invalid.

    Error - 24/11/2012 09:57:24 | Computer Name = Kayes-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 24/11/2012 09:57:24 | Computer Name = Kayes-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 24/11/2012 09:57:24 | Computer Name = Kayes-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 24/11/2012 09:57:24 | Computer Name = Kayes-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    [ Media Center Events ]
    Error - 14/05/2012 10:14:58 | Computer Name = Kayes-PC | Source = MCUpdate | ID = 0
    Description = 15:14:53 - Error connecting to the internet. 15:14:53 - Unable
    to contact server..

    Error - 14/05/2012 11:15:03 | Computer Name = Kayes-PC | Source = MCUpdate | ID = 0
    Description = 16:15:03 - Error connecting to the internet. 16:15:03 - Unable
    to contact server..

    Error - 14/05/2012 11:15:10 | Computer Name = Kayes-PC | Source = MCUpdate | ID = 0
    Description = 16:15:08 - Error connecting to the internet. 16:15:08 - Unable
    to contact server..

    Error - 15/05/2012 09:42:49 | Computer Name = Kayes-PC | Source = MCUpdate | ID = 0
    Description = 14:42:49 - Error connecting to the internet. 14:42:49 - Unable
    to contact server..

    Error - 15/05/2012 09:43:01 | Computer Name = Kayes-PC | Source = MCUpdate | ID = 0
    Description = 14:42:54 - Error connecting to the internet. 14:42:54 - Unable
    to contact server..

    Error - 14/08/2012 08:26:54 | Computer Name = Kayes-PC | Source = MCUpdate | ID = 0
    Description = 13:26:54 - Error connecting to the internet. 13:26:54 - Unable
    to contact server..

    Error - 14/08/2012 08:27:27 | Computer Name = Kayes-PC | Source = MCUpdate | ID = 0
    Description = 13:27:23 - Error connecting to the internet. 13:27:23 - Unable
    to contact server..

    Error - 14/08/2012 09:28:19 | Computer Name = Kayes-PC | Source = MCUpdate | ID = 0
    Description = 14:28:19 - Error connecting to the internet. 14:28:19 - Unable
    to contact server..

    Error - 14/08/2012 09:28:49 | Computer Name = Kayes-PC | Source = MCUpdate | ID = 0
    Description = 14:28:48 - Error connecting to the internet. 14:28:48 - Unable
    to contact server..

    Error - 14/08/2012 10:30:47 | Computer Name = Kayes-PC | Source = MCUpdate | ID = 0
    Description = 15:30:39 - Failed to retrieve Broadband (Error: The underlying connection
    was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


    [ OSession Events ]
    Error - 04/06/2011 06:59:08 | Computer Name = Kayes-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3945
    seconds with 780 seconds of active time. This session ended with a crash.

    Error - 22/06/2011 14:54:39 | Computer Name = Kayes-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 13/07/2011 03:54:52 | Computer Name = Kayes-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 24/11/2012 15:24:52 | Computer Name = Kayes-PC | Source = Service Control Manager | ID = 7031
    Description = The TVersity Media Server service terminated unexpectedly. It has
    done this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
    Restart the service.

    Error - 24/11/2012 15:24:52 | Computer Name = Kayes-PC | Source = Service Control Manager | ID = 7034
    Description = The hpqcxs08 service terminated unexpectedly. It has done this 1
    time(s).

    Error - 24/11/2012 15:24:52 | Computer Name = Kayes-PC | Source = Service Control Manager | ID = 7034
    Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 24/11/2012 15:25:42 | Computer Name = Kayes-PC | Source = Service Control Manager | ID = 7031
    Description = The TVersity Media Server service terminated unexpectedly. It has
    done this 2 time(s). The following corrective action will be taken in 3000 milliseconds:
    Restart the service.

    Error - 24/11/2012 15:34:00 | Computer Name = Kayes-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 24/11/2012 15:38:06 | Computer Name = Kayes-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 24/11/2012 15:40:52 | Computer Name = Kayes-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 24/11/2012 15:42:06 | Computer Name = Kayes-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Lbd SBRE

    Error - 24/11/2012 19:36:20 | Computer Name = Kayes-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the Spooler service.

    Error - 24/11/2012 19:37:26 | Computer Name = Kayes-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Lbd SBRE


    < End of report >
  5. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Due to the length of the fix I had to post it on my site: http://www.smartestcomputing.us.com/topic/50865-test/page__view__findpost__p__205470

    Next....

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  6. Stesnees

    Stesnees TS Rookie Topic Starter

    Results of screen317's Security Check version 0.99.56
    Windows 7 x64 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Ad-Aware
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.65.1.1000
    Java(TM) 6 Update 26
    Java version out of Date!
    Adobe Flash Player 11.4.402.287 Flash Player out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox 16.0.2 Firefox out of Date!
    Mozilla Thunderbird 14.0. Thunderbird out of Date!
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    Google Chrome 23.0.1271.64
    ````````Process Check: objlist.exe by Laurent````````
    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!
    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````


    Farbar Service Scanner Version: 09-11-2012
    Ran by Kaye (administrator) on 25-11-2012 at 21:01:58
    Running from "C:\Users\Kaye\Desktop"
    Windows 7 Home Premium (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys
    [2012-02-16 14:49] - [2011-12-28 03:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2012-05-10 20:06] - [2012-03-30 11:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll
    [2012-10-10 06:05] - [2012-06-02 05:25] - 0182272 ____A (Microsoft Corporation) BAF19B633933A9FB4883D27D66C39E9A

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****


    C:\Users\Kaye\Desktop\Stevens Stuff\LMC\Notepad_Files\a001-iminstallhelper-client.zip PHP/Kryptik.AE trojan deleted - quarantined
    C:\Users\Kaye\Desktop\Stevens Stuff\LMC\Notepad_Files\a001-iminstallhelper-enterprise.zip PHP/Kryptik.AE trojan deleted - quarantined
    C:\Users\Kaye\Downloads\a001-iminstallhelper-enterprise.zip PHP/Kryptik.AE trojan deleted - quarantined
    C:\Users\Kaye\Downloads\The Ultimate Product Review System.zip PHP/Obfuscated.F application deleted - quarantined
  7. Stesnees

    Stesnees TS Rookie Topic Starter

    Aah so I missed the first part of your last instructions and did that bit wrong. I have run the fix now and the log is below. I will run the other 3 again and post them asap.
    Thanks

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35e9438f-19d4-4516-b2ac-59ba9241de4d}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3064149002-855071049-3629051399-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ADS C:\ProgramData\TEMP:9AA05701 deleted successfully.
    ADS C:\ProgramData\TEMP:4363DE71 deleted successfully.
    ADS C:\ProgramData\TEMP:2AF478DB deleted successfully.
    ADS C:\ProgramData\TEMP:69FD6BF0 deleted successfully.
    ADS C:\ProgramData\TEMP:1A5CC80A deleted successfully.
    ADS C:\ProgramData\TEMP:D987CB43 deleted successfully.
    ADS C:\ProgramData\TEMP:DE3ABE3D deleted successfully.
    ADS C:\ProgramData\TEMP:8C12CFCD deleted successfully.
    ADS C:\ProgramData\TEMP:2CB9631F deleted successfully.
    ADS C:\ProgramData\TEMP:CB8C8B5D deleted successfully.
    ADS C:\ProgramData\TEMP:EA701346 deleted successfully.
    ADS C:\ProgramData\TEMP:97B3B270 deleted successfully.
    ADS C:\ProgramData\TEMP:5C4A588B deleted successfully.
    ADS C:\ProgramData\TEMP:2F474C84 deleted successfully.
    ADS C:\ProgramData\TEMP:5C0940F1 deleted successfully.
    ADS C:\ProgramData\TEMP:9E9A3410 deleted successfully.
    ADS C:\ProgramData\TEMP:38FF076E deleted successfully.
    ADS C:\ProgramData\TEMP:35629AE6 deleted successfully.
    ADS C:\ProgramData\TEMP:D8F9D810 deleted successfully.
    ADS C:\ProgramData\TEMP:F5E8CAE0 deleted successfully.
    ADS C:\ProgramData\TEMP:0ACF1AF5 deleted successfully.
    ADS C:\ProgramData\TEMP:B6285236 deleted successfully.
    ADS C:\ProgramData\TEMP:CF33321C deleted successfully.
    ADS C:\ProgramData\TEMP:2D2461E7 deleted successfully.
    ADS C:\ProgramData\TEMP:A468A21E deleted successfully.
    ADS C:\ProgramData\TEMP:52E1DB1D deleted successfully.
    ADS C:\ProgramData\TEMP:37994DBE deleted successfully.
    ADS C:\ProgramData\TEMP:AE9DFC85 deleted successfully.
    ADS C:\ProgramData\TEMP:6A9CA6CB deleted successfully.
    ADS C:\ProgramData\TEMP:7D288858 deleted successfully.
    ADS C:\ProgramData\TEMP:244E4E3A deleted successfully.
    ADS C:\ProgramData\TEMP:0EC9720B deleted successfully.
    ADS C:\ProgramData\TEMP:FDEE14AC deleted successfully.
    ADS C:\ProgramData\TEMP:E8AB98F0 deleted successfully.
    ADS C:\ProgramData\TEMP:A5808D58 deleted successfully.
    ADS C:\ProgramData\TEMP:8A459C3C deleted successfully.
    ADS C:\ProgramData\TEMP:4C97EF04 deleted successfully.
    ADS C:\ProgramData\TEMP:195E8317 deleted successfully.
    ADS C:\ProgramData\TEMP:0ADCCF52 deleted successfully.
    ADS C:\ProgramData\TEMP:588B60C7 deleted successfully.
    ADS C:\ProgramData\TEMP:36608448 deleted successfully.
    ADS C:\ProgramData\TEMP:1941675B deleted successfully.
    ADS C:\ProgramData\TEMP:C0A4F645 deleted successfully.
    ADS C:\ProgramData\TEMP:742F1EE5 deleted successfully.
    ADS C:\ProgramData\TEMP:391535F9 deleted successfully.
    ADS C:\ProgramData\TEMP:32EA849C deleted successfully.
    ADS C:\ProgramData\TEMP:2B99FE60 deleted successfully.
    ADS C:\ProgramData\TEMP:F7E353AA deleted successfully.
    ADS C:\ProgramData\TEMP:53F09A92 deleted successfully.
    ADS C:\ProgramData\TEMP:3A4C8FE7 deleted successfully.
    ADS C:\ProgramData\TEMP:89CF6F9C deleted successfully.
    ADS C:\ProgramData\TEMP:4B244549 deleted successfully.
    ADS C:\ProgramData\TEMP:369A9F46 deleted successfully.
    ADS C:\ProgramData\TEMP:27A88EF2 deleted successfully.
    ADS C:\ProgramData\TEMP:1D9ED8F7 deleted successfully.
    ADS C:\ProgramData\TEMP:0D46EE43 deleted successfully.
    ADS C:\ProgramData\TEMP:F53B274A deleted successfully.
    ADS C:\ProgramData\TEMP:E8B61305 deleted successfully.
    ADS C:\ProgramData\TEMP:BF6C81B2 deleted successfully.
    ADS C:\ProgramData\TEMP:AFB89C92 deleted successfully.
    ADS C:\ProgramData\TEMP:A97FF73C deleted successfully.
    ADS C:\ProgramData\TEMP:A851461E deleted successfully.
    ADS C:\ProgramData\TEMP:A724744F deleted successfully.
    ADS C:\ProgramData\TEMP:96F8F8AB deleted successfully.
    ADS C:\ProgramData\TEMP:93B68122 deleted successfully.
    ADS C:\ProgramData\TEMP:759B7D6F deleted successfully.
    ADS C:\ProgramData\TEMP:6F94300C deleted successfully.
    ADS C:\ProgramData\TEMP:6E2D80C8 deleted successfully.
    ADS C:\ProgramData\TEMP:4B70A9FA deleted successfully.
    ADS C:\ProgramData\TEMP:2C49569B deleted successfully.
    ADS C:\ProgramData\TEMP:19474103 deleted successfully.
    ADS C:\ProgramData\TEMP:FAB64002 deleted successfully.
    ADS C:\ProgramData\TEMP:F27A649C deleted successfully.
    ADS C:\ProgramData\TEMP:E5BA9ADD deleted successfully.
    ADS C:\ProgramData\TEMP:DB76C881 deleted successfully.
    ADS C:\ProgramData\TEMP:AABECEFB deleted successfully.
    ADS C:\ProgramData\TEMP:A819A132 deleted successfully.
    ADS C:\ProgramData\TEMP:99C301D0 deleted successfully.
    ADS C:\ProgramData\TEMP:908A1B53 deleted successfully.
    ADS C:\ProgramData\TEMP:88AE8AB0 deleted successfully.
    ADS C:\ProgramData\TEMP:88A44CC1 deleted successfully.
    ADS C:\ProgramData\TEMP:87FA5E8A deleted successfully.
    ADS C:\ProgramData\TEMP:51A20D23 deleted successfully.
    ADS C:\ProgramData\TEMP:4F7FE589 deleted successfully.
    ADS C:\ProgramData\TEMP:33E12B7A deleted successfully.
    ADS C:\ProgramData\TEMP:269C0B5C deleted successfully.
    ADS C:\ProgramData\TEMP:217A2324 deleted successfully.
    ADS C:\ProgramData\TEMP:2176484C deleted successfully.
    ADS C:\ProgramData\TEMP:FC70A22A deleted successfully.
    ADS C:\ProgramData\TEMP:EC4E61E4 deleted successfully.
    ADS C:\ProgramData\TEMP:DB0CD29E deleted successfully.
    ADS C:\ProgramData\TEMP:D15EF0FD deleted successfully.
    ADS C:\ProgramData\TEMP:C356A185 deleted successfully.
    ADS C:\ProgramData\TEMP:B110897C deleted successfully.
    ADS C:\ProgramData\TEMP:A163B050 deleted successfully.
    ADS C:\ProgramData\TEMP:90E3641D deleted successfully.
    ADS C:\ProgramData\TEMP:689E7F7D deleted successfully.
    ADS C:\ProgramData\TEMP:6301CE40 deleted successfully.
    ADS C:\ProgramData\TEMP:6247E766 deleted successfully.
    ADS C:\ProgramData\TEMP:413E2927 deleted successfully.
    ADS C:\ProgramData\TEMP:41099CE9 deleted successfully.
    ADS C:\ProgramData\TEMP:3AE22B1A deleted successfully.
    ADS C:\ProgramData\TEMP:3A7527E8 deleted successfully.
    ADS C:\ProgramData\TEMP:2CC32B31 deleted successfully.
    ADS C:\ProgramData\TEMP:258D2F8B deleted successfully.
    ADS C:\ProgramData\TEMP:1C5E8189 deleted successfully.
    ADS C:\ProgramData\TEMP:16ADBA30 deleted successfully.
    ADS C:\ProgramData\TEMP:FFD58FFB deleted successfully.
    ADS C:\ProgramData\TEMP:FE4E15B1 deleted successfully.
    ADS C:\ProgramData\TEMP:F43B7E8F deleted successfully.
    ADS C:\ProgramData\TEMP:F42BB562 deleted successfully.
    ADS C:\ProgramData\TEMP:F3591DDB deleted successfully.
    ADS C:\ProgramData\TEMP:E8C44CB4 deleted successfully.
    ADS C:\ProgramData\TEMP:E153075C deleted successfully.
    ADS C:\ProgramData\TEMP:E14FA16F deleted successfully.
    ADS C:\ProgramData\TEMP:CAF8DAC8 deleted successfully.
    ADS C:\ProgramData\TEMP:BF640EE5 deleted successfully.
    ADS C:\ProgramData\TEMP:AE289451 deleted successfully.
    ADS C:\ProgramData\TEMP:86A8CE8D deleted successfully.
    ADS C:\ProgramData\TEMP:80197AB9 deleted successfully.
    ADS C:\ProgramData\TEMP:64A7B9DE deleted successfully.
    ADS C:\ProgramData\TEMP:627153F1 deleted successfully.
    ADS C:\ProgramData\TEMP:6093F383 deleted successfully.
    ADS C:\ProgramData\TEMP:583FE1DA deleted successfully.
    ADS C:\ProgramData\TEMP:479B1CF9 deleted successfully.
    ADS C:\ProgramData\TEMP:3969ACF7 deleted successfully.
    ADS C:\ProgramData\TEMP:149327FE deleted successfully.
    ADS C:\ProgramData\TEMP:0EC7A545 deleted successfully.
    ADS C:\ProgramData\TEMP:0785072C deleted successfully.
    ADS C:\ProgramData\TEMP:FF717A18 deleted successfully.
    ADS C:\ProgramData\TEMP:D770A15D deleted successfully.
    ADS C:\ProgramData\TEMP:C36E5828 deleted successfully.
    ADS C:\ProgramData\TEMP:C1F1392C deleted successfully.
    ADS C:\ProgramData\TEMP:C0A2E219 deleted successfully.
    ADS C:\ProgramData\TEMP:B4F0E275 deleted successfully.
    ADS C:\ProgramData\TEMP:8E11CC80 deleted successfully.
    ADS C:\ProgramData\TEMP:51387F29 deleted successfully.
    ADS C:\ProgramData\TEMP:371060CE deleted successfully.
    ADS C:\ProgramData\TEMP:349E5B74 deleted successfully.
    ADS C:\ProgramData\TEMP:E7B4296D deleted successfully.
    ADS C:\ProgramData\TEMP:E36F5B57 deleted successfully.
    ADS C:\ProgramData\TEMP:DF5BAC78 deleted successfully.
    ADS C:\ProgramData\TEMP:BDD6A972 deleted successfully.
    ADS C:\ProgramData\TEMP:BACB6B6C deleted successfully.
    ADS C:\ProgramData\TEMP:B722BCE5 deleted successfully.
    ADS C:\ProgramData\TEMP:A39BC668 deleted successfully.
    ADS C:\ProgramData\TEMP:87DC1BE3 deleted successfully.
    ADS C:\ProgramData\TEMP:78696BCD deleted successfully.
    ADS C:\ProgramData\TEMP:5EBA4934 deleted successfully.
    ADS C:\ProgramData\TEMP:397D67BA deleted successfully.
    ADS C:\ProgramData\TEMP:2043337E deleted successfully.
    ADS C:\ProgramData\TEMP:1E87A273 deleted successfully.
    ADS C:\ProgramData\TEMP:164561C8 deleted successfully.
    ADS C:\ProgramData\TEMP:05670151 deleted successfully.
    ADS C:\ProgramData\TEMP:EAEE7554 deleted successfully.
    ADS C:\ProgramData\TEMP:E9900C74 deleted successfully.
    ADS C:\ProgramData\TEMP:E6A96BE9 deleted successfully.
    ADS C:\ProgramData\TEMP:E265ED33 deleted successfully.
    ADS C:\ProgramData\TEMP:DCA79AB3 deleted successfully.
    ADS C:\ProgramData\TEMP:CF391C0F deleted successfully.
    ADS C:\ProgramData\TEMP:C6D0ABC3 deleted successfully.
    ADS C:\ProgramData\TEMP:C6104C4F deleted successfully.
    ADS C:\ProgramData\TEMP:C48A983C deleted successfully.
    ADS C:\ProgramData\TEMP:BC1F7CAE deleted successfully.
    ADS C:\ProgramData\TEMP:9D06FB9C deleted successfully.
    ADS C:\ProgramData\TEMP:9720EBEF deleted successfully.
    ADS C:\ProgramData\TEMP:696F7DA7 deleted successfully.
    ADS C:\ProgramData\TEMP:4C8FA829 deleted successfully.
    ADS C:\ProgramData\TEMP:4149A170 deleted successfully.
    ADS C:\ProgramData\TEMP:30C46519 deleted successfully.
    ADS C:\ProgramData\TEMP:2CDB9CA3 deleted successfully.
    ADS C:\ProgramData\TEMP:217A2A36 deleted successfully.
    ADS C:\ProgramData\TEMP:1E17A249 deleted successfully.
    ADS C:\ProgramData\TEMP:00325F08 deleted successfully.
    ADS C:\ProgramData\TEMP:FFC3922F deleted successfully.
    ADS C:\ProgramData\TEMP:FB71A279 deleted successfully.
    ADS C:\ProgramData\TEMP:E402E439 deleted successfully.
    ADS C:\ProgramData\TEMP:C82210DD deleted successfully.
    ADS C:\ProgramData\TEMP:BFE54417 deleted successfully.
    ADS C:\ProgramData\TEMP:BCDBBA6D deleted successfully.
    ADS C:\ProgramData\TEMP:A5584049 deleted successfully.
    ADS C:\ProgramData\TEMP:90595C34 deleted successfully.
    ADS C:\ProgramData\TEMP:62AC0CCE deleted successfully.
    ADS C:\ProgramData\TEMP:61B54B15 deleted successfully.
    ADS C:\ProgramData\TEMP:4D066AD2 deleted successfully.
    ADS C:\ProgramData\TEMP:32FFF2D1 deleted successfully.
    ADS C:\ProgramData\TEMP:2EB79F01 deleted successfully.
    ADS C:\ProgramData\TEMP:2DF93164 deleted successfully.
    ADS C:\ProgramData\TEMP:29C0641D deleted successfully.
    ADS C:\ProgramData\TEMP:140AD176 deleted successfully.
    ADS C:\ProgramData\TEMP:0E8117B1 deleted successfully.
    ADS C:\ProgramData\TEMP:0E61938B deleted successfully.
    ADS C:\ProgramData\TEMP:0968E571 deleted successfully.
    ADS C:\ProgramData\TEMP:F98E6C67 deleted successfully.
    ADS C:\ProgramData\TEMP:F5B51004 deleted successfully.
    ADS C:\ProgramData\TEMP:EB333CFC deleted successfully.
    ADS C:\ProgramData\TEMP:E71141D2 deleted successfully.
    ADS C:\ProgramData\TEMP:D6D084A5 deleted successfully.
    ADS C:\ProgramData\TEMP:CDFF58FE deleted successfully.
    ADS C:\ProgramData\TEMP:BB718C46 deleted successfully.
    ADS C:\ProgramData\TEMP:AAA06E15 deleted successfully.
    ADS C:\ProgramData\TEMP:96646EC1 deleted successfully.
    ADS C:\ProgramData\TEMP:9491C9C7 deleted successfully.
    ADS C:\ProgramData\TEMP:8B4B9596 deleted successfully.
    ADS C:\ProgramData\TEMP:6D5BB1D9 deleted successfully.
    ADS C:\ProgramData\TEMP:6294B369 deleted successfully.
    ADS C:\ProgramData\TEMP:3D11302A deleted successfully.
    ADS C:\ProgramData\TEMP:3612C9BE deleted successfully.
    ADS C:\ProgramData\TEMP:346F5215 deleted successfully.
    ADS C:\ProgramData\TEMP:1E288DA3 deleted successfully.
    ADS C:\ProgramData\TEMP:0BCD6B91 deleted successfully.
    ADS C:\ProgramData\TEMP:021496FB deleted successfully.
    ADS C:\ProgramData\TEMP:F67AAFC5 deleted successfully.
    ADS C:\ProgramData\TEMP:E99D1D3C deleted successfully.
    ADS C:\ProgramData\TEMP:E1982A23 deleted successfully.
    ADS C:\ProgramData\TEMP:C3112F12 deleted successfully.
    ADS C:\ProgramData\TEMP:ADFAD95A deleted successfully.
    ADS C:\ProgramData\TEMP:90FA53E2 deleted successfully.
    ADS C:\ProgramData\TEMP:8E9C9E8F deleted successfully.
    ADS C:\ProgramData\TEMP:895A78C5 deleted successfully.
    ADS C:\ProgramData\TEMP:7E4E56EA deleted successfully.
    ADS C:\ProgramData\TEMP:78CF4693 deleted successfully.
    ADS C:\ProgramData\TEMP:55C54F7C deleted successfully.
    ADS C:\ProgramData\TEMP:45E74272 deleted successfully.
    ADS C:\ProgramData\TEMP:3F9F662A deleted successfully.
    ADS C:\ProgramData\TEMP:19F4ED4E deleted successfully.
    ADS C:\ProgramData\TEMP:193CB03B deleted successfully.
    ADS C:\ProgramData\TEMP:0B9176C0 deleted successfully.
    ADS C:\ProgramData\TEMP:06F77AFE deleted successfully.
    ADS C:\ProgramData\TEMP:021703B2 deleted successfully.
    ADS C:\ProgramData\TEMP:F68CB1A4 deleted successfully.
    ADS C:\ProgramData\TEMP:F5FC5DCE deleted successfully.
    ADS C:\ProgramData\TEMP:EBCF5924 deleted successfully.
    ADS C:\ProgramData\TEMP:E5F8E280 deleted successfully.
    ADS C:\ProgramData\TEMP:E4504623 deleted successfully.
    ADS C:\ProgramData\TEMP:D4558A0B deleted successfully.
    ADS C:\ProgramData\TEMP:CF1334B0 deleted successfully.
    ADS C:\ProgramData\TEMP:BCDC6E07 deleted successfully.
    ADS C:\ProgramData\TEMP:BA24E689 deleted successfully.
    ADS C:\ProgramData\TEMP:AD171C9E deleted successfully.
    ADS C:\ProgramData\TEMP:AD020DC3 deleted successfully.
    ADS C:\ProgramData\TEMP:A4E7D25F deleted successfully.
    ADS C:\ProgramData\TEMP:A26AFC00 deleted successfully.
    ADS C:\ProgramData\TEMP:9ECAC3E8 deleted successfully.
    ADS C:\ProgramData\TEMP:9A7BF72D deleted successfully.
    ADS C:\ProgramData\TEMP:7AC6D7F1 deleted successfully.
    ADS C:\ProgramData\TEMP:5425B7F5 deleted successfully.
    ADS C:\ProgramData\TEMP:2CED8825 deleted successfully.
    ADS C:\ProgramData\TEMP:00D99749 deleted successfully.
    ADS C:\ProgramData\TEMP:E9039033 deleted successfully.
    ADS C:\ProgramData\TEMP:E8AEB2BF deleted successfully.
    ADS C:\ProgramData\TEMP:DB4C77AD deleted successfully.
    ADS C:\ProgramData\TEMP:C48905F4 deleted successfully.
    ADS C:\ProgramData\TEMP:BF6A2C54 deleted successfully.
    ADS C:\ProgramData\TEMP:A01F3A87 deleted successfully.
    ADS C:\ProgramData\TEMP:908A8F22 deleted successfully.
    ADS C:\ProgramData\TEMP:5FC043A8 deleted successfully.
    ADS C:\ProgramData\TEMP:553056F1 deleted successfully.
    ADS C:\ProgramData\TEMP:53DF4438 deleted successfully.
    ADS C:\ProgramData\TEMP:512E1728 deleted successfully.
    ADS C:\ProgramData\TEMP:11388A73 deleted successfully.
    ADS C:\ProgramData\TEMP:08801FDB deleted successfully.
    ADS C:\ProgramData\TEMP:05F547A9 deleted successfully.
    ADS C:\ProgramData\TEMP:FEE00EB9 deleted successfully.
    ADS C:\ProgramData\TEMP:DC7EDF41 deleted successfully.
    ADS C:\ProgramData\TEMP:C72A744C deleted successfully.
    ADS C:\ProgramData\TEMP:99B20AD0 deleted successfully.
    ADS C:\ProgramData\TEMP:882DBBF0 deleted successfully.
    ADS C:\ProgramData\TEMP:87452B14 deleted successfully.
    ADS C:\ProgramData\TEMP:63B94956 deleted successfully.
    ADS C:\ProgramData\TEMP:5E73E1C2 deleted successfully.
    ADS C:\ProgramData\TEMP:56C66609 deleted successfully.
    ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.
    ADS C:\ProgramData\TEMP:3ABC38E6 deleted successfully.
    ADS C:\ProgramData\TEMP:3571475C deleted successfully.
    ADS C:\ProgramData\TEMP:31A07C00 deleted successfully.
    ADS C:\ProgramData\TEMP:273A8657 deleted successfully.
    ADS C:\ProgramData\TEMP:1379054C deleted successfully.
    ADS C:\ProgramData\TEMP:FD786DCA deleted successfully.
    ADS C:\ProgramData\TEMP:EE2DD6CC deleted successfully.
    ADS C:\ProgramData\TEMP:D01ACC06 deleted successfully.
    ADS C:\ProgramData\TEMP:CFA8C6E3 deleted successfully.
    ADS C:\ProgramData\TEMP:9C53FE0B deleted successfully.
    ADS C:\ProgramData\TEMP:9950163C deleted successfully.
    ADS C:\ProgramData\TEMP:96372A73 deleted successfully.
    ADS C:\ProgramData\TEMP:6CFD36EA deleted successfully.
    ADS C:\ProgramData\TEMP:5FD26EF3 deleted successfully.
    ADS C:\ProgramData\TEMP:54380FEC deleted successfully.
    ADS C:\ProgramData\TEMP:3FC4A10A deleted successfully.
    ADS C:\ProgramData\TEMP:393F7B1E deleted successfully.
    ADS C:\ProgramData\TEMP:30376ACC deleted successfully.
    ADS C:\ProgramData\TEMP:2C399CCA deleted successfully.
    ADS C:\ProgramData\TEMP:2AE74FF9 deleted successfully.
    ADS C:\ProgramData\TEMP:1B3549F2 deleted successfully.
    ADS C:\ProgramData\TEMP:0B61DB9F deleted successfully.
    ADS C:\ProgramData\TEMP:FCBEDCFD deleted successfully.
    ADS C:\ProgramData\TEMP:E54FA796 deleted successfully.
    ADS C:\ProgramData\TEMP:E411AA0D deleted successfully.
    ADS C:\ProgramData\TEMP:DDF112BD deleted successfully.
    ADS C:\ProgramData\TEMP:D26DD363 deleted successfully.
    ADS C:\ProgramData\TEMP:CE8A42A3 deleted successfully.
    ADS C:\ProgramData\TEMP:BE0654D6 deleted successfully.
    ADS C:\ProgramData\TEMP:BD8010FE deleted successfully.
    ADS C:\ProgramData\TEMP:BB709C37 deleted successfully.
    ADS C:\ProgramData\TEMP:AF9538BC deleted successfully.
    ADS C:\ProgramData\TEMP:AA0017FD deleted successfully.
    ADS C:\ProgramData\TEMP:A6B07419 deleted successfully.
    ADS C:\ProgramData\TEMP:9DB67071 deleted successfully.
    ADS C:\ProgramData\TEMP:795F6DEC deleted successfully.
    ADS C:\ProgramData\TEMP:737160C1 deleted successfully.
    ADS C:\ProgramData\TEMP:6017A808 deleted successfully.
    ADS C:\ProgramData\TEMP:5D7E5A8F deleted successfully.
    ADS C:\ProgramData\TEMP:4C21784C deleted successfully.
    ADS C:\ProgramData\TEMP:4B1CFD78 deleted successfully.
    ADS C:\ProgramData\TEMP:3C4BD225 deleted successfully.
    ADS C:\ProgramData\TEMP:3790BACD deleted successfully.
    ADS C:\ProgramData\TEMP:3064D21D deleted successfully.
    ADS C:\ProgramData\TEMP:207C4C79 deleted successfully.
    ADS C:\ProgramData\TEMP:12258D63 deleted successfully.
    ADS C:\ProgramData\TEMP:0915A718 deleted successfully.
    ADS C:\ProgramData\TEMP:D3A82449 deleted successfully.
    ADS C:\ProgramData\TEMP:CAE3AE67 deleted successfully.
    ADS C:\ProgramData\TEMP:C2F24DB5 deleted successfully.
    ADS C:\ProgramData\TEMP:BD34FFC5 deleted successfully.
    ADS C:\ProgramData\TEMP:B51B45A3 deleted successfully.
    ADS C:\ProgramData\TEMP:A0921B2C deleted successfully.
    ADS C:\ProgramData\TEMP:A02025CE deleted successfully.
    ADS C:\ProgramData\TEMP:8C81B36D deleted successfully.
    ADS C:\ProgramData\TEMP:89C2A42C deleted successfully.
    ADS C:\ProgramData\TEMP:65684E14 deleted successfully.
    ADS C:\ProgramData\TEMP:4DDE401B deleted successfully.
    ADS C:\ProgramData\TEMP:3B07E6F4 deleted successfully.
    ADS C:\ProgramData\TEMP:34445512 deleted successfully.
    ADS C:\ProgramData\TEMP:274516E7 deleted successfully.
    ADS C:\ProgramData\TEMP:17FF6514 deleted successfully.
    ADS C:\ProgramData\TEMP:10CFA7D4 deleted successfully.
    ADS C:\ProgramData\TEMP:F760FD47 deleted successfully.
    ADS C:\ProgramData\TEMP:EC0279DC deleted successfully.
    ADS C:\ProgramData\TEMP:E9FAC3AB deleted successfully.
    ADS C:\ProgramData\TEMP:E5B07840 deleted successfully.
    ADS C:\ProgramData\TEMP:E0848D16 deleted successfully.
    ADS C:\ProgramData\TEMP:CFFC9DD0 deleted successfully.
    ADS C:\ProgramData\TEMP:A6F30843 deleted successfully.
    ADS C:\ProgramData\TEMP:A243178D deleted successfully.
    ADS C:\ProgramData\TEMP:7ADB695A deleted successfully.
    ADS C:\ProgramData\TEMP:689AB7E9 deleted successfully.
    ADS C:\ProgramData\TEMP:5CE91C67 deleted successfully.
    ADS C:\ProgramData\TEMP:4EE95FE7 deleted successfully.
    ADS C:\ProgramData\TEMP:4A966CC2 deleted successfully.
    ADS C:\ProgramData\TEMP:42A3BDD7 deleted successfully.
    ADS C:\ProgramData\TEMP:4244811A deleted successfully.
    ADS C:\ProgramData\TEMP:41884BBE deleted successfully.
    ADS C:\ProgramData\TEMP:33B04540 deleted successfully.
    ADS C:\ProgramData\TEMP:2E3F04BC deleted successfully.
    ADS C:\ProgramData\TEMP:16F2A6FF deleted successfully.
    ADS C:\ProgramData\TEMP:0F64164E deleted successfully.
    ADS C:\ProgramData\TEMP:092BD83A deleted successfully.
    ADS C:\ProgramData\TEMP:014BC3B4 deleted successfully.
    ADS C:\ProgramData\TEMP:EF5B3572 deleted successfully.
    ADS C:\ProgramData\TEMP:EF38B79C deleted successfully.
    ADS C:\ProgramData\TEMP:EA1919C7 deleted successfully.
    ADS C:\ProgramData\TEMP:E6537A16 deleted successfully.
    ADS C:\ProgramData\TEMP:E5816AB5 deleted successfully.
    ADS C:\ProgramData\TEMP:E2B84483 deleted successfully.
    ADS C:\ProgramData\TEMP:BE6B5FC3 deleted successfully.
    ADS C:\ProgramData\TEMP:B0456F0C deleted successfully.
    ADS C:\ProgramData\TEMP:A6E01F67 deleted successfully.
    ADS C:\ProgramData\TEMP:A60D0FA6 deleted successfully.
    ADS C:\ProgramData\TEMP:A5241382 deleted successfully.
    ADS C:\ProgramData\TEMP:A1023D41 deleted successfully.
    ADS C:\ProgramData\TEMP:93B0BB6F deleted successfully.
    ADS C:\ProgramData\TEMP:8FBE0E9C deleted successfully.
    ADS C:\ProgramData\TEMP:663B62CA deleted successfully.
    ADS C:\ProgramData\TEMP:5D73CA7C deleted successfully.
    ADS C:\ProgramData\TEMP:54403233 deleted successfully.
    ADS C:\ProgramData\TEMP:5080697C deleted successfully.
    ADS C:\ProgramData\TEMP:3AC0ED43 deleted successfully.
    ADS C:\ProgramData\TEMP:2E636DD9 deleted successfully.
    ADS C:\ProgramData\TEMP:122B409D deleted successfully.
    ADS C:\ProgramData\TEMP:063969F8 deleted successfully.
    ADS C:\ProgramData\TEMP:F663BB74 deleted successfully.
    ADS C:\ProgramData\TEMP:F13867C6 deleted successfully.
    ADS C:\ProgramData\TEMP:E9645B80 deleted successfully.
    ADS C:\ProgramData\TEMP:E83EE313 deleted successfully.
    ADS C:\ProgramData\TEMP:E6C6EB3B deleted successfully.
    ADS C:\ProgramData\TEMP:C9BC8592 deleted successfully.
    ADS C:\ProgramData\TEMP:C9B27A06 deleted successfully.
    ADS C:\ProgramData\TEMP:B1FBA7E1 deleted successfully.
    ADS C:\ProgramData\TEMP:B1E64E47 deleted successfully.
    ADS C:\ProgramData\TEMP:AB689DEA deleted successfully.
    ADS C:\ProgramData\TEMP:A18121AD deleted successfully.
    ADS C:\ProgramData\TEMP:9CF728A6 deleted successfully.
    ADS C:\ProgramData\TEMP:983B4DC0 deleted successfully.
    ADS C:\ProgramData\TEMP:952245B1 deleted successfully.
    ADS C:\ProgramData\TEMP:93226FE3 deleted successfully.
    ADS C:\ProgramData\TEMP:88FD3ED6 deleted successfully.
    ADS C:\ProgramData\TEMP:7EE43C06 deleted successfully.
    ADS C:\ProgramData\TEMP:75798D9A deleted successfully.
    ADS C:\ProgramData\TEMP:6CEC50B4 deleted successfully.
    ADS C:\ProgramData\TEMP:66871744 deleted successfully.
    ADS C:\ProgramData\TEMP:5F538558 deleted successfully.
    ADS C:\ProgramData\TEMP:5B85C37B deleted successfully.
    ADS C:\ProgramData\TEMP:59465B40 deleted successfully.
    ADS C:\ProgramData\TEMP:58CC14E0 deleted successfully.
    ADS C:\ProgramData\TEMP:4A448DB2 deleted successfully.
    ADS C:\ProgramData\TEMP:44E16D4A deleted successfully.
    ADS C:\ProgramData\TEMP:3FD69132 deleted successfully.
    ADS C:\ProgramData\TEMP:398EFF0F deleted successfully.
    ADS C:\ProgramData\TEMP:31F2397C deleted successfully.
    ADS C:\ProgramData\TEMP:31C9BA96 deleted successfully.
    ADS C:\ProgramData\TEMP:21D69AEA deleted successfully.
    ADS C:\ProgramData\TEMP:1585E7B2 deleted successfully.
    ADS C:\ProgramData\TEMP:0FE0A03C deleted successfully.
    ADS C:\ProgramData\TEMP:0F3F6B1E deleted successfully.
    ADS C:\ProgramData\TEMP:0652249D deleted successfully.
    ADS C:\ProgramData\TEMP:FA8B212D deleted successfully.
    ADS C:\ProgramData\TEMP:F9E46E4C deleted successfully.
    ADS C:\ProgramData\TEMP:F81E7082 deleted successfully.
    ADS C:\ProgramData\TEMP:E0AE69BE deleted successfully.
    ADS C:\ProgramData\TEMP:D74C2847 deleted successfully.
    ADS C:\ProgramData\TEMP:D354012D deleted successfully.
    ADS C:\ProgramData\TEMP:CEE4A457 deleted successfully.
    ADS C:\ProgramData\TEMP:C86B29EB deleted successfully.
    ADS C:\ProgramData\TEMP:A93CBF2B deleted successfully.
    ADS C:\ProgramData\TEMP:A69FAA24 deleted successfully.
    ADS C:\ProgramData\TEMP:A2B3764A deleted successfully.
    ADS C:\ProgramData\TEMP:9FD757A9 deleted successfully.
    ADS C:\ProgramData\TEMP:97995ED4 deleted successfully.
    ADS C:\ProgramData\TEMP:91486201 deleted successfully.
    ADS C:\ProgramData\TEMP:8BCF4DE2 deleted successfully.
    ADS C:\ProgramData\TEMP:77F45AF2 deleted successfully.
    ADS C:\ProgramData\TEMP:71B89F61 deleted successfully.
    ADS C:\ProgramData\TEMP:57EE48CA deleted successfully.
    ADS C:\ProgramData\TEMP:569CEE83 deleted successfully.
    ADS C:\ProgramData\TEMP:53B8C5D2 deleted successfully.
    ADS C:\ProgramData\TEMP:302ECBD6 deleted successfully.
    ADS C:\ProgramData\TEMP:2F5A06FD deleted successfully.
    ADS C:\ProgramData\TEMP:2BC498A4 deleted successfully.
    ADS C:\ProgramData\TEMP:28DFF83F deleted successfully.
    ADS C:\ProgramData\TEMP:2211E7A0 deleted successfully.
    ADS C:\ProgramData\TEMP:1E942FB9 deleted successfully.
    ADS C:\ProgramData\TEMP:124B94C0 deleted successfully.
    ADS C:\ProgramData\TEMP:10D45FC3 deleted successfully.
    ADS C:\ProgramData\TEMP:076D8ED2 deleted successfully.
    ADS C:\ProgramData\TEMP:E6433F27 deleted successfully.
    ADS C:\ProgramData\TEMP:E4FCDFD9 deleted successfully.
    ADS C:\ProgramData\TEMP:D7D0B4AF deleted successfully.
    ADS C:\ProgramData\TEMP:D576A536 deleted successfully.
    ADS C:\ProgramData\TEMP:C458CC0A deleted successfully.
    ADS C:\ProgramData\TEMP:C0D722EB deleted successfully.
    ADS C:\ProgramData\TEMP:C0A504B9 deleted successfully.
    ADS C:\ProgramData\TEMP:B8384DB6 deleted successfully.
    ADS C:\ProgramData\TEMP:92DB4653 deleted successfully.
    ADS C:\ProgramData\TEMP:81653DC8 deleted successfully.
    ADS C:\ProgramData\TEMP:697DDE2B deleted successfully.
    ADS C:\ProgramData\TEMP:5F85EE30 deleted successfully.
    ADS C:\ProgramData\TEMP:5ECEFF17 deleted successfully.
    ADS C:\ProgramData\TEMP:5E9B629B deleted successfully.
    ADS C:\ProgramData\TEMP:5453E5AF deleted successfully.
    ADS C:\ProgramData\TEMP:43CBFAB2 deleted successfully.
    ADS C:\ProgramData\TEMP:38E2864F deleted successfully.
    ADS C:\ProgramData\TEMP:2FF4577A deleted successfully.
    ADS C:\ProgramData\TEMP:06C34166 deleted successfully.
    ADS C:\ProgramData\TEMP:EEB25EAE deleted successfully.
    ADS C:\ProgramData\TEMP:E5DE9C8F deleted successfully.
    ADS C:\ProgramData\TEMP:D994162E deleted successfully.
    ADS C:\ProgramData\TEMP:D9771F40 deleted successfully.
    ADS C:\ProgramData\TEMP:D9656460 deleted successfully.
    ADS C:\ProgramData\TEMP:D2886ADC deleted successfully.
    ADS C:\ProgramData\TEMP:D2397415 deleted successfully.
    ADS C:\ProgramData\TEMP:D1713795 deleted successfully.
    ADS C:\ProgramData\TEMP:BA5EEDA7 deleted successfully.
    ADS C:\ProgramData\TEMP:B3942462 deleted successfully.
    ADS C:\ProgramData\TEMP:B38BEEEE deleted successfully.
    ADS C:\ProgramData\TEMP:B190BE3A deleted successfully.
    ADS C:\ProgramData\TEMP:AB82C54F deleted successfully.
    ADS C:\ProgramData\TEMP:AABCC5A7 deleted successfully.
    ADS C:\ProgramData\TEMP:AA7BE830 deleted successfully.
    ADS C:\ProgramData\TEMP:99AC3203 deleted successfully.
    ADS C:\ProgramData\TEMP:8E3E8227 deleted successfully.
    ADS C:\ProgramData\TEMP:7ECD15FC deleted successfully.
    ADS C:\ProgramData\TEMP:6DDFD746 deleted successfully.
    ADS C:\ProgramData\TEMP:55F44B88 deleted successfully.
    ADS C:\ProgramData\TEMP:4C9782FB deleted successfully.
    ADS C:\ProgramData\TEMP:32A82570 deleted successfully.
    ADS C:\ProgramData\TEMP:28819F45 deleted successfully.
    ADS C:\ProgramData\TEMP:2636DE16 deleted successfully.
    ADS C:\ProgramData\TEMP:226A6E31 deleted successfully.
    ADS C:\ProgramData\TEMP:206470A5 deleted successfully.
    ADS C:\ProgramData\TEMP:19C3BC3A deleted successfully.
    ADS C:\ProgramData\TEMP:120B3AFD deleted successfully.
    ADS C:\ProgramData\TEMP:0E5CFA74 deleted successfully.
    ADS C:\ProgramData\TEMP:02B823FE deleted successfully.
    ADS C:\ProgramData\TEMP:FD6D11C9 deleted successfully.
    ADS C:\ProgramData\TEMP:DE33A453 deleted successfully.
    ADS C:\ProgramData\TEMP:D822654B deleted successfully.
    ADS C:\ProgramData\TEMP:D72D7897 deleted successfully.
    ADS C:\ProgramData\TEMP:D3A89E47 deleted successfully.
    ADS C:\ProgramData\TEMP:D2A5A561 deleted successfully.
    ADS C:\ProgramData\TEMP:CF5C4195 deleted successfully.
    ADS C:\ProgramData\TEMP:C43C957E deleted successfully.
    ADS C:\ProgramData\TEMP:B9775780 deleted successfully.
    ADS C:\ProgramData\TEMP:AE9351E0 deleted successfully.
    ADS C:\ProgramData\TEMP:A696643D deleted successfully.
    ADS C:\ProgramData\TEMP:9C7A32BB deleted successfully.
    ADS C:\ProgramData\TEMP:9B2BD056 deleted successfully.
    ADS C:\ProgramData\TEMP:9AE67195 deleted successfully.
    ADS C:\ProgramData\TEMP:98982C88 deleted successfully.
    ADS C:\ProgramData\TEMP:94A31742 deleted successfully.
    ADS C:\ProgramData\TEMP:726FDB23 deleted successfully.
    ADS C:\ProgramData\TEMP:71612023 deleted successfully.
    ADS C:\ProgramData\TEMP:6BFA43EB deleted successfully.
    ADS C:\ProgramData\TEMP:5D10C56A deleted successfully.
    ADS C:\ProgramData\TEMP:57619D72 deleted successfully.
    ADS C:\ProgramData\TEMP:4F636E25 deleted successfully.
    ADS C:\ProgramData\TEMP:444C53BA deleted successfully.
    ADS C:\ProgramData\TEMP:35501BA4 deleted successfully.
    ADS C:\ProgramData\TEMP:084612C9 deleted successfully.
    ADS C:\ProgramData\TEMP:EE7AAC75 deleted successfully.
    ADS C:\ProgramData\TEMP:E6B95E40 deleted successfully.
    ADS C:\ProgramData\TEMP:D5BF78B4 deleted successfully.
    ADS C:\ProgramData\TEMP:A798AA1A deleted successfully.
    ADS C:\ProgramData\TEMP:93DE1838 deleted successfully.
    ADS C:\ProgramData\TEMP:8140CB50 deleted successfully.
    ADS C:\ProgramData\TEMP:80E965A3 deleted successfully.
    ADS C:\ProgramData\TEMP:7DC5D762 deleted successfully.
    ADS C:\ProgramData\TEMP:69FE2EE4 deleted successfully.
    ADS C:\ProgramData\TEMP:471AD3D0 deleted successfully.
    ADS C:\ProgramData\TEMP:36A39835 deleted successfully.
    ADS C:\ProgramData\TEMP:3086B95F deleted successfully.
    ADS C:\ProgramData\TEMP:2EC5D66C deleted successfully.
    ADS C:\ProgramData\TEMP:2DC35960 deleted successfully.
    ADS C:\ProgramData\TEMP:23834E1E deleted successfully.
    ADS C:\ProgramData\TEMP:225CD7D5 deleted successfully.
    ADS C:\ProgramData\TEMP:1CD511E5 deleted successfully.
    ADS C:\ProgramData\TEMP:18AE7C5A deleted successfully.
    ADS C:\ProgramData\TEMP:F2327E82 deleted successfully.
    ADS C:\ProgramData\TEMP:F1DEA771 deleted successfully.
    ADS C:\ProgramData\TEMP:ED45A20F deleted successfully.
    ADS C:\ProgramData\TEMP:EA7D76BE deleted successfully.
    ADS C:\ProgramData\TEMP:E6EC5C2A deleted successfully.
    ADS C:\ProgramData\TEMP:E6CDFB4A deleted successfully.
    ADS C:\ProgramData\TEMP:DEDAEF90 deleted successfully.
    ADS C:\ProgramData\TEMP:DA18D4E3 deleted successfully.
    ADS C:\ProgramData\TEMP:BA05E0C4 deleted successfully.
    ADS C:\ProgramData\TEMP:A8606E6E deleted successfully.
    ADS C:\ProgramData\TEMP:A6D6E537 deleted successfully.
    ADS C:\ProgramData\TEMP:8DD20B4A deleted successfully.
    ADS C:\ProgramData\TEMP:864881BF deleted successfully.
    ADS C:\ProgramData\TEMP:7D04F8E2 deleted successfully.
    ADS C:\ProgramData\TEMP:769BB147 deleted successfully.
    ADS C:\ProgramData\TEMP:74699137 deleted successfully.
    ADS C:\ProgramData\TEMP:609CAC7C deleted successfully.
    ADS C:\ProgramData\TEMP:54F0BBF5 deleted successfully.
    ADS C:\ProgramData\TEMP:516FF8A1 deleted successfully.
    ADS C:\ProgramData\TEMP:48C30809 deleted successfully.
    ADS C:\ProgramData\TEMP:386B39C3 deleted successfully.
    ADS C:\ProgramData\TEMP:27790C06 deleted successfully.
    ADS C:\ProgramData\TEMP:1CDEDE11 deleted successfully.
    ADS C:\ProgramData\TEMP:1181620C deleted successfully.
    ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
    ADS C:\ProgramData\TEMP:08D8BB20 deleted successfully.
    ADS C:\ProgramData\TEMP:073139EC deleted successfully.
    ADS C:\ProgramData\TEMP:04BB186B deleted successfully.
    ADS C:\ProgramData\TEMP:EC20549D deleted successfully.
    ADS C:\ProgramData\TEMP:EB603FE4 deleted successfully.
    ADS C:\ProgramData\TEMP:D8DB81DC deleted successfully.
    ADS C:\ProgramData\TEMP:CDCDE97C deleted successfully.
    ADS C:\ProgramData\TEMP:C3A047E3 deleted successfully.
    ADS C:\ProgramData\TEMP:C35B4B19 deleted successfully.
    ADS C:\ProgramData\TEMP:B3B7A337 deleted successfully.
    ADS C:\ProgramData\TEMP:B3A5945E deleted successfully.
    ADS C:\ProgramData\TEMP:943E8182 deleted successfully.
    ADS C:\ProgramData\TEMP:8AC20936 deleted successfully.
    ADS C:\ProgramData\TEMP:7425C891 deleted successfully.
    ADS C:\ProgramData\TEMP:73461BFA deleted successfully.
    ADS C:\ProgramData\TEMP:6AF6BB0E deleted successfully.
    ADS C:\ProgramData\TEMP:68B61847 deleted successfully.
    ADS C:\ProgramData\TEMP:5BC73C48 deleted successfully.
    ADS C:\ProgramData\TEMP:4FA837B4 deleted successfully.
    ADS C:\ProgramData\TEMP:4B1195DD deleted successfully.
    ADS C:\ProgramData\TEMP:3780BCC3 deleted successfully.
    ADS C:\ProgramData\TEMP:26A148EB deleted successfully.
    ADS C:\ProgramData\TEMP:268BA8AB deleted successfully.
    ADS C:\ProgramData\TEMP:1B389835 deleted successfully.
    ADS C:\ProgramData\TEMP:0DFE2AE1 deleted successfully.
    ADS C:\ProgramData\TEMP:F86CC73E deleted successfully.
    ADS C:\ProgramData\TEMP:EF794BCD deleted successfully.
    ADS C:\ProgramData\TEMP:E945C214 deleted successfully.
    ADS C:\ProgramData\TEMP:DA378DD8 deleted successfully.
    ADS C:\ProgramData\TEMP:BDF08FAF deleted successfully.
    ADS C:\ProgramData\TEMP:AC73CDCE deleted successfully.
    ADS C:\ProgramData\TEMP:ABE89FFE deleted successfully.
    ADS C:\ProgramData\TEMP:A5264343 deleted successfully.
    ADS C:\ProgramData\TEMP:9968F0E2 deleted successfully.
    ADS C:\ProgramData\TEMP:7B52659E deleted successfully.
    ADS C:\ProgramData\TEMP:7AF9CAEB deleted successfully.
    ADS C:\ProgramData\TEMP:7A032A04 deleted successfully.
    ADS C:\ProgramData\TEMP:73B78E79 deleted successfully.
    ADS C:\ProgramData\TEMP:597254A1 deleted successfully.
    ADS C:\ProgramData\TEMP:4BBB987B deleted successfully.
    ADS C:\ProgramData\TEMP:2E9900EE deleted successfully.
    ADS C:\ProgramData\TEMP:2AF322BF deleted successfully.
    ADS C:\ProgramData\TEMP:25BB767E deleted successfully.
    ADS C:\ProgramData\TEMP:14FA5E46 deleted successfully.
    ADS C:\ProgramData\TEMP:14A1BBE3 deleted successfully.
    ADS C:\ProgramData\TEMP:132714FA deleted successfully.
    ADS C:\ProgramData\TEMP:FB65A4AA deleted successfully.
    ADS C:\ProgramData\TEMP:D8D58038 deleted successfully.
    ADS C:\ProgramData\TEMP:BDC0F56E deleted successfully.
    ADS C:\ProgramData\TEMP:B6E6C4EA deleted successfully.
    ADS C:\ProgramData\TEMP:94B46CA2 deleted successfully.
    ADS C:\ProgramData\TEMP:927EC486 deleted successfully.
    ADS C:\ProgramData\TEMP:8DD36B71 deleted successfully.
    ADS C:\ProgramData\TEMP:831C6B2D deleted successfully.
    ADS C:\ProgramData\TEMP:82529191 deleted successfully.
    ADS C:\ProgramData\TEMP:3B812EE0 deleted successfully.
    ADS C:\ProgramData\TEMP:38D2EA83 deleted successfully.
    ADS C:\ProgramData\TEMP:34B9286E deleted successfully.
    ADS C:\ProgramData\TEMP:342886D8 deleted successfully.
    ADS C:\ProgramData\TEMP:2BFCDF84 deleted successfully.
    ADS C:\ProgramData\TEMP:1C201DEB deleted successfully.
    ADS C:\ProgramData\TEMP:109734F6 deleted successfully.
    ADS C:\ProgramData\TEMP:ED9B661E deleted successfully.
    ADS C:\ProgramData\TEMP:E412AAF2 deleted successfully.
    ADS C:\ProgramData\TEMP:E2CFA9CD deleted successfully.
    ADS C:\ProgramData\TEMP:E21433CE deleted successfully.
    ADS C:\ProgramData\TEMP:DCDE7C60 deleted successfully.
    ADS C:\ProgramData\TEMP:CB0FEE2B deleted successfully.
    ADS C:\ProgramData\TEMP:B3196E8D deleted successfully.
    ADS C:\ProgramData\TEMP:98DD1050 deleted successfully.
    ADS C:\ProgramData\TEMP:8E5EA40F deleted successfully.
    ADS C:\ProgramData\TEMP:8204AA35 deleted successfully.
    ADS C:\ProgramData\TEMP:6C5EC3CD deleted successfully.
    ADS C:\ProgramData\TEMP:6423D635 deleted successfully.
    ADS C:\ProgramData\TEMP:3D6B89CE deleted successfully.
    ADS C:\ProgramData\TEMP:373DF935 deleted successfully.
    ADS C:\ProgramData\TEMP:2DF54B62 deleted successfully.
    ADS C:\ProgramData\TEMP:237E4B91 deleted successfully.
    ADS C:\ProgramData\TEMP:13AA281B deleted successfully.
    ADS C:\ProgramData\TEMP:0919E696 deleted successfully.
    ADS C:\ProgramData\TEMP:07D9FF25 deleted successfully.
    ADS C:\ProgramData\TEMP:FB08C210 deleted successfully.
    ADS C:\ProgramData\TEMP:ECF3C50F deleted successfully.
    ADS C:\ProgramData\TEMP:E4EE99EF deleted successfully.
    ADS C:\ProgramData\TEMP:DD842FD5 deleted successfully.
    ADS C:\ProgramData\TEMP:DA7655EA deleted successfully.
    ADS C:\ProgramData\TEMP:CA99FD89 deleted successfully.
    ADS C:\ProgramData\TEMP:AADC76BA deleted successfully.
    ADS C:\ProgramData\TEMP:8AA99C0C deleted successfully.
    ADS C:\ProgramData\TEMP:7BB584AA deleted successfully.
    ADS C:\ProgramData\TEMP:72598408 deleted successfully.
    ADS C:\ProgramData\TEMP:65B8AF94 deleted successfully.
    ADS C:\ProgramData\TEMP:63F8EC77 deleted successfully.
    ADS C:\ProgramData\TEMP:5F1019FF deleted successfully.
    ADS C:\ProgramData\TEMP:5A9F1AE5 deleted successfully.
    ADS C:\ProgramData\TEMP:40BAD1B0 deleted successfully.
    ADS C:\ProgramData\TEMP:2C678471 deleted successfully.
    ADS C:\ProgramData\TEMP:17F7AEA3 deleted successfully.
    ADS C:\ProgramData\TEMP:10F6E97E deleted successfully.
    ADS C:\ProgramData\TEMP:078B239B deleted successfully.
    ADS C:\ProgramData\TEMP:041C0562 deleted successfully.
    ADS C:\ProgramData\TEMP:F1F936DF deleted successfully.
    ADS C:\ProgramData\TEMP:DB2748F7 deleted successfully.
    ADS C:\ProgramData\TEMP:D882BE37 deleted successfully.
    ADS C:\ProgramData\TEMP:B8EB1B99 deleted successfully.
    ADS C:\ProgramData\TEMP:AC0528D9 deleted successfully.
    ADS C:\ProgramData\TEMP:A9ABA3FF deleted successfully.
    ADS C:\ProgramData\TEMP:A56D6987 deleted successfully.
    ADS C:\ProgramData\TEMP:A41FEAA2 deleted successfully.
    ADS C:\ProgramData\TEMP:A05F750A deleted successfully.
    ADS C:\ProgramData\TEMP:9EE6560D deleted successfully.
    ADS C:\ProgramData\TEMP:94874C0A deleted successfully.
    ADS C:\ProgramData\TEMP:8BE7A048 deleted successfully.
    ADS C:\ProgramData\TEMP:774A0E14 deleted successfully.
    ADS C:\ProgramData\TEMP:71A89A93 deleted successfully.
    ADS C:\ProgramData\TEMP:71112705 deleted successfully.
    ADS C:\ProgramData\TEMP:6677D85A deleted successfully.
    ADS C:\ProgramData\TEMP:63CFD724 deleted successfully.
    ADS C:\ProgramData\TEMP:56C17A93 deleted successfully.
    ADS C:\ProgramData\TEMP:490BCC52 deleted successfully.
    ADS C:\ProgramData\TEMP:44B5FE44 deleted successfully.
    ADS C:\ProgramData\TEMP:0860D6D6 deleted successfully.
    ADS C:\ProgramData\TEMP:077F4C77 deleted successfully.
    ADS C:\ProgramData\TEMP:008586AE deleted successfully.
    ADS C:\ProgramData\TEMP:F7370879 deleted successfully.
    ADS C:\ProgramData\TEMP:E2497090 deleted successfully.
    ADS C:\ProgramData\TEMP:D7DA89B1 deleted successfully.
    ADS C:\ProgramData\TEMP:98DFF516 deleted successfully.
    ADS C:\ProgramData\TEMP:7EBCAF87 deleted successfully.
    ADS C:\ProgramData\TEMP:6BD304B9 deleted successfully.
    ADS C:\ProgramData\TEMP:69E3AF64 deleted successfully.
    ADS C:\ProgramData\TEMP:24C072FF deleted successfully.
    ADS C:\ProgramData\TEMP:E3C56885 deleted successfully.
    ADS C:\ProgramData\TEMP:DD95E6D9 deleted successfully.
    ADS C:\ProgramData\TEMP:CEF2A14E deleted successfully.
    ADS C:\ProgramData\TEMP:C7B98566 deleted successfully.
    ADS C:\ProgramData\TEMP:C49A5AD1 deleted successfully.
    ADS C:\ProgramData\TEMP:B8EA2C49 deleted successfully.
    ADS C:\ProgramData\TEMP:8CCDAB14 deleted successfully.
    ADS C:\ProgramData\TEMP:65AB2A58 deleted successfully.
    ADS C:\ProgramData\TEMP:2B9555D8 deleted successfully.
    ADS C:\ProgramData\TEMP:29861223 deleted successfully.
    ADS C:\ProgramData\TEMP:D92485C9 deleted successfully.
    ADS C:\ProgramData\TEMP:BE6DC701 deleted successfully.
    ADS C:\ProgramData\TEMP:708BB0FA deleted successfully.
    ADS C:\ProgramData\TEMP:53DF59D1 deleted successfully.
    ADS C:\ProgramData\TEMP:483AC68A deleted successfully.
    ADS C:\ProgramData\TEMP:34EFF1F2 deleted successfully.
    ADS C:\ProgramData\TEMP:33384BC0 deleted successfully.
    ADS C:\ProgramData\TEMP:27F44544 deleted successfully.
    ADS C:\ProgramData\TEMP:0C13C008 deleted successfully.
    ADS C:\ProgramData\TEMP:FC60E0F8 deleted successfully.
    ADS C:\ProgramData\TEMP:EC855C73 deleted successfully.
    ADS C:\ProgramData\TEMP:C3B5FCD5 deleted successfully.
    ADS C:\ProgramData\TEMP:A0CB43B2 deleted successfully.
    ADS C:\ProgramData\TEMP:9026FFAC deleted successfully.
    ADS C:\ProgramData\TEMP:8DA9DB01 deleted successfully.
    ADS C:\ProgramData\TEMP:8BFA0030 deleted successfully.
    ADS C:\ProgramData\TEMP:701B92FB deleted successfully.
    ADS C:\ProgramData\TEMP:6FD26134 deleted successfully.
    ADS C:\ProgramData\TEMP:27C3CD07 deleted successfully.
    ADS C:\ProgramData\TEMP:0DE96CF5 deleted successfully.
    ADS C:\ProgramData\TEMP:F7401CCF deleted successfully.
    ADS C:\ProgramData\TEMP:F36BFA23 deleted successfully.
    ADS C:\ProgramData\TEMP:EC7C9796 deleted successfully.
    ADS C:\ProgramData\TEMP:D708EEF9 deleted successfully.
    ADS C:\ProgramData\TEMP:D507AEDA deleted successfully.
    ADS C:\ProgramData\TEMP:AFB24B00 deleted successfully.
    ADS C:\ProgramData\TEMP:95079543 deleted successfully.
    ADS C:\ProgramData\TEMP:86B7FDDB deleted successfully.
    ADS C:\ProgramData\TEMP:6BF0805F deleted successfully.
    ADS C:\ProgramData\TEMP:6813E7F4 deleted successfully.
    ADS C:\ProgramData\TEMP:63C29481 deleted successfully.
    ADS C:\ProgramData\TEMP:43301D1D deleted successfully.
    ADS C:\ProgramData\TEMP:FECEF728 deleted successfully.
    ADS C:\ProgramData\TEMP:E0EBA003 deleted successfully.
    ADS C:\ProgramData\TEMP:93877B62 deleted successfully.
    ADS C:\ProgramData\TEMP:723E56EC deleted successfully.
    ADS C:\ProgramData\TEMP:4AD2C54D deleted successfully.
    ADS C:\ProgramData\TEMP:07C99568 deleted successfully.
    ADS C:\ProgramData\TEMP:9D5BB34A deleted successfully.
    ADS C:\ProgramData\TEMP:3595B780 deleted successfully.
    ADS C:\ProgramData\TEMP:13DF9DD1 deleted successfully.
    ADS C:\ProgramData\TEMP:7CEDF9F3 deleted successfully.
    ADS C:\ProgramData\TEMP:551BED5F deleted successfully.
    ADS C:\ProgramData\TEMP:3A6BC948 deleted successfully.
    ADS C:\ProgramData\TEMP:E1D818F7 deleted successfully.
    ADS C:\ProgramData\TEMP:BBF60A29 deleted successfully.
    ADS C:\ProgramData\TEMP:A0C7D68A deleted successfully.
    ADS C:\ProgramData\TEMP:957E9765 deleted successfully.
    ADS C:\ProgramData\TEMP:592D7272 deleted successfully.
    ADS C:\ProgramData\TEMP:4673E9EA deleted successfully.
    ADS C:\ProgramData\TEMP:C74009E5 deleted successfully.
    ADS C:\ProgramData\TEMP:67BA17B9 deleted successfully.
    ADS C:\ProgramData\TEMP:65929158 deleted successfully.
    ADS C:\ProgramData\TEMP:9ACB70D7 deleted successfully.
    ADS C:\ProgramData\TEMP:966CEAE7 deleted successfully.
    ADS C:\ProgramData\TEMP:561B1D2B deleted successfully.
    ADS C:\ProgramData\TEMP:43E95997 deleted successfully.
    ADS C:\ProgramData\TEMP:0AE2C68F deleted successfully.
    ADS C:\ProgramData\TEMP:00811B66 deleted successfully.
    ADS C:\ProgramData\TEMP:EEF1584F deleted successfully.
    ADS C:\ProgramData\TEMP:CB16385F deleted successfully.
    ADS C:\ProgramData\TEMP:883EDFB5 deleted successfully.
    ADS C:\ProgramData\TEMP:4EF94CF3 deleted successfully.
    ADS C:\ProgramData\TEMP:EB5BDBB0 deleted successfully.
    ADS C:\ProgramData\TEMP:CC7738DB deleted successfully.
    ADS C:\ProgramData\TEMP:7920E530 deleted successfully.
    ADS C:\ProgramData\TEMP:71FA8B7F deleted successfully.
    ADS C:\ProgramData\TEMP:33611CFB deleted successfully.
    ADS C:\ProgramData\TEMP:F7F6E6CB deleted successfully.
    ADS C:\ProgramData\TEMP:E32966C0 deleted successfully.
    ADS C:\ProgramData\TEMP:8B51CAAE deleted successfully.
    ADS C:\ProgramData\TEMP:4E6B8D68 deleted successfully.
    ADS C:\ProgramData\TEMP:49EB0FDC deleted successfully.
    ADS C:\ProgramData\TEMP:E690114B deleted successfully.
    ADS C:\ProgramData\TEMP:98AE08EA deleted successfully.
    ADS C:\ProgramData\TEMP:514E900B deleted successfully.
    ADS C:\ProgramData\TEMP:1ECED34B deleted successfully.
    ADS C:\ProgramData\TEMP:15752405 deleted successfully.
    ADS C:\ProgramData\TEMP:80B291A7 deleted successfully.
    ADS C:\ProgramData\TEMP:126591AF deleted successfully.
    ADS C:\ProgramData\TEMP:DE6EED8B deleted successfully.
    ADS C:\ProgramData\TEMP:D0D17155 deleted successfully.
    ADS C:\ProgramData\TEMP:74091520 deleted successfully.
    ADS C:\ProgramData\TEMP:FB97DB91 deleted successfully.
    ADS C:\ProgramData\TEMP:95198126 deleted successfully.
    ADS C:\ProgramData\TEMP:6C13E971 deleted successfully.
    ADS C:\ProgramData\TEMP:3D36932D deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Kaye
    ->Temp folder emptied: 507923 bytes
    ->Temporary Internet Files folder emptied: 173300306 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 68776748 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 2557 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 63911 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 231.00 mb


    [EMPTYJAVA]

    User: All Users

    User: AppData

    User: Default

    User: Default User

    User: Kaye
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Kaye
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11262012_203706

    Files\Folders moved on Reboot...
    C:\Users\Kaye\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Kaye\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QW7S28NN\DOMINOS_E_Commerce_Nov1st_300x250[1].htm moved successfully.
    File\Folder C:\Users\Kaye\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FL5NKZA1\ADSAdClient31[1].htm not found!
    File\Folder C:\Users\Kaye\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FL5NKZA1\if[1].htm not found!
    File\Folder C:\Users\Kaye\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82V6OPSY\Today[1].htm not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  8. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Update Adobe Flash Player
    Download for Internet Explorer: http://www.filehippo.com/download_flashplayer_ie_64/
    Download for Firefox, Opera and other Gecko-based browsers: http://www.filehippo.com/download_flashplayer_firefox_64/

    NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
    NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

    ==========================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ===========================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =============================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
  9. Stesnees

    Stesnees TS Rookie Topic Starter

    Ok so the final log and pc seems absoloutely fine

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Kaye
    ->Temp folder emptied: 469878 bytes
    ->Temporary Internet Files folder emptied: 237420563 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 1117948107 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 2750 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 94031 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 5522 bytes

    Total Files Cleaned = 1,293.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Kaye
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: AppData

    User: Default

    User: Default User

    User: Kaye
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 11272012_232911

    Files\Folders moved on Reboot...
    C:\Users\Kaye\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  10. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Way to go!! [​IMG]
    Good luck and stay safe :)
  11. Stesnees

    Stesnees TS Rookie Topic Starter

    You my friend are an absolute gentleman, thank you so much for your help!
     
  12. Broni

    Broni Malware Annihilator Posts: 46,743   +254



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.