Win64/Patched.A virus..urgent help needed by desperate novice

Hi Broni...sorry about the late reply... had to go out and deal with mundane life today...it's not a holiday weekend here !-) Also when I got back I thought it might be a good idea to copy my folders and emal to another hard drive just in case I mess up... so I am doing that now should be a couple more hours... lots of photos music and film.. depending when that gets done I will get on with this next phase either tonight or first thing tomorrow... so I am still not clear about this restore point bit.... what am I doing? Sorry if this sound dumb...and 1 other question... is there any virus contorl I can use when I dump the AVG that will work with your tools... it kina makes me nervous not to have protection.... lokk at the mees I got in with it...Thanks in advance for the additioal help on this next step!!!! You are a star!!!!

Ok if you are sure... I think I will make sure you are online when I start this next phase just incase... so it may be tomorrow... I want to be sure I can reload the virus protection ASAP... I am kinda looking around for another app I am a bit dissappointed in AVG... I read something about Viper.. do you know it?

Hi Broni.. hope you are having a good day... I got all my files copied... I did the resore point and dowlaoded both software packages but I can not seem to get appremover installed... I start the installation and the first window is too big on both my computer screen and monitor so I can not get to the "next" button to complete the install.. I tried to reduce it but no joy... any suggestions?

Oh and yes I ask admin to change my user name... I was starting to feel like I was back in school using a formal name and not my formal user name... besides it much cooler

Never mid about the window... fixed it in the display options

Ok I fixed the window problem with this app remover but it will not install when I check the box No to the security tool bar installation.. it just keep bringing me back to that window and really I am not interested in their sercurity tool bar... I have so much stuff on here now I am losing track... Help!!!

Ok done here is the log part 1


ComboFix 12-11-24.02 - Cecilia 24/11/2012 18:05:00.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.353.1033.18.4012.2102 [GMT 0:00]

Running from: c:\users\Cecilia\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Roaming

.

.

((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 )))))))))))))))))))))))))))))))

.

.

2012-11-24 18:11 . 2012-11-24 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-22 22:42 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-22 22:42 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-22 22:42 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-22 22:42 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-22 18:43 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-11-21 17:45 . 2012-11-21 17:45 -------- d-----w- C:\FRST

2012-11-20 18:06 . 2012-11-20 21:26 -------- d-----w- c:\program files (x86)\Mega Codec Pack

2012-11-20 18:05 . 2012-11-20 18:05 -------- d-----w- c:\users\Cecilia\AppData\Roaming\Media Player Classic

2012-11-13 21:03 . 2012-11-20 21:23 -------- d-----w- c:\program files (x86)\Essentials Codec Pack

2012-11-13 21:02 . 2012-11-13 21:02 -------- d-----w- c:\program files (x86)\Yontoo

2012-11-13 21:01 . 2012-11-13 21:01 -------- d-----w- c:\windows\SysWow64\C2MP

2012-11-11 20:57 . 2012-11-11 20:57 39904 ----a-w- c:\windows\SysWow64\dischandler.exe

2012-11-11 17:46 . 2012-11-11 17:46 4012544 ----a-w- c:\windows\system32\ffmpeg.dll

2012-11-11 17:45 . 2012-11-11 17:45 474624 ----a-w- c:\windows\system32\ff_kernelDeint.dll

2012-11-11 17:45 . 2012-11-11 17:45 127488 ----a-w- c:\windows\system32\ff_vfw.dll

2012-11-11 17:45 . 2012-11-11 17:45 4376576 ----a-w- c:\windows\system32\ffdshow.ax

2012-11-11 17:45 . 2012-11-11 17:45 156672 ----a-w- c:\windows\system32\ff_libmad.dll

2012-11-11 17:44 . 2012-11-11 17:44 631296 ----a-w- c:\windows\system32\TomsMoComp_ff.dll

2012-11-11 17:44 . 2012-11-11 17:44 114688 ----a-w- c:\windows\system32\ff_wmv9.dll

2012-11-11 17:44 . 2012-11-11 17:44 223232 ----a-w- c:\windows\system32\ff_libdts.dll

2012-11-11 17:44 . 2012-11-11 17:44 183296 ----a-w- c:\windows\system32\ff_unrar.dll

2012-11-11 17:44 . 2012-11-11 17:44 1532928 ----a-w- c:\windows\system32\ff_samplerate.dll

2012-11-11 17:44 . 2012-11-11 17:44 116224 ----a-w- c:\windows\system32\ff_liba52.dll

2012-11-11 17:42 . 2012-11-11 17:42 3915776 ----a-w- c:\windows\SysWow64\ffmpeg.dll

2012-11-11 17:41 . 2012-11-11 17:41 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll

2012-11-11 17:41 . 2012-11-11 17:41 3504128 ----a-w- c:\windows\SysWow64\ffdshow.ax

2012-11-11 17:41 . 2012-11-11 17:41 271360 ----a-w- c:\windows\SysWow64\TomsMoComp_ff.dll

2012-11-11 17:40 . 2012-11-11 17:40 99840 ----a-w- c:\windows\SysWow64\ff_wmv9.dll

2012-11-11 17:40 . 2012-11-11 17:40 157184 ----a-w- c:\windows\SysWow64\ff_unrar.dll

2012-11-11 17:40 . 2012-11-11 17:40 211968 ----a-w- c:\windows\SysWow64\ff_libdts.dll

2012-11-11 17:40 . 2012-11-11 17:40 1525760 ----a-w- c:\windows\SysWow64\ff_samplerate.dll

2012-11-11 17:40 . 2012-11-11 17:40 147456 ----a-w- c:\windows\SysWow64\ff_libmad.dll

2012-11-11 17:40 . 2012-11-11 17:40 114688 ----a-w- c:\windows\SysWow64\ff_liba52.dll

2012-11-11 13:34 . 2012-11-11 13:34 503464 ----a-w- c:\windows\system32\LAVSplitter.ax

2012-11-11 13:34 . 2012-11-11 13:34 405200 ----a-w- c:\windows\system32\swscale-lav-2.dll

2012-11-11 13:34 . 2012-11-11 13:34 364712 ----a-w- c:\windows\system32\IntelQuickSyncDecoder.dll

2012-11-11 13:34 . 2012-11-11 13:34 274600 ----a-w- c:\windows\system32\LAVAudio.ax

2012-11-11 13:34 . 2012-11-11 13:34 252792 ----a-w- c:\windows\system32\avutil-lav-52.dll

2012-11-11 13:34 . 2012-11-11 13:34 215720 ----a-w- c:\windows\system32\libbluray.dll

2012-11-11 13:34 . 2012-11-11 13:34 178472 ----a-w- c:\windows\system32\avresample-lav-1.dll

2012-11-11 13:34 . 2012-11-11 13:34 1497768 ----a-w- c:\windows\system32\LAVVideo.ax

2012-11-11 13:34 . 2012-11-11 13:34 8000584 ----a-w- c:\windows\system32\avcodec-lav-54.dll

2012-11-11 13:34 . 2012-11-11 13:34 181568 ----a-w- c:\windows\system32\avfilter-lav-3.dll

2012-11-11 13:34 . 2012-11-11 13:34 1137384 ----a-w- c:\windows\system32\avformat-lav-54.dll

2012-11-11 13:32 . 2012-11-11 13:32 7870928 ----a-w- c:\windows\SysWow64\avcodec-lav-54.dll

2012-11-11 13:32 . 2012-11-11 13:32 413864 ----a-w- c:\windows\SysWow64\LAVSplitter.ax

2012-11-11 13:32 . 2012-11-11 13:32 382120 ----a-w- c:\windows\SysWow64\swscale-lav-2.dll

2012-11-11 13:32 . 2012-11-11 13:32 281768 ----a-w- c:\windows\SysWow64\IntelQuickSyncDecoder.dll

2012-11-11 13:32 . 2012-11-11 13:32 241832 ----a-w- c:\windows\SysWow64\LAVAudio.ax

2012-11-11 13:32 . 2012-11-11 13:32 238528 ----a-w- c:\windows\SysWow64\avutil-lav-52.dll

2012-11-11 13:32 . 2012-11-11 13:32 183976 ----a-w- c:\windows\SysWow64\libbluray.dll

2012-11-11 13:32 . 2012-11-11 13:32 167728 ----a-w- c:\windows\SysWow64\avfilter-lav-3.dll

2012-11-11 13:32 . 2012-11-11 13:32 158096 ----a-w- c:\windows\SysWow64\avresample-lav-1.dll

2012-11-11 13:32 . 2012-11-11 13:32 1182696 ----a-w- c:\windows\SysWow64\avformat-lav-54.dll

2012-11-11 13:32 . 2012-11-11 13:32 1172648 ----a-w- c:\windows\SysWow64\LAVVideo.ax

2012-11-08 18:21 . 2012-11-08 18:21 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

2012-11-08 12:45 . 2012-11-08 12:45 -------- d-----w- c:\users\Cecilia\AppData\Roaming\TuneUp Software

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-22 22:31 . 2011-11-26 16:43 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-20 10:47 . 2012-10-20 10:47 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-10-20 10:47 . 2012-10-20 10:47 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-10-20 10:47 . 2012-10-20 10:47 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-10-20 10:47 . 2012-10-20 10:47 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-10-20 10:47 . 2012-10-20 10:47 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-10-20 10:47 . 2012-10-20 10:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-10-20 10:47 . 2012-10-20 10:47 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-10-20 10:47 . 2012-10-20 10:47 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-10-20 10:47 . 2012-10-20 10:47 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-10-20 10:47 . 2012-10-20 10:47 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-10-20 10:47 . 2012-10-20 10:47 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-10-20 10:47 . 2012-10-20 10:47 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-10-20 10:47 . 2012-10-20 10:47 222208 ----a-w- c:\windows\system32\msls31.dll

2012-10-20 10:47 . 2012-10-20 10:47 197120 ----a-w- c:\windows\system32\msrating.dll

2012-10-20 10:47 . 2012-10-20 10:47 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-10-20 10:47 . 2012-10-20 10:47 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-10-20 10:47 . 2012-10-20 10:47 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-10-20 10:47 . 2012-10-20 10:47 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-10-20 10:47 . 2012-10-20 10:47 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-10-20 10:47 . 2012-10-20 10:47 89088 ----a-w- c:\windows\system32\ie4uinit.exe

2012-10-20 10:47 . 2012-10-20 10:47 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-10-20 10:47 . 2012-10-20 10:47 82432 ----a-w- c:\windows\system32\icardie.dll

2012-10-20 10:47 . 2012-10-20 10:47 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-10-20 10:47 . 2012-10-20 10:47 65024 ----a-w- c:\windows\system32\pngfilt.dll

2012-10-20 10:47 . 2012-10-20 10:47 55296 ----a-w- c:\windows\system32\msfeedsbs.dll

2012-10-20 10:47 . 2012-10-20 10:47 534528 ----a-w- c:\windows\system32\ieapfltr.dll

2012-10-20 10:47 . 2012-10-20 10:47 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-10-20 10:47 . 2012-10-20 10:47 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-10-20 10:47 . 2012-10-20 10:47 452608 ----a-w- c:\windows\system32\dxtmsft.dll

2012-10-20 10:47 . 2012-10-20 10:47 448512 ----a-w- c:\windows\system32\html.iec

2012-10-20 10:47 . 2012-10-20 10:47 403248 ----a-w- c:\windows\system32\iedkcs32.dll

2012-10-20 10:47 . 2012-10-20 10:47 39936 ----a-w- c:\windows\system32\iernonce.dll

2012-10-20 10:47 . 2012-10-20 10:47 3695416 ----a-w- c:\windows\system32\ieapfltr.dat

2012-10-20 10:47 . 2012-10-20 10:47 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-10-20 10:47 . 2012-10-20 10:47 282112 ----a-w- c:\windows\system32\dxtrans.dll

2012-10-20 10:47 . 2012-10-20 10:47 267776 ----a-w- c:\windows\system32\ieaksie.dll

2012-10-20 10:47 . 2012-10-20 10:47 249344 ----a-w- c:\windows\system32\webcheck.dll

2012-10-20 10:47 . 2012-10-20 10:47 163840 ----a-w- c:\windows\system32\ieakui.dll

2012-10-20 10:47 . 2012-10-20 10:47 160256 ----a-w- c:\windows\system32\wextract.exe

2012-10-20 10:47 . 2012-10-20 10:47 160256 ----a-w- c:\windows\system32\ieakeng.dll

2012-10-20 10:47 . 2012-10-20 10:47 149504 ----a-w- c:\windows\system32\occache.dll

2012-10-20 10:47 . 2012-10-20 10:47 145920 ----a-w- c:\windows\system32\iepeers.dll

2012-10-20 10:47 . 2012-10-20 10:47 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-10-20 10:47 . 2012-10-20 10:47 12288 ----a-w- c:\windows\system32\mshta.exe

2012-10-20 10:47 . 2012-10-20 10:47 114176 ----a-w- c:\windows\system32\admparse.dll

2012-10-20 10:47 . 2012-10-20 10:47 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-10-20 10:47 . 2012-10-20 10:47 10752 ----a-w- c:\windows\system32\msfeedssync.exe

2012-10-20 10:47 . 2012-10-20 10:47 103936 ----a-w- c:\windows\system32\inseng.dll

2012-10-20 10:47 . 2012-10-20 10:47 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-10-16 08:36 . 2012-10-16 08:36 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin

2012-10-10 19:06 . 2012-04-02 11:28 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-10 19:06 . 2011-12-02 12:02 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-24 00:03 . 2012-09-24 00:03 1289728 ----a-w- c:\windows\SysWow64\VSFilter.dll

2012-09-14 19:19 . 2012-10-09 20:11 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-09 20:11 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-08-31 18:19 . 2012-10-09 20:11 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 18:03 . 2012-10-09 20:11 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-09 20:11 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12 . 2012-10-09 20:11 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

Part 2


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2012-10-24 00:36 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VoipBuster"="c:\program files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe" [2012-09-11 23069600]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-11-17 673168]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"VAIO Boot Manager"="c:\program files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe" [2010-12-08 734608]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"MMReminderService"="c:\program files (x86)\Mindjet\MindManager 10\MMReminderService.exe" [2011-11-10 38248]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-11-03 344616]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-11-03 39464]

R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-11-04 133632]

R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-11-04 114304]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]

R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-01-03 340072]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-26 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]

S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-22 204288]

S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]

S2 FPLService;TrueSuiteService;c:\program files\TrueSuite\TrueSuite.Service.exe [2010-12-13 290632]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-07 2429544]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-05 2656280]

S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-12-06 584080]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-12-09 923024]

S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [2010-12-10 894240]

S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2012-05-25 12312832]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-11-01 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-11-01 180736]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-30 425064]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]

S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}]

2011-11-10 12:14 1409 ----a-r- c:\program files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 19:06]

.

2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-30 05:47]

.

2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-30 05:47]

.

2012-11-24 c:\windows\Tasks\SDMsgUpdate (TE).job

- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2012-04-12 18:22]

Part 3


--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-03 11490408]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-03 2179688]

"ClientAppLogon"="c:\program files\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2010-12-13 421192]

"ClientAppLogon32"="c:\program files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe" [2010-12-13 308040]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-25 167744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-25 417088] CFB3B6278FB1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.searchnu.com/406

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local

IE:

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send Image To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201

IE: Send Link To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203

IE: Send Page To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204

IE: Send Text To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202

TCP: DhcpNameServer = 192.168.15.1

FF - ProfilePath - c:\users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=394&systemid=406&sr=0&q=

FF - user.js: extentions.y2layers.installId - a3b41b51-1749-4bc0-84c1-5a23a13a3be2

FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQF2OoGpg&loc=IB_TB&I=26&search=

FF - user.js: extensions.incredibar_i.id - c8fc4ae90000000000008ca9825b7235

FF - user.js: extensions.incredibar_i.instlDay - 15551

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1416:04

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6PQF2OoGpg

FF - user.js: extensions.incredibar_i.upn2n - 92543320008558118

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10658

FF - user.js: extensions.incredibar_i.ppd -

FF - user.js: extentions.y2layers.installId - a046e4e2-bb98-405a-bc9d-bb325126bceb

FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll

Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll

Toolbar-10 - (no file)

Toolbar-10 - (no file)

HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-24 18:14:06

ComboFix-quarantined-files.txt 2012-11-24 18:14

.

Pre-Run: 269,963,243,520 bytes free

Post-Run: 269,466,918,912 bytes free

.
- - End Of File - - DFFDF7A1F54FB21CC1F3

Lletme know when I can reinstall my anti virus... feeling a bit exposed here !-( and tahanks so much again for your support!!!

Here is the log from ADW...should I do the 2nd part of this(the uninstall now? wasn't sure if you had to look at the log first... told you I was a novice..

# AdwCleaner v2.009 - Logfile created 11/24/2012 at 21:04:18
# Updated 24/11/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Cecilia - SILVER
# Boot Mode : Normal
# Running from : C:\Users\Cecilia\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\searchplugins\Search_Results.xml
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Cecilia\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Cecilia\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Cecilia\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Cecilia\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\extensions\ffxtlbr@incredibar.com
Folder Deleted : C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\extensions\plugin@yontoo.com
Folder Deleted : C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\Searchqutoolbar
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/406 --> hxxp://www.google.com
-\\ Mozilla Firefox v16.0.2 (en-GB)
Profile name : default
File : C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\prefs.js
C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\user.js ... Deleted !
Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\13.2.0.4");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.order.1", "Search Results");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("extensions.5027cbc9e6d77.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.enabledAddons", "ffxtlbr@incredibar.com:1.5.0,plugin@yontoo.com:1.20.00,avg@to[...]
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10658");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "c8fc4ae90000000000008ca9825b7235");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15551");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQF2OoGpg&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6PQF2OoGpg");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92543320008558118");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1416:04:00");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={DC82B78D-E5A6-4FFD-9E8A-966FE3A3DB7F}&m[...]
-\\ Google Chrome v [Unable to get version]
File : C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.4] : homepage = "hxxp://www.searchnu.com/406",
Deleted [l.8] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]
Deleted [l.46] : homepage = "hxxp://www.searchnu.com/406",
Deleted [l.61] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]
*************************
AdwCleaner[S1].txt - [7521 octets] - [24/11/2012 21:04:18]
########## EOF - C:\AdwCleaner[S1].txt - [7581 octets] ##########

Unisatlled it... here is the OTL Extra log

OTL Extras logfile created on: 24/11/2012 23:09:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cecilia\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.92 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 32.90% Memory free
7.83 Gb Paging File | 5.27 Gb Available in Paging File | 67.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.33 Gb Total Space | 249.45 Gb Free Space | 55.27% Space Free | Partition Type: NTFS

Computer Name: SILVER | User Name: Cecilia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2489319110-3914873036-576177692-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A1BF2C-922D-4725-9AD3-E74EED6D5F5B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{07115FAB-A29E-4E3D-AE50-C71B5CFD441E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{091D062F-BC40-484C-9B94-252CDF7D13AC}" = lport=139 | protocol=6 | dir=in | app=system |
"{1A3EBDC2-4CCC-42AA-9240-2FFAE2BC8FFC}" = rport=445 | protocol=6 | dir=out | app=system |
"{21A846AB-4B38-4C8D-86A0-8268692C0F47}" = rport=138 | protocol=17 | dir=out | app=system |
"{3D110CE4-E6C0-4D6E-8529-1DD45D6126AC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{56D30B4E-7850-4E40-8CAD-090B472D6FC1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A9164AF-DC0F-4742-B2AF-3BEFA046968D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6091F3AB-8070-4208-BC85-ECF4AD19D535}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6C5EDB9F-81FB-41E3-9BCF-91E6EE1C8B82}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D4E4DCF-C7B5-49E8-8AD4-24BBAB9387EB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{708FE1FA-AF73-4293-8F86-2F70060569F7}" = rport=139 | protocol=6 | dir=out | app=system |
"{77264DF4-C228-4869-ACAF-DD4F45B5DF0C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8147A994-A722-4F3C-8554-016BD1FF77FD}" = lport=445 | protocol=6 | dir=in | app=system |
"{821D59AB-F5C6-4FB3-9F14-4021799CFB93}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{926B7BA2-D5B8-4D3B-B543-CDCD24363A5E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{944CC722-D9CE-4A17-94DE-8C5C6E5BE855}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9632863B-A495-4EF5-AF41-1875EC51B9F6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A0D35EC9-76CF-4A63-8991-1072F591A572}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A547457A-F6A6-4B4D-80CD-864358F38F67}" = lport=137 | protocol=17 | dir=in | app=system |
"{AA66AE14-F2F3-4031-BE79-3826A4D1EC36}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AD32CDFC-0616-4843-8B26-F8B0479152FC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CA08D1C3-F7AC-42A9-A158-FF17EF366442}" = lport=138 | protocol=17 | dir=in | app=system |
"{CC278859-EAA0-45A2-AB37-825384B61526}" = rport=137 | protocol=17 | dir=out | app=system |
"{DBDC8770-B7CC-4929-903E-25EE04174C67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E12884E1-E5AA-4B26-91C5-637F220FA710}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F2DDE1-D67A-4E14-8326-EDFDD51300E5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{047C78EA-C910-49BE-AE07-3252F69B27CA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{0EAAE4CD-9DB0-478E-A0E9-F39043332176}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0F2E35D0-AB6F-486D-AE2E-110AAA944A08}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0FBFD8C8-7347-48A7-BAF7-79D4325B2B7C}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{1392A926-0ACD-454D-9002-D656140C7B6B}" = protocol=6 | dir=in | app=c:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe |
"{139593FA-38A7-4147-9E72-9696CCC02C92}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{21A648DD-B1FF-4CED-BDB5-99CC719EBE1B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24435E97-A49C-4A79-B05F-8DEDC14DFDC7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{27A9E0B3-EB20-4616-8677-F51E212756C8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2A214838-D425-46EF-A85E-0D8039302BA3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{2AC08A30-E554-4E3F-ACFC-6A920D9F86EA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{324D3EA8-10A4-4058-A3A1-0AD46DA3414D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{347423CD-8B85-4136-B5C4-8847232EA299}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3831A6D6-C188-4C42-92B4-3708D93805BC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{39A1E818-E56F-4605-A165-74D3C2460767}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4205C6EB-8471-485B-841A-7F1E964382F6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{448DB2EF-F829-4D9C-A37C-256CE1BBA1A7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{4ABFD4BC-3B96-49F4-A275-6AECA3A0FF8F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4F60BA12-31B0-476C-91C9-7455EA307A03}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{51DAE64F-6FF9-463E-B1CF-EBFD77335093}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5AED60A7-F112-42B4-89DD-91743101291E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62506E26-03C7-49A8-A41F-2D9C836003F0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6C364DAE-3F1A-4EEA-A95F-F7EF961B19B9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{6DCFDC92-E6FB-470C-ADAF-91911658DA73}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{721AF09A-7356-42EA-8AB4-47D06C7E5EAE}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{7240BDE3-94AA-4D73-AA8E-D479E9F9B99C}" = protocol=17 | dir=in | app=c:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe |
"{73EFC116-05CE-47E7-8996-58C3FF4AA543}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F9C0CA4-1693-4FD5-9861-95D4DCAD920D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7FA0F9EE-B2FA-444C-A5F2-EFD63F7D525A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{83497747-C91C-48FE-8FE7-FEAB406ED110}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{8980B25D-F8CB-4F2B-AE92-CC44904924B1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8F1EB679-BF09-4B1B-8420-A02BEB6FC73E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{937E81C4-3E3D-490E-AFA0-22DC0D75B893}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{95521C2C-4F08-4379-A5AD-63CFEB3B15D4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9C639952-07EE-4AA5-BFDE-7A9E1D069A09}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9E900F6E-C6AF-4AA3-8B78-44AF9109E526}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A16D8703-C07C-440C-AE5B-1D8457F4478F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AD3DAB04-D4BF-405D-A23B-4F9DA00F0097}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B6E8E116-60A1-4E2F-BD5C-D6D4162A624D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BAF3BAD7-334A-4EFF-9B7F-265ADC0A210A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D1848F30-99C4-417F-9B77-9075B7FD424E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D2F1BA71-797F-41BF-B490-1BC06B298657}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D8848C7F-9869-4BA4-AC3F-3D5F3795F488}" = protocol=6 | dir=out | app=system |
"{E17B229B-DBA9-47E4-A66A-A9BB7711BA0A}" = protocol=17 | dir=in | app=c:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe |
"{E5CC50E9-67B3-4568-9D96-ECD8700A5479}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{E739E9F6-246B-410F-A422-A75CCDFE5A99}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EB6F2D88-02C6-4344-8DD3-C374836B9365}" = protocol=6 | dir=in | app=c:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe |
"{ECD22C23-098E-4F81-A2EA-34F8A3657800}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{FDF20519-566B-4B76-94DD-CD54A0103DB9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{FF27AAC6-F5FC-4562-AB45-03885C86D0F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
"{158BEEC4-CC30-BF2F-248D-B52AF953E9C1}" = ATI Catalyst Install Manager
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5CB648C9-78CC-D03E-65E4-B4AF6127CEFC}" = ccc-utility64
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7BF570D4-D060-165D-64AA-4C96DBC08671}" = AMD Media Foundation Decoders
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B305FB9-297D-4F86-BC8B-740E7A1EF200}" = AVG 2013
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AF162E20-417F-4946-A06D-65734984957F}" = Intel(R) PROSet/Wireless WiFi Software
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BB0CAB96-2EDE-4DDF-B6F3-AEE02C0F1CA4}" = AVG 2013
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C5D9F032-E965-426E-93B7-E0CF273036A3}" = AuthenTec TrueSuite
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"EPSON SX420W Series" = EPSON SX420W Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PDF-XChange 3_is1" = PDF-XChange 3
"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{06676957-7563-8D90-1212-6B58F8B724D9}" = CCC Help Spanish
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13EC74A6-4707-4D26-B9B9-E173403F3B08}" = Quick Web Access
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{223767A9-2A17-8F5D-A08A-BE720E51C2D6}" = CCC Help Norwegian
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FFD2FF0-8D1F-7CF0-B389-C2FE3B0BD745}" = CCC Help Czech
"{31ABC808-794B-4710-B3E4-85F77784882E}" = VAIO Hardware Diagnostics
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3705D53F-BB01-4BEE-8585-289E71CAC4B4}" = Компаньон Messenger
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{489D3997-0A51-54BD-591E-AD6A15EB8190}" = CCC Help English
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52018CB0-FD4F-C746-C950-1F40B00BC0C5}" = CCC Help Greek
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{547F3077-EBD6-9D0A-4C9C-A729E5AD6A76}" = CCC Help Korean
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{59312BC4-CA09-88A4-3CA2-A96FF21B4604}" = CCC Help Chinese Standard
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{6007FDAD-CBF0-4B15-6235-93F358273066}" = CCC Help Hungarian
"{60E333E5-93AF-E75A-3A22-A10B0DD351BE}" = CCC Help German
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{662E4107-92BC-228F-3BEE-6140BDF17BD7}" = Catalyst Control Center InstallProxy
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7C9B54C7-7777-41E4-8508-E78A6CE3BCE5}" = Catalyst Control Center - Branding
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{862AE653-4E32-087E-BA55-C11B853D4DF6}" = CCC Help Thai
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF4B62E-2ED0-0950-FA54-A46D59A93636}" = Catalyst Control Center Localization All
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{930A4D1B-AA42-D8DC-08F1-27CB7F6F6A13}" = CCC Help Danish
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{94650E3B-CCD1-AE32-46A1-3890787B3488}" = CCC Help Polish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" =
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADFAD16F-D86E-D4E2-3E0A-A94F54544DE9}" = Catalyst Control Center Profiles Mobile
"{AFE462CB-8D7D-1E68-1D3A-071E485CAF58}" = PX Profile Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1482DE6-FF00-2968-0155-57A643DCA7CB}" = CCC Help Portuguese
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{C0357E79-BAED-48F4-8AFE-A5E71AFC2658}" =
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C4040489-0C6A-6361-3270-CE574016BE0F}" = CCC Help Chinese Traditional
"{C4BD6ECC-FF0E-5AAC-8CB3-EA92B20D77A3}" = CCC Help Japanese
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO Manual
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" =
"{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D2F6976A-1935-F625-ACB4-CBF5C067C746}" = CCC Help Italian
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E085406A-685B-481C-9459-7B9049150534}" = Mindjet MindManager 2012
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E8A943BA-C038-B562-92AE-7C5A99C972A0}" = CCC Help French
"{EA441422-6D6A-6E91-A973-492BB9BFB0D6}" = Catalyst Control Center Graphics Previews Common
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFBEE79D-E49D-9451-459E-F776AC857F99}" = PX Profile Update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21A6101-3E12-32AE-AB8D-51F11005B55B}" = CCC Help Swedish
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F63FFE40-4F62-0F8C-5C97-7C66A2D7500A}" = CCC Help Turkish
"{F69CE215-9CE8-48DB-6943-9003B6AE5142}" = Catalyst Control Center
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8B48758-410A-4B09-A734-C5DEA282C7C9}" = VAIO Data Restore Tool
"{F8DD58A9-2A6A-5004-8740-D4E50FBF726C}" = CCC Help Finnish
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FED5269F-EAAA-5D64-AE23-3478C747A1F1}" = CCC Help Russian
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF5B1EEA-8766-4D05-A985-08610A21A739}" = CCC Help Dutch
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"BitTorrent" = BitTorrent
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CleanUp!" = CleanUp!
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON SX420W Series Manual" = EPSON SX420W Series Manual
"EPSON SX420W Series Network Guide" = EPSON SX420W Series Network Guide
"Google Chrome" = Google Chrome
"ImTOO DVD Ripper Ultimate 6" = ImTOO DVD Ripper Ultimate 6
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Media Player - Codec Pack" = Media Player Codec Pack 4.2.4
"Mozilla Firefox 16.0.2 (x86 en-GB)" = Mozilla Firefox 16.0.2 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MWSnap 3" = MWSnap 3
"PDF Password Remover v3.1_is1" = PDF Password Remover v3.1
"PremElem90" = Adobe Premiere Elements 9
"SmartDraw 2012" = SmartDraw 2012
"splashtop" = Quick Web Access
"VAIO Help and Support" =
"VoipBuster_is1" = VoipBuster
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 4.0 [64-Bit]
"WinLiveSuite" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.14

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2489319110-3914873036-576177692-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20/11/2012 05:27:54 | Computer Name = Silver | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 20/11/2012 15:19:26 | Computer Name = Silver | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 20/11/2012 16:25:00 | Computer Name = Silver | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 20/11/2012 16:56:15 | Computer Name = Silver | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 20/11/2012 16:57:12 | Computer Name = Silver | Source = System Restore | ID = 8210
Description =

Error - 20/11/2012 17:02:31 | Computer Name = Silver | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 20/11/2012 17:03:56 | Computer Name = Silver | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 20/11/2012 17:05:43 | Computer Name = Silver | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 20/11/2012 17:14:05 | Computer Name = Silver | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.
System
Error: A system shutdown is in progress. .

Error - 20/11/2012 17:15:09 | Computer Name = Silver | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

[ System Events ]
Error - 24/11/2012 16:47:20 | Computer Name = Silver | Source = DCOM | ID = 10010
Description =

Error - 24/11/2012 16:47:25 | Computer Name = Silver | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 24/11/2012 16:48:23 | Computer Name = Silver | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 24/11/2012 16:48:33 | Computer Name = Silver | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 24/11/2012 16:49:25 | Computer Name = Silver | Source = DCOM | ID = 10016
Description =

Error - 24/11/2012 17:05:38 | Computer Name = Silver | Source = DCOM | ID = 10010
Description =

Error - 24/11/2012 17:05:41 | Computer Name = Silver | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 24/11/2012 17:06:38 | Computer Name = Silver | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 24/11/2012 17:06:49 | Computer Name = Silver | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 24/11/2012 17:07:40 | Computer Name = Silver | Source = DCOM | ID = 10016
Description =


< End of report >

OTL txt part 1

OTL logfile created on: 24/11/2012 23:09:56 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cecilia\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy



3.92 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 32.90% Memory free

7.83 Gb Paging File | 5.27 Gb Available in Paging File | 67.28% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.33 Gb Total Space | 249.45 Gb Free Space | 55.27% Space Free | Partition Type: NTFS



Computer Name: SILVER | User Name: Cecilia | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days



========== Processes (SafeList) ==========



PRC - [2012/11/24 20:57:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cecilia\Desktop\OTL.exe

PRC - [2012/11/24 20:45:29 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe

PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

PRC - [2012/10/09 20:06:37 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe

PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/09/11 17:04:38 | 023,069,600 | ---- | M] (VoipBuster) -- C:\Program Files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe

PRC - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/11/10 12:17:16 | 000,038,248 | ---- | M] (Mindjet) -- C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe

PRC - [2011/11/03 16:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe

PRC - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe

PRC - [2011/01/29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe

PRC - [2011/01/05 06:11:44 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2011/01/05 06:10:33 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2010/12/23 15:24:52 | 000,206,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

PRC - [2010/12/23 15:24:52 | 000,095,632 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

PRC - [2010/12/13 02:41:14 | 000,308,040 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe

PRC - [2010/11/17 17:30:12 | 000,673,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

PRC - [2009/12/03 09:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

PRC - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe





========== Modules (No Company Name) ==========



MOD - [2012/11/23 17:12:42 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3343dd79a8a8fc1befde1635a3532e0c\IAStorCommon.ni.dll

MOD - [2012/11/23 17:12:41 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\df85a94db4f59fa483bce708f4a54643\IAStorUtil.ni.dll

MOD - [2012/11/22 22:40:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll

MOD - [2012/11/22 22:40:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll

MOD - [2012/11/22 22:39:56 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll

MOD - [2012/11/22 22:39:44 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll

MOD - [2012/11/22 22:39:39 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll

MOD - [2012/11/22 22:39:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll

MOD - [2012/11/22 22:39:36 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll

MOD - [2012/11/22 22:39:29 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll

MOD - [2011/11/10 12:16:32 | 000,151,376 | ---- | M] () -- C:\Program Files (x86)\Mindjet\MindManager 10\zlib.dll

MOD - [2011/11/03 16:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl

MOD - [2011/11/03 16:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl

MOD - [2011/11/03 16:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll





========== Services (SafeList) ==========



SRV:64bit: - [2012/01/13 09:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)

SRV:64bit: - [2011/12/22 06:54:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)

SRV:64bit: - [2011/01/29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)

SRV:64bit: - [2010/12/13 02:40:44 | 000,290,632 | ---- | M] (AuthenTec, Inc) [Auto | Running] -- C:\Program Files\TrueSuite\TrueSuite.Service.exe -- (FPLService)

SRV:64bit: - [2010/12/09 15:26:26 | 000,923,024 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)

SRV:64bit: - [2010/12/06 08:14:50 | 000,584,080 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)

SRV:64bit: - [2010/11/02 12:49:46 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2010/11/02 12:39:08 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2010/11/02 12:34:14 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/07/29 18:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2009/09/14 04:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)

SRV:64bit: - [2009/09/14 04:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)

SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/11/24 20:45:29 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)

SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2012/10/30 12:40:03 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)

SRV - [2012/10/10 19:06:38 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011/12/07 06:38:10 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)

SRV - [2011/01/05 06:11:44 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2011/01/05 06:10:33 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/12/23 15:24:52 | 000,095,632 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)

SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)

SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)





========== Driver Services (SafeList) ==========



DRV:64bit: - [2012/11/24 20:45:30 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)

DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)

DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2012/05/25 01:01:44 | 012,312,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)

DRV:64bit: - [2012/05/25 01:01:44 | 012,312,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/01/03 02:21:44 | 000,340,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)

DRV:64bit: - [2011/12/22 07:30:24 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/12/22 06:12:40 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/08/23 09:12:56 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/01/30 01:19:52 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/01/05 06:10:11 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/12/10 09:57:42 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/12/10 08:57:42 | 000,894,240 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)

DRV:64bit: - [2010/12/06 20:38:55 | 000,316,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/09 02:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)

DRV:64bit: - [2010/11/03 22:35:22 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2010/11/03 22:35:21 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)

DRV:64bit: - [2010/11/03 22:35:21 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2010/11/03 22:35:21 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2010/11/03 22:34:50 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2010/11/01 20:09:19 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010/11/01 20:09:19 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010/04/26 20:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)

DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/11/04 15:59:36 | 000,133,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)

DRV:64bit: - [2009/11/04 15:59:36 | 000,117,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)

DRV:64bit: - [2009/11/04 15:59:36 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)

DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/14 00:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/14 00:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)

DRV:64bit: - [2009/07/13 23:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2009/06/10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 20:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)

DRV:64bit: - [2009/06/10 20:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)

DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)





========== Standard Registry (SafeList) ==========





========== Internet Explorer ==========



IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}





IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =



IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =



IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\..\SearchScopes,DefaultScope = {4559CED3-E780-48B7-AE5E-1B80895996BF}

IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\..\SearchScopes\{4559CED3-E780-48B7-AE5E-1B80895996BF}: "URL" = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices

IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7SVEF_enIE459

IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...9c6951c95e9&lang=en&ds=AVG&pr=pr&d=2012-11-24 20:45:36&v=13.2.0.4&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\..\SearchScopes\{B3A3F390-208B-479D-9D0E-0BEC026626E1}: "URL" = http://rover.ebay.com/rover/1//4?satitle={searchTerms}

IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local



========== FireFox ==========



FF - prefs.js..browser.startup.homepage: "http://www.google.ie/"

FF - user.js - File not found



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/30 12:40:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins



[2012/08/12 15:03:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cecilia\AppData\Roaming\Mozilla\Extensions

[2012/11/24 21:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\extensions

[2012/10/09 20:11:25 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\extensions\OneClickDownload@OneClickDownload.com

[2012/08/12 15:29:59 | 000,005,138 | ---- | M] () (No name found) -- C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\extensions\5027cbc9e6cca@5027cbc9e6d03.info.xpi

[2012/10/30 12:40:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/10/30 12:40:00 | 000,000,000 | ---D | M] (TrueSuite Website Log On) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com

[2012/10/30 12:40:01 | 000,000,000 | ---D | M] (TrueSuite WebStore) -- C:\Program Files (x86)\Mozilla Firefox\extensions\webstore@truesuite.com

File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\13.2.0.4

File not found (No name found) -- C:\USERS\CECILIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C0QDT302.DEFAULT\EXTENSIONS\FFXTLBR@INCREDIBAR.COM

File not found (No name found) -- C:\USERS\CECILIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C0QDT302.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM

[2012/10/30 12:40:03 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/06/28 16:38:51 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml

[2012/08/31 20:49:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/06/28 16:38:51 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml

[2012/06/28 16:38:51 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml

[2012/10/17 13:35:08 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

[2012/06/28 16:38:51 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml



========== Chrome ==========



CHR - homepage: http://www.google.com/

CHR - homepage: http://www.google.com/



O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.)

O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll (AuthenTec Inc.)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll File not found

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found

O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found

O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll File not found

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

Part 2


O4:64bit: - HKLM..\Run: [ClientAppLogon] C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)

O4:64bit: - HKLM..\Run: [ClientAppLogon32] C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe (Mindjet)

O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found

O4 - HKLM..\Run: [VAIO Boot Manager] C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe (Sony Corporation)

O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found

O4 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001..\Run: [EPSON14FFC7 (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Users\Cecilia\AppData\Local\Temp\E_S7483.tmp" /EF "HKCU" File not found

O4 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001..\Run: [VoipBuster] C:\Program Files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe (VoipBuster)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found

O8:64bit: - Extra context menu item: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

O8:64bit: - Extra context menu item: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

O8:64bit: - Extra context menu item: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

O8:64bit: - Extra context menu item: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found

O8 - Extra context menu item: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

O8 - Extra context menu item: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

O8 - Extra context menu item: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

O8 - Extra context menu item: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A37695B-FB06-49EA-8D47-825699C92FB7}: DhcpNameServer = 89.19.64.164 89.19.64.36

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94D4E75C-BEEE-4126-8BF7-C538965B9200}: DhcpNameServer = 192.168.15.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\gopher - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



========== Files/Folders - Created Within 30 Days ==========



[2012/11/24 20:57:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Cecilia\Desktop\OTL.exe

[2012/11/24 20:47:13 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\AVG2013

[2012/11/24 20:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2012/11/24 20:45:35 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

[2012/11/24 20:45:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search

[2012/11/24 20:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013

[2012/11/24 20:32:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/11/24 20:30:00 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Local\MFAData

[2012/11/24 20:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2012/11/24 20:30:00 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Local\Avg2013

[2012/11/24 18:34:20 | 004,411,440 | ---- | C] (AVG Technologies) -- C:\Users\Cecilia\Desktop\avg_avct_stb_all_2013_2667_cm10.exe

[2012/11/24 18:14:08 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/11/24 18:03:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/11/24 18:03:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/11/24 18:03:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/11/24 18:03:15 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/11/24 18:02:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/11/24 17:47:28 | 003,222,280 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Cecilia\Desktop\avg_remover_stf_x64_2013_2706.exe

[2012/11/24 16:44:52 | 005,006,466 | R--- | C] (Swearware) -- C:\Users\Cecilia\Desktop\ComboFix.exe

[2012/11/22 18:54:27 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Cecilia\Desktop\dds.com

[2012/11/22 17:16:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Cecilia\Desktop\aswMBR.exe

[2012/11/21 17:45:51 | 000,000,000 | ---D | C] -- C:\FRST

[2012/11/21 14:10:46 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Desktop\MW problem

[2012/11/21 08:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/21 08:57:23 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/11/20 19:17:34 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\Malwarebytes

[2012/11/20 19:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/11/20 19:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/11/20 18:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mega Codec Pack

[2012/11/20 18:05:17 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\Media Player Classic

[2012/11/20 12:13:57 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Desktop\NEO exp 2011 & 2012

[2012/11/15 12:13:52 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Documents\Exp Neo

[2012/11/13 21:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essentials Codec Pack

[2012/11/13 21:03:12 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Essentials Codec Pack

[2012/11/13 21:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Essentials Codec Pack

[2012/11/13 21:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack

[2012/11/13 21:01:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\C2MP

[2012/11/13 20:55:34 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Local\{0BAEF352-9A02-44CE-A574-DD55AF3C863A}

[2012/11/11 13:34:54 | 001,497,768 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVVideo.ax

[2012/11/11 13:34:54 | 000,503,464 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVSplitter.ax

[2012/11/11 13:34:54 | 000,274,600 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVAudio.ax

[2012/11/11 13:32:34 | 001,172,648 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVVideo.ax

[2012/11/11 13:32:34 | 000,413,864 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVSplitter.ax

[2012/11/11 13:32:34 | 000,241,832 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVAudio.ax

[2012/11/08 13:05:25 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Documents\AGV

[2012/11/08 12:45:15 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\TuneUp Software

[2012/11/08 12:01:08 | 004,418,888 | ---- | C] (AVG Technologies) -- C:\Users\Cecilia\Documents\avg_avc_stb_all_2013_2742.exe

[2012/10/30 12:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012/10/30 11:34:04 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Desktop\Today

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]



========== Files - Modified Within 30 Days ==========



[2012/11/24 23:06:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/11/24 23:05:03 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/11/24 21:14:03 | 000,013,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/24 21:14:03 | 000,013,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/24 21:11:08 | 000,730,512 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/11/24 21:11:08 | 000,631,778 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/11/24 21:11:08 | 000,111,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/11/24 21:07:09 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/11/24 21:07:03 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job

[2012/11/24 21:06:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/11/24 21:06:29 | 3155,054,592 | -HS- | M] () -- C:\hiberfil.sys

[2012/11/24 20:57:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cecilia\Desktop\OTL.exe

[2012/11/24 20:45:41 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk

[2012/11/24 20:45:30 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

[2012/11/24 18:35:24 | 004,411,440 | ---- | M] (AVG Technologies) -- C:\Users\Cecilia\Desktop\avg_avct_stb_all_2013_2667_cm10.exe

[2012/11/24 17:47:29 | 003,222,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Cecilia\Desktop\avg_remover_stf_x64_2013_2706.exe

[2012/11/24 17:25:53 | 000,000,009 | ---- | M] () -- C:\END

[2012/11/24 16:48:37 | 015,122,608 | ---- | M] () -- C:\Users\Cecilia\Desktop\AppRemover.exe

[2012/11/24 16:45:18 | 005,006,466 | R--- | M] (Swearware) -- C:\Users\Cecilia\Desktop\ComboFix.exe

[2012/11/23 16:34:51 | 000,444,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/11/22 20:33:34 | 000,750,080 | ---- | M] () -- C:\Users\Cecilia\Desktop\RogueKiller.exe

[2012/11/22 18:54:27 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Cecilia\Desktop\dds.com

[2012/11/22 17:17:38 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Cecilia\Desktop\aswMBR.exe

[2012/11/21 15:04:45 | 000,172,110 | ---- | M] () -- C:\Users\Cecilia\Desktop\JFN CV-1112 (OverviewMC).pdf

[2012/11/21 10:41:46 | 000,001,133 | ---- | M] () -- C:\Users\Cecilia\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

[2012/11/21 08:57:25 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/21 08:51:57 | 000,001,284 | ---- | M] () -- C:\Users\Cecilia\Desktop\mbam-setup-1.65.1.1000.exe - Shortcut.lnk

[2012/11/20 11:07:46 | 000,000,868 | ---- | M] () -- C:\Users\Cecilia\Documents\ChatLog Various FAST and TIP meetings _DO NOT DELETE THIS MEETING_ 2012_11_20 11_07.rtf

[2012/11/13 21:03:19 | 000,001,188 | ---- | M] () -- C:\Users\Cecilia\Desktop\Media Player Classic.lnk

[2012/11/11 20:57:30 | 000,039,904 | ---- | M] () -- C:\Windows\SysWow64\dischandler.exe

[2012/11/11 17:46:06 | 004,012,544 | ---- | M] () -- C:\Windows\SysNative\ffmpeg.dll

[2012/11/11 17:45:22 | 000,474,624 | ---- | M] () -- C:\Windows\SysNative\ff_kernelDeint.dll

[2012/11/11 17:45:12 | 000,127,488 | ---- | M] () -- C:\Windows\SysNative\ff_vfw.dll

[2012/11/11 17:45:08 | 004,376,576 | ---- | M] () -- C:\Windows\SysNative\ffdshow.ax

[2012/11/11 17:45:04 | 000,156,672 | ---- | M] () -- C:\Windows\SysNative\ff_libmad.dll

[2012/11/11 17:44:38 | 000,631,296 | ---- | M] () -- C:\Windows\SysNative\TomsMoComp_ff.dll

[2012/11/11 17:44:12 | 000,114,688 | ---- | M] () -- C:\Windows\SysNative\ff_wmv9.dll

[2012/11/11 17:44:08 | 001,532,928 | ---- | M] () -- C:\Windows\SysNative\ff_samplerate.dll

[2012/11/11 17:44:08 | 000,223,232 | ---- | M] () -- C:\Windows\SysNative\ff_libdts.dll

[2012/11/11 17:44:08 | 000,183,296 | ---- | M] () -- C:\Windows\SysNative\ff_unrar.dll

[2012/11/11 17:44:08 | 000,116,224 | ---- | M] () -- C:\Windows\SysNative\ff_liba52.dll

[2012/11/11 17:42:32 | 003,915,776 | ---- | M] () -- C:\Windows\SysWow64\ffmpeg.dll

[2012/11/11 17:41:46 | 000,112,640 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll

[2012/11/11 17:41:40 | 003,504,128 | ---- | M] () -- C:\Windows\SysWow64\ffdshow.ax

[2012/11/11 17:41:14 | 000,271,360 | ---- | M] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll

[2012/11/11 17:40:50 | 000,157,184 | ---- | M] () -- C:\Windows\SysWow64\ff_unrar.dll

[2012/11/11 17:40:50 | 000,099,840 | ---- | M] () -- C:\Windows\SysWow64\ff_wmv9.dll

[2012/11/11 17:40:48 | 001,525,760 | ---- | M] () -- C:\Windows\SysWow64\ff_samplerate.dll

[2012/11/11 17:40:48 | 000,211,968 | ---- | M] () -- C:\Windows\SysWow64\ff_libdts.dll

[2012/11/11 17:40:48 | 000,147,456 | ---- | M] () -- C:\Windows\SysWow64\ff_libmad.dll

[2012/11/11 17:40:48 | 000,114,688 | ---- | M] () -- C:\Windows\SysWow64\ff_liba52.dll

[2012/11/11 13:34:54 | 001,497,768 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVVideo.ax

[2012/11/11 13:34:54 | 000,503,464 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVSplitter.ax

[2012/11/11 13:34:54 | 000,405,200 | ---- | M] () -- C:\Windows\SysNative\swscale-lav-2.dll

[2012/11/11 13:34:54 | 000,274,600 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVAudio.ax

[2012/11/11 13:34:54 | 000,252,792 | ---- | M] () -- C:\Windows\SysNative\avutil-lav-52.dll

[2012/11/11 13:34:54 | 000,215,720 | ---- | M] () -- C:\Windows\SysNative\libbluray.dll

[2012/11/11 13:34:54 | 000,178,472 | ---- | M] () -- C:\Windows\SysNative\avresample-lav-1.dll

[2012/11/11 13:34:52 | 008,000,584 | ---- | M] () -- C:\Windows\SysNative\avcodec-lav-54.dll

[2012/11/11 13:34:52 | 001,137,384 | ---- | M] () -- C:\Windows\SysNative\avformat-lav-54.dll

[2012/11/11 13:34:52 | 000,181,568 | ---- | M] () -- C:\Windows\SysNative\avfilter-lav-3.dll

[2012/11/11 13:32:34 | 007,870,928 | ---- | M] () -- C:\Windows\SysWow64\avcodec-lav-54.dll

[2012/11/11 13:32:34 | 001,182,696 | ---- | M] () -- C:\Windows\SysWow64\avformat-lav-54.dll

[2012/11/11 13:32:34 | 001,172,648 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVVideo.ax

[2012/11/11 13:32:34 | 000,413,864 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVSplitter.ax

[2012/11/11 13:32:34 | 000,382,120 | ---- | M] () -- C:\Windows\SysWow64\swscale-lav-2.dll

[2012/11/11 13:32:34 | 000,241,832 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVAudio.ax

[2012/11/11 13:32:34 | 000,238,528 | ---- | M] () -- C:\Windows\SysWow64\avutil-lav-52.dll

[2012/11/11 13:32:34 | 000,183,976 | ---- | M] () -- C:\Windows\SysWow64\libbluray.dll

[2012/11/11 13:32:34 | 000,167,728 | ---- | M] () -- C:\Windows\SysWow64\avfilter-lav-3.dll

[2012/11/11 13:32:34 | 000,158,096 | ---- | M] () -- C:\Windows\SysWow64\avresample-lav-1.dll

[2012/11/09 15:46:47 | 000,040,727 | ---- | M] () -- C:\test.xml

[2012/11/08 12:01:08 | 004,418,888 | ---- | M] (AVG Technologies) -- C:\Users\Cecilia\Documents\avg_avc_stb_all_2013_2742.exe