Solved Win64/Patched.A virus..urgent help needed by desperate novice

[LadyhawkeX]

Ok done here is the log part 1


[FONT=Calibri]ComboFix 12-11-24.02 - Cecilia 24/11/2012 18:05:00.1.4 - x64[/FONT]

[FONT=Calibri]Microsoft Windows 7 Professional 6.1.7601.1.1252.353.1033.18.4012.2102 [GMT 0:00][/FONT]

[FONT=Calibri]Running from: c:\users\Cecilia\Desktop\ComboFix.exe[/FONT]

[FONT=Calibri]SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]c:\programdata\Roaming[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 )))))))))))))))))))))))))))))))[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]2012-11-24 18:11 . 2012-11-24 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp[/FONT]

[FONT=Calibri]2012-11-22 22:42 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys[/FONT]

[FONT=Calibri]2012-11-22 22:42 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys[/FONT]

[FONT=Calibri]2012-11-22 22:42 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui[/FONT]

[FONT=Calibri]2012-11-22 22:42 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll[/FONT]

[FONT=Calibri]2012-11-22 18:43 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll[/FONT]

[FONT=Calibri]2012-11-21 17:45 . 2012-11-21 17:45 -------- d-----w- C:\FRST[/FONT]

[FONT=Calibri]2012-11-20 18:06 . 2012-11-20 21:26 -------- d-----w- c:\program files (x86)\Mega Codec Pack[/FONT]

[FONT=Calibri]2012-11-20 18:05 . 2012-11-20 18:05 -------- d-----w- c:\users\Cecilia\AppData\Roaming\Media Player Classic[/FONT]

[FONT=Calibri]2012-11-13 21:03 . 2012-11-20 21:23 -------- d-----w- c:\program files (x86)\Essentials Codec Pack[/FONT]

[FONT=Calibri]2012-11-13 21:02 . 2012-11-13 21:02 -------- d-----w- c:\program files (x86)\Yontoo[/FONT]

[FONT=Calibri]2012-11-13 21:01 . 2012-11-13 21:01 -------- d-----w- c:\windows\SysWow64\C2MP[/FONT]

[FONT=Calibri]2012-11-11 20:57 . 2012-11-11 20:57 39904 ----a-w- c:\windows\SysWow64\dischandler.exe[/FONT]

[FONT=Calibri]2012-11-11 17:46 . 2012-11-11 17:46 4012544 ----a-w- c:\windows\system32\ffmpeg.dll[/FONT]

[FONT=Calibri]2012-11-11 17:45 . 2012-11-11 17:45 474624 ----a-w- c:\windows\system32\ff_kernelDeint.dll[/FONT]

[FONT=Calibri]2012-11-11 17:45 . 2012-11-11 17:45 127488 ----a-w- c:\windows\system32\ff_vfw.dll[/FONT]

[FONT=Calibri]2012-11-11 17:45 . 2012-11-11 17:45 4376576 ----a-w- c:\windows\system32\ffdshow.ax[/FONT]

[FONT=Calibri]2012-11-11 17:45 . 2012-11-11 17:45 156672 ----a-w- c:\windows\system32\ff_libmad.dll[/FONT]

[FONT=Calibri]2012-11-11 17:44 . 2012-11-11 17:44 631296 ----a-w- c:\windows\system32\TomsMoComp_ff.dll[/FONT]

[FONT=Calibri]2012-11-11 17:44 . 2012-11-11 17:44 114688 ----a-w- c:\windows\system32\ff_wmv9.dll[/FONT]

[FONT=Calibri]2012-11-11 17:44 . 2012-11-11 17:44 223232 ----a-w- c:\windows\system32\ff_libdts.dll[/FONT]

[FONT=Calibri]2012-11-11 17:44 . 2012-11-11 17:44 183296 ----a-w- c:\windows\system32\ff_unrar.dll[/FONT]

[FONT=Calibri]2012-11-11 17:44 . 2012-11-11 17:44 1532928 ----a-w- c:\windows\system32\ff_samplerate.dll[/FONT]

[FONT=Calibri]2012-11-11 17:44 . 2012-11-11 17:44 116224 ----a-w- c:\windows\system32\ff_liba52.dll[/FONT]

[FONT=Calibri]2012-11-11 17:42 . 2012-11-11 17:42 3915776 ----a-w- c:\windows\SysWow64\ffmpeg.dll[/FONT]

[FONT=Calibri]2012-11-11 17:41 . 2012-11-11 17:41 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll[/FONT]

[FONT=Calibri]2012-11-11 17:41 . 2012-11-11 17:41 3504128 ----a-w- c:\windows\SysWow64\ffdshow.ax[/FONT]

[FONT=Calibri]2012-11-11 17:41 . 2012-11-11 17:41 271360 ----a-w- c:\windows\SysWow64\TomsMoComp_ff.dll[/FONT]

[FONT=Calibri]2012-11-11 17:40 . 2012-11-11 17:40 99840 ----a-w- c:\windows\SysWow64\ff_wmv9.dll[/FONT]

[FONT=Calibri]2012-11-11 17:40 . 2012-11-11 17:40 157184 ----a-w- c:\windows\SysWow64\ff_unrar.dll[/FONT]

[FONT=Calibri]2012-11-11 17:40 . 2012-11-11 17:40 211968 ----a-w- c:\windows\SysWow64\ff_libdts.dll[/FONT]

[FONT=Calibri]2012-11-11 17:40 . 2012-11-11 17:40 1525760 ----a-w- c:\windows\SysWow64\ff_samplerate.dll[/FONT]

[FONT=Calibri]2012-11-11 17:40 . 2012-11-11 17:40 147456 ----a-w- c:\windows\SysWow64\ff_libmad.dll[/FONT]

[FONT=Calibri]2012-11-11 17:40 . 2012-11-11 17:40 114688 ----a-w- c:\windows\SysWow64\ff_liba52.dll[/FONT]

[FONT=Calibri]2012-11-11 13:34 . 2012-11-11 13:34 503464 ----a-w- c:\windows\system32\LAVSplitter.ax[/FONT]

[FONT=Calibri]2012-11-11 13:34 . 2012-11-11 13:34 405200 ----a-w- c:\windows\system32\swscale-lav-2.dll[/FONT]

[FONT=Calibri]2012-11-11 13:34 . 2012-11-11 13:34 364712 ----a-w- c:\windows\system32\IntelQuickSyncDecoder.dll[/FONT]

[FONT=Calibri]2012-11-11 13:34 . 2012-11-11 13:34 274600 ----a-w- c:\windows\system32\LAVAudio.ax[/FONT]

[FONT=Calibri]2012-11-11 13:34 . 2012-11-11 13:34 252792 ----a-w- c:\windows\system32\avutil-lav-52.dll[/FONT]

[FONT=Calibri]2012-11-11 13:34 . 2012-11-11 13:34 215720 ----a-w- c:\windows\system32\libbluray.dll[/FONT]

[FONT=Calibri]2012-11-11 13:34 . 2012-11-11 13:34 178472 ----a-w- c:\windows\system32\avresample-lav-1.dll[/FONT]

[FONT=Calibri]2012-11-11 13:34 . 2012-11-11 13:34 1497768 ----a-w- c:\windows\system32\LAVVideo.ax[/FONT]

[FONT=Calibri]2012-11-11 13:34 . 2012-11-11 13:34 8000584 ----a-w- c:\windows\system32\avcodec-lav-54.dll[/FONT]

[FONT=Calibri]2012-11-11 13:34 . 2012-11-11 13:34 181568 ----a-w- c:\windows\system32\avfilter-lav-3.dll[/FONT]

[FONT=Calibri]2012-11-11 13:34 . 2012-11-11 13:34 1137384 ----a-w- c:\windows\system32\avformat-lav-54.dll[/FONT]

[FONT=Calibri]2012-11-11 13:32 . 2012-11-11 13:32 7870928 ----a-w- c:\windows\SysWow64\avcodec-lav-54.dll[/FONT]

[FONT=Calibri]2012-11-11 13:32 . 2012-11-11 13:32 413864 ----a-w- c:\windows\SysWow64\LAVSplitter.ax[/FONT]

[FONT=Calibri]2012-11-11 13:32 . 2012-11-11 13:32 382120 ----a-w- c:\windows\SysWow64\swscale-lav-2.dll[/FONT]

[FONT=Calibri]2012-11-11 13:32 . 2012-11-11 13:32 281768 ----a-w- c:\windows\SysWow64\IntelQuickSyncDecoder.dll[/FONT]

[FONT=Calibri]2012-11-11 13:32 . 2012-11-11 13:32 241832 ----a-w- c:\windows\SysWow64\LAVAudio.ax[/FONT]

[FONT=Calibri]2012-11-11 13:32 . 2012-11-11 13:32 238528 ----a-w- c:\windows\SysWow64\avutil-lav-52.dll[/FONT]

[FONT=Calibri]2012-11-11 13:32 . 2012-11-11 13:32 183976 ----a-w- c:\windows\SysWow64\libbluray.dll[/FONT]

[FONT=Calibri]2012-11-11 13:32 . 2012-11-11 13:32 167728 ----a-w- c:\windows\SysWow64\avfilter-lav-3.dll[/FONT]

[FONT=Calibri]2012-11-11 13:32 . 2012-11-11 13:32 158096 ----a-w- c:\windows\SysWow64\avresample-lav-1.dll[/FONT]

[FONT=Calibri]2012-11-11 13:32 . 2012-11-11 13:32 1182696 ----a-w- c:\windows\SysWow64\avformat-lav-54.dll[/FONT]

[FONT=Calibri]2012-11-11 13:32 . 2012-11-11 13:32 1172648 ----a-w- c:\windows\SysWow64\LAVVideo.ax[/FONT]

[FONT=Calibri]2012-11-08 18:21 . 2012-11-08 18:21 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software[/FONT]

[FONT=Calibri]2012-11-08 12:45 . 2012-11-08 12:45 -------- d-----w- c:\users\Cecilia\AppData\Roaming\TuneUp Software[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri](((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]2012-11-22 22:31 . 2011-11-26 16:43 66395536 ----a-w- c:\windows\system32\MRT.exe[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 161792 ----a-w- c:\windows\SysWow64\msls31.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 63488 ----a-w- c:\windows\SysWow64\tdc.ocx[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 367104 ----a-w- c:\windows\SysWow64\html.iec[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 74752 ----a-w- c:\windows\SysWow64\iesetup.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 35840 ----a-w- c:\windows\SysWow64\imgutil.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 222208 ----a-w- c:\windows\system32\msls31.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 197120 ----a-w- c:\windows\system32\msrating.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 152064 ----a-w- c:\windows\SysWow64\wextract.exe[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 150528 ----a-w- c:\windows\SysWow64\iexpress.exe[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 11776 ----a-w- c:\windows\SysWow64\mshta.exe[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 101888 ----a-w- c:\windows\SysWow64\admparse.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 89088 ----a-w- c:\windows\system32\ie4uinit.exe[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 85504 ----a-w- c:\windows\system32\iesetup.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 82432 ----a-w- c:\windows\system32\icardie.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 76800 ----a-w- c:\windows\system32\tdc.ocx[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 65024 ----a-w- c:\windows\system32\pngfilt.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 55296 ----a-w- c:\windows\system32\msfeedsbs.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 534528 ----a-w- c:\windows\system32\ieapfltr.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 49664 ----a-w- c:\windows\system32\imgutil.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 48640 ----a-w- c:\windows\system32\mshtmler.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 452608 ----a-w- c:\windows\system32\dxtmsft.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 448512 ----a-w- c:\windows\system32\html.iec[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 403248 ----a-w- c:\windows\system32\iedkcs32.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 39936 ----a-w- c:\windows\system32\iernonce.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 3695416 ----a-w- c:\windows\system32\ieapfltr.dat[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 30720 ----a-w- c:\windows\system32\licmgr10.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 282112 ----a-w- c:\windows\system32\dxtrans.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 267776 ----a-w- c:\windows\system32\ieaksie.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 249344 ----a-w- c:\windows\system32\webcheck.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 163840 ----a-w- c:\windows\system32\ieakui.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 160256 ----a-w- c:\windows\system32\wextract.exe[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 160256 ----a-w- c:\windows\system32\ieakeng.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 149504 ----a-w- c:\windows\system32\occache.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 145920 ----a-w- c:\windows\system32\iepeers.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 135168 ----a-w- c:\windows\system32\IEAdvpack.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 12288 ----a-w- c:\windows\system32\mshta.exe[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 114176 ----a-w- c:\windows\system32\admparse.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 111616 ----a-w- c:\windows\system32\iesysprep.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 10752 ----a-w- c:\windows\system32\msfeedssync.exe[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 103936 ----a-w- c:\windows\system32\inseng.dll[/FONT]

[FONT=Calibri]2012-10-20 10:47 . 2012-10-20 10:47 165888 ----a-w- c:\windows\system32\iexpress.exe[/FONT]

[FONT=Calibri]2012-10-16 08:36 . 2012-10-16 08:36 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin[/FONT]

[FONT=Calibri]2012-10-10 19:06 . 2012-04-02 11:28 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe[/FONT]

[FONT=Calibri]2012-10-10 19:06 . 2011-12-02 12:02 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl[/FONT]

[FONT=Calibri]2012-09-24 00:03 . 2012-09-24 00:03 1289728 ----a-w- c:\windows\SysWow64\VSFilter.dll[/FONT]

[FONT=Calibri]2012-09-14 19:19 . 2012-10-09 20:11 2048 ----a-w- c:\windows\system32\tzres.dll[/FONT]

[FONT=Calibri]2012-09-14 18:28 . 2012-10-09 20:11 2048 ----a-w- c:\windows\SysWow64\tzres.dll[/FONT]

[FONT=Calibri]2012-08-31 18:19 . 2012-10-09 20:11 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys[/FONT]

[FONT=Calibri]2012-08-30 18:03 . 2012-10-09 20:11 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe[/FONT]

[FONT=Calibri]2012-08-30 17:12 . 2012-10-09 20:11 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe[/FONT]

[FONT=Calibri]2012-08-30 17:12 . 2012-10-09 20:11 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe[/FONT]

 

[LadyhawkeX]

Part 2


[FONT=Calibri]((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]*Note* empty entries & legit default entries are not shown [/FONT]

[FONT=Calibri]REGEDIT4[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}][/FONT]

[FONT=Calibri]2012-10-24 00:36 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run][/FONT]

[FONT=Calibri]"VoipBuster"="c:\program files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe" [2012-09-11 23069600][/FONT]

[FONT=Calibri]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928][/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run][/FONT]

[FONT=Calibri]"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-11-17 673168][/FONT]

[FONT=Calibri]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008][/FONT]

[FONT=Calibri]"VAIO Boot Manager"="c:\program files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe" [2010-12-08 734608][/FONT]

[FONT=Calibri]"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040][/FONT]

[FONT=Calibri]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280][/FONT]

[FONT=Calibri]"MMReminderService"="c:\program files (x86)\Mindjet\MindManager 10\MMReminderService.exe" [2011-11-10 38248][/FONT]

[FONT=Calibri]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776][/FONT]

[FONT=Calibri]"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320][/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\[/FONT]

[FONT=Calibri]Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320][/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system][/FONT]

[FONT=Calibri]"ConsentPromptBehaviorUser"= 3 (0x3)[/FONT]

[FONT=Calibri]"EnableUIADesktopToggle"= 0 (0x0)[/FONT]

[FONT=Calibri]"PromptOnSecureDesktop"= 0 (0x0)[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows][/FONT]

[FONT=Calibri]"LoadAppInit_DLLs"=1 (0x1)[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32][/FONT]

[FONT=Calibri]"aux3"=wdmaud.drv[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS][/FONT]

[FONT=Calibri]@=""[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576][/FONT]

[FONT=Calibri]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944][/FONT]

[FONT=Calibri]R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-11-03 344616][/FONT]

[FONT=Calibri]R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-11-03 39464][/FONT]

[FONT=Calibri]R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088][/FONT]

[FONT=Calibri]R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-11-04 133632][/FONT]

[FONT=Calibri]R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-11-04 114304][/FONT]

[FONT=Calibri]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240][/FONT]

[FONT=Calibri]R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368][/FONT]

[FONT=Calibri]R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-01-03 340072][/FONT]

[FONT=Calibri]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864][/FONT]

[FONT=Calibri]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312][/FONT]

[FONT=Calibri]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864][/FONT]

[FONT=Calibri]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392][/FONT]

[FONT=Calibri]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736][/FONT]

[FONT=Calibri]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-26 1255736][/FONT]

[FONT=Calibri]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464][/FONT]

[FONT=Calibri]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184][/FONT]

[FONT=Calibri]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856][/FONT]

[FONT=Calibri]S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048][/FONT]

[FONT=Calibri]S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408][/FONT]

[FONT=Calibri]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-22 204288][/FONT]

[FONT=Calibri]S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400][/FONT]

[FONT=Calibri]S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512][/FONT]

[FONT=Calibri]S2 FPLService;TrueSuiteService;c:\program files\TrueSuite\TrueSuite.Service.exe [2010-12-13 290632][/FONT]

[FONT=Calibri]S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336][/FONT]

[FONT=Calibri]S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-07 2429544][/FONT]

[FONT=Calibri]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432][/FONT]

[FONT=Calibri]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936][/FONT]

[FONT=Calibri]S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192][/FONT]

[FONT=Calibri]S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-05 2656280][/FONT]

[FONT=Calibri]S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-12-06 584080][/FONT]

[FONT=Calibri]S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-12-09 923024][/FONT]

[FONT=Calibri]S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [2010-12-10 894240][/FONT]

[FONT=Calibri]S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440][/FONT]

[FONT=Calibri]S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2012-05-25 12312832][/FONT]

[FONT=Calibri]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928][/FONT]

[FONT=Calibri]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-11-01 80384][/FONT]

[FONT=Calibri]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-11-01 180736][/FONT]

[FONT=Calibri]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-30 425064][/FONT]

[FONT=Calibri]S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032][/FONT]

[FONT=Calibri]S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736][/FONT]

[FONT=Calibri]S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040][/FONT]

[FONT=Calibri]S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088][/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}][/FONT]

[FONT=Calibri]2011-11-10 12:14 1409 ----a-r- c:\program files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]Contents of the 'Scheduled Tasks' folder[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job[/FONT]

[FONT=Calibri]- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 19:06][/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job[/FONT]

[FONT=Calibri]- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-30 05:47][/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job[/FONT]

[FONT=Calibri]- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-30 05:47][/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]2012-11-24 c:\windows\Tasks\SDMsgUpdate (TE).job[/FONT]

[FONT=Calibri]- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2012-04-12 18:22][/FONT]

 

[LadyhawkeX]

Part 3


[FONT=Calibri]--------- X64 Entries -----------[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run][/FONT]

[FONT=Calibri]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-03 11490408][/FONT]

[FONT=Calibri]"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-03 2179688][/FONT]

[FONT=Calibri]"ClientAppLogon"="c:\program files\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2010-12-13 421192][/FONT]

[FONT=Calibri]"ClientAppLogon32"="c:\program files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe" [2010-12-13 308040][/FONT]

[FONT=Calibri]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648][/FONT]

[FONT=Calibri]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-25 167744][/FONT]

[FONT=Calibri]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-25 417088] CFB3B6278FB1[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]------- Supplementary Scan -------[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]uLocal Page = c:\windows\system32\blank.htm[/FONT]

[FONT=Calibri]uStart Page = hxxp://www.searchnu.com/406[/FONT]

[FONT=Calibri]mLocal Page = c:\windows\SysWOW64\blank.htm[/FONT]

[FONT=Calibri]uInternet Settings,ProxyOverride = <local>;*.local[/FONT]

[FONT=Calibri]IE: [/FONT]

[FONT=Calibri]IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html[/FONT]

[FONT=Calibri]IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000[/FONT]

[FONT=Calibri]IE: Send Image To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201[/FONT]

[FONT=Calibri]IE: Send Link To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203[/FONT]

[FONT=Calibri]IE: Send Page To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204[/FONT]

[FONT=Calibri]IE: Send Text To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202[/FONT]

[FONT=Calibri]TCP: DhcpNameServer = 192.168.15.1[/FONT]

[FONT=Calibri]FF - ProfilePath - c:\users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\[/FONT]

[FONT=Calibri]FF - prefs.js: browser.search.selectedEngine - Google[/FONT]

[FONT=Calibri]FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/[/FONT]

[FONT=Calibri]FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=394&systemid=406&sr=0&q=[/FONT]

[FONT=Calibri]FF - user.js: extentions.y2layers.installId - a3b41b51-1749-4bc0-84c1-5a23a13a3be2[/FONT]

[FONT=Calibri]FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics[/FONT]

[FONT=Calibri]FF - user.js: extensions.autoDisableScopes - 14[/FONT]

[FONT=Calibri]FF - user.js: extensions.incredibar_i.newTab - false[/FONT]

[FONT=Calibri]FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQF2OoGpg&loc=IB_TB&I=26&search=[/FONT]

[FONT=Calibri]FF - user.js: extensions.incredibar_i.id - c8fc4ae90000000000008ca9825b7235[/FONT]

[FONT=Calibri]FF - user.js: extensions.incredibar_i.instlDay - 15551[/FONT]

[FONT=Calibri]FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14[/FONT]

[FONT=Calibri]FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14[/FONT]

[FONT=Calibri]FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1416:04[/FONT]

[FONT=Calibri]FF - user.js: extensions.incredibar_i.prtnrId - Incredibar[/FONT]

[FONT=Calibri]FF - user.js: extensions.incredibar_i.prdct - incredibar[/FONT]

[FONT=Calibri]FF - user.js: extensions.incredibar_i.aflt - orgnl[/FONT]

[FONT=Calibri]FF - user.js: extensions.incredibar_i.smplGrp - none[/FONT]

[FONT=Calibri]FF - user.js: extensions.incredibar_i.tlbrId - base[/FONT]

[FONT=Calibri]FF - user.js: extensions.incredibar_i.instlRef - [/FONT]

[FONT=Calibri]FF - user.js: extensions.incredibar_i.dfltLng - [/FONT]

[FONT=Calibri]FF - user.js: extensions.incredibar_i.excTlbr - false[/FONT]

[FONT=Calibri]FF - user.js: extensions.incredibar_i.ms_url_id - [/FONT]

[FONT=Calibri]FF - user.js: extensions.incredibar_i.upn2 - 6PQF2OoGpg[/FONT]

[FONT=Calibri]FF - user.js: extensions.incredibar_i.upn2n - 92543320008558118[/FONT]

[FONT=Calibri]FF - user.js: extensions.incredibar_i.productid - 26[/FONT]

[FONT=Calibri]FF - user.js: extensions.incredibar_i.installerproductid - 26[/FONT]

[FONT=Calibri]FF - user.js: extensions.incredibar_i.did - 10658[/FONT]

[FONT=Calibri]FF - user.js: extensions.incredibar_i.ppd - [/FONT]

[FONT=Calibri]FF - user.js: extentions.y2layers.installId - a046e4e2-bb98-405a-bc9d-bb325126bceb[/FONT]

[FONT=Calibri]FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]- - - - ORPHANS REMOVED - - - -[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll[/FONT]

[FONT=Calibri]Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll[/FONT]

[FONT=Calibri]Toolbar-10 - (no file)[/FONT]

[FONT=Calibri]Toolbar-10 - (no file)[/FONT]

[FONT=Calibri]HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector][/FONT]

[FONT=Calibri]"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]--------------------- LOCKED REGISTRY KEYS ---------------------[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}][/FONT]

[FONT=Calibri]@Denied: (A 2) (Everyone)[/FONT]

[FONT=Calibri]@="FlashBroker"[/FONT]

[FONT=Calibri]"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation][/FONT]

[FONT=Calibri]"Enabled"=dword:00000001[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32][/FONT]

[FONT=Calibri]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib][/FONT]

[FONT=Calibri]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}][/FONT]

[FONT=Calibri]@Denied: (A 2) (Everyone)[/FONT]

[FONT=Calibri]@="IFlashBroker5"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32][/FONT]

[FONT=Calibri]@="{00020424-0000-0000-C000-000000000046}"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib][/FONT]

[FONT=Calibri]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[/FONT]

[FONT=Calibri]"Version"="1.0"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}][/FONT]

[FONT=Calibri]@Denied: (A 2) (Everyone)[/FONT]

[FONT=Calibri]@="FlashBroker"[/FONT]

[FONT=Calibri]"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation][/FONT]

[FONT=Calibri]"Enabled"=dword:00000001[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32][/FONT]

[FONT=Calibri]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib][/FONT]

[FONT=Calibri]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}][/FONT]

[FONT=Calibri]@Denied: (A 2) (Everyone)[/FONT]

[FONT=Calibri]@="Shockwave Flash Object"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32][/FONT]

[FONT=Calibri]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"[/FONT]

[FONT=Calibri]"ThreadingModel"="Apartment"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus][/FONT]

[FONT=Calibri]@="0"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID][/FONT]

[FONT=Calibri]@="ShockwaveFlash.ShockwaveFlash.11"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32][/FONT]

[FONT=Calibri]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib][/FONT]

[FONT=Calibri]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version][/FONT]

[FONT=Calibri]@="1.0"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID][/FONT]

[FONT=Calibri]@="ShockwaveFlash.ShockwaveFlash"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}][/FONT]

[FONT=Calibri]@Denied: (A 2) (Everyone)[/FONT]

[FONT=Calibri]@="Macromedia Flash Factory Object"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32][/FONT]

[FONT=Calibri]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"[/FONT]

[FONT=Calibri]"ThreadingModel"="Apartment"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID][/FONT]

[FONT=Calibri]@="FlashFactory.FlashFactory.1"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32][/FONT]

[FONT=Calibri]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib][/FONT]

[FONT=Calibri]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version][/FONT]

[FONT=Calibri]@="1.0"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID][/FONT]

[FONT=Calibri]@="FlashFactory.FlashFactory"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}][/FONT]

[FONT=Calibri]@Denied: (A 2) (Everyone)[/FONT]

[FONT=Calibri]@="IFlashBroker5"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32][/FONT]

[FONT=Calibri]@="{00020424-0000-0000-C000-000000000046}"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib][/FONT]

[FONT=Calibri]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[/FONT]

[FONT=Calibri]"Version"="1.0"[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\software\McAfee][/FONT]

[FONT=Calibri]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,[/FONT]

[FONT=Calibri] 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings][/FONT]

[FONT=Calibri]@Denied: (A) (Users)[/FONT]

[FONT=Calibri]@Denied: (A) (Everyone)[/FONT]

[FONT=Calibri]@Allowed: (B 1 2 3 4 5) (S-1-5-20)[/FONT]

[FONT=Calibri]"BlindDial"=dword:00000000[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security][/FONT]

[FONT=Calibri]@Denied: (Full) (Everyone)[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]Completion time: 2012-11-24 18:14:06[/FONT]

[FONT=Calibri]ComboFix-quarantined-files.txt 2012-11-24 18:14[/FONT]

[FONT=Calibri].[/FONT]

[FONT=Calibri]Pre-Run: 269,963,243,520 bytes free[/FONT]

[FONT=Calibri]Post-Run: 269,466,918,912 bytes free[/FONT]

[FONT=Calibri].[/FONT]
[FONT=Calibri]- - End Of File - - DFFDF7A1F54FB21CC1F3[/FONT]

 

[LadyhawkeX]

Lletme know when I can reinstall my anti virus... feeling a bit exposed here !-( and tahanks so much again for your support!!!

 

[Broni]

Combofix log looks good.

Any current issues?

You can reinstall AVG now.

==========================

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

• Double click on adwcleaner.exe to run the tool.
• Click on Uninstall.
• Confirm with yes.

==========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[LadyhawkeX]

Here is the log from ADW...should I do the 2nd part of this(the uninstall now? wasn't sure if you had to look at the log first... told you I was a novice..

# AdwCleaner v2.009 - Logfile created 11/24/2012 at 21:04:18
# Updated 24/11/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Cecilia - SILVER
# Boot Mode : Normal
# Running from : C:\Users\Cecilia\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\searchplugins\Search_Results.xml
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Cecilia\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Cecilia\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Cecilia\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Cecilia\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\extensions\ffxtlbr@incredibar.com
Folder Deleted : C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\extensions\plugin@yontoo.com
Folder Deleted : C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\Searchqutoolbar
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/406 --> hxxp://www.google.com
-\\ Mozilla Firefox v16.0.2 (en-GB)
Profile name : default
File : C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\prefs.js
C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\user.js ... Deleted !
Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\13.2.0.4");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.order.1", "Search Results");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("extensions.5027cbc9e6d77.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.enabledAddons", "ffxtlbr@incredibar.com:1.5.0,plugin@yontoo.com:1.20.00,avg@to[...]
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10658");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "c8fc4ae90000000000008ca9825b7235");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15551");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQF2OoGpg&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6PQF2OoGpg");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92543320008558118");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1416:04:00");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={DC82B78D-E5A6-4FFD-9E8A-966FE3A3DB7F}&m[...]
-\\ Google Chrome v [Unable to get version]
File : C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.4] : homepage = "hxxp://www.searchnu.com/406",
Deleted [l.8] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]
Deleted [l.46] : homepage = "hxxp://www.searchnu.com/406",
Deleted [l.61] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]
*************************
AdwCleaner[S1].txt - [7521 octets] - [24/11/2012 21:04:18]
########## EOF - C:\AdwCleaner[S1].txt - [7581 octets] ##########

 

[Broni]

Yes. Uninstall AdwCleaner.

 

[LadyhawkeX]

Unisatlled it... here is the OTL Extra log

OTL Extras logfile created on: 24/11/2012 23:09:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cecilia\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.92 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 32.90% Memory free
7.83 Gb Paging File | 5.27 Gb Available in Paging File | 67.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.33 Gb Total Space | 249.45 Gb Free Space | 55.27% Space Free | Partition Type: NTFS

Computer Name: SILVER | User Name: Cecilia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2489319110-3914873036-576177692-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A1BF2C-922D-4725-9AD3-E74EED6D5F5B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{07115FAB-A29E-4E3D-AE50-C71B5CFD441E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{091D062F-BC40-484C-9B94-252CDF7D13AC}" = lport=139 | protocol=6 | dir=in | app=system |
"{1A3EBDC2-4CCC-42AA-9240-2FFAE2BC8FFC}" = rport=445 | protocol=6 | dir=out | app=system |
"{21A846AB-4B38-4C8D-86A0-8268692C0F47}" = rport=138 | protocol=17 | dir=out | app=system |
"{3D110CE4-E6C0-4D6E-8529-1DD45D6126AC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{56D30B4E-7850-4E40-8CAD-090B472D6FC1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A9164AF-DC0F-4742-B2AF-3BEFA046968D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6091F3AB-8070-4208-BC85-ECF4AD19D535}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6C5EDB9F-81FB-41E3-9BCF-91E6EE1C8B82}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D4E4DCF-C7B5-49E8-8AD4-24BBAB9387EB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{708FE1FA-AF73-4293-8F86-2F70060569F7}" = rport=139 | protocol=6 | dir=out | app=system |
"{77264DF4-C228-4869-ACAF-DD4F45B5DF0C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8147A994-A722-4F3C-8554-016BD1FF77FD}" = lport=445 | protocol=6 | dir=in | app=system |
"{821D59AB-F5C6-4FB3-9F14-4021799CFB93}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{926B7BA2-D5B8-4D3B-B543-CDCD24363A5E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{944CC722-D9CE-4A17-94DE-8C5C6E5BE855}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9632863B-A495-4EF5-AF41-1875EC51B9F6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A0D35EC9-76CF-4A63-8991-1072F591A572}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A547457A-F6A6-4B4D-80CD-864358F38F67}" = lport=137 | protocol=17 | dir=in | app=system |
"{AA66AE14-F2F3-4031-BE79-3826A4D1EC36}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AD32CDFC-0616-4843-8B26-F8B0479152FC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CA08D1C3-F7AC-42A9-A158-FF17EF366442}" = lport=138 | protocol=17 | dir=in | app=system |
"{CC278859-EAA0-45A2-AB37-825384B61526}" = rport=137 | protocol=17 | dir=out | app=system |
"{DBDC8770-B7CC-4929-903E-25EE04174C67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E12884E1-E5AA-4B26-91C5-637F220FA710}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F2DDE1-D67A-4E14-8326-EDFDD51300E5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{047C78EA-C910-49BE-AE07-3252F69B27CA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{0EAAE4CD-9DB0-478E-A0E9-F39043332176}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0F2E35D0-AB6F-486D-AE2E-110AAA944A08}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0FBFD8C8-7347-48A7-BAF7-79D4325B2B7C}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{1392A926-0ACD-454D-9002-D656140C7B6B}" = protocol=6 | dir=in | app=c:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe |
"{139593FA-38A7-4147-9E72-9696CCC02C92}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{21A648DD-B1FF-4CED-BDB5-99CC719EBE1B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24435E97-A49C-4A79-B05F-8DEDC14DFDC7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{27A9E0B3-EB20-4616-8677-F51E212756C8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2A214838-D425-46EF-A85E-0D8039302BA3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{2AC08A30-E554-4E3F-ACFC-6A920D9F86EA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{324D3EA8-10A4-4058-A3A1-0AD46DA3414D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{347423CD-8B85-4136-B5C4-8847232EA299}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3831A6D6-C188-4C42-92B4-3708D93805BC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{39A1E818-E56F-4605-A165-74D3C2460767}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4205C6EB-8471-485B-841A-7F1E964382F6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{448DB2EF-F829-4D9C-A37C-256CE1BBA1A7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{4ABFD4BC-3B96-49F4-A275-6AECA3A0FF8F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4F60BA12-31B0-476C-91C9-7455EA307A03}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{51DAE64F-6FF9-463E-B1CF-EBFD77335093}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5AED60A7-F112-42B4-89DD-91743101291E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62506E26-03C7-49A8-A41F-2D9C836003F0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6C364DAE-3F1A-4EEA-A95F-F7EF961B19B9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{6DCFDC92-E6FB-470C-ADAF-91911658DA73}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{721AF09A-7356-42EA-8AB4-47D06C7E5EAE}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{7240BDE3-94AA-4D73-AA8E-D479E9F9B99C}" = protocol=17 | dir=in | app=c:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe |
"{73EFC116-05CE-47E7-8996-58C3FF4AA543}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F9C0CA4-1693-4FD5-9861-95D4DCAD920D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7FA0F9EE-B2FA-444C-A5F2-EFD63F7D525A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{83497747-C91C-48FE-8FE7-FEAB406ED110}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{8980B25D-F8CB-4F2B-AE92-CC44904924B1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8F1EB679-BF09-4B1B-8420-A02BEB6FC73E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{937E81C4-3E3D-490E-AFA0-22DC0D75B893}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{95521C2C-4F08-4379-A5AD-63CFEB3B15D4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9C639952-07EE-4AA5-BFDE-7A9E1D069A09}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9E900F6E-C6AF-4AA3-8B78-44AF9109E526}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A16D8703-C07C-440C-AE5B-1D8457F4478F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AD3DAB04-D4BF-405D-A23B-4F9DA00F0097}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B6E8E116-60A1-4E2F-BD5C-D6D4162A624D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BAF3BAD7-334A-4EFF-9B7F-265ADC0A210A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D1848F30-99C4-417F-9B77-9075B7FD424E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D2F1BA71-797F-41BF-B490-1BC06B298657}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D8848C7F-9869-4BA4-AC3F-3D5F3795F488}" = protocol=6 | dir=out | app=system |
"{E17B229B-DBA9-47E4-A66A-A9BB7711BA0A}" = protocol=17 | dir=in | app=c:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe |
"{E5CC50E9-67B3-4568-9D96-ECD8700A5479}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{E739E9F6-246B-410F-A422-A75CCDFE5A99}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EB6F2D88-02C6-4344-8DD3-C374836B9365}" = protocol=6 | dir=in | app=c:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe |
"{ECD22C23-098E-4F81-A2EA-34F8A3657800}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{FDF20519-566B-4B76-94DD-CD54A0103DB9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{FF27AAC6-F5FC-4562-AB45-03885C86D0F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
"{158BEEC4-CC30-BF2F-248D-B52AF953E9C1}" = ATI Catalyst Install Manager
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5CB648C9-78CC-D03E-65E4-B4AF6127CEFC}" = ccc-utility64
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7BF570D4-D060-165D-64AA-4C96DBC08671}" = AMD Media Foundation Decoders
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B305FB9-297D-4F86-BC8B-740E7A1EF200}" = AVG 2013
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AF162E20-417F-4946-A06D-65734984957F}" = Intel(R) PROSet/Wireless WiFi Software
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BB0CAB96-2EDE-4DDF-B6F3-AEE02C0F1CA4}" = AVG 2013
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C5D9F032-E965-426E-93B7-E0CF273036A3}" = AuthenTec TrueSuite
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"EPSON SX420W Series" = EPSON SX420W Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PDF-XChange 3_is1" = PDF-XChange 3
"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{06676957-7563-8D90-1212-6B58F8B724D9}" = CCC Help Spanish
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13EC74A6-4707-4D26-B9B9-E173403F3B08}" = Quick Web Access
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{223767A9-2A17-8F5D-A08A-BE720E51C2D6}" = CCC Help Norwegian
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FFD2FF0-8D1F-7CF0-B389-C2FE3B0BD745}" = CCC Help Czech
"{31ABC808-794B-4710-B3E4-85F77784882E}" = VAIO Hardware Diagnostics
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3705D53F-BB01-4BEE-8585-289E71CAC4B4}" = Компаньон Messenger
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{489D3997-0A51-54BD-591E-AD6A15EB8190}" = CCC Help English
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52018CB0-FD4F-C746-C950-1F40B00BC0C5}" = CCC Help Greek
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{547F3077-EBD6-9D0A-4C9C-A729E5AD6A76}" = CCC Help Korean
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{59312BC4-CA09-88A4-3CA2-A96FF21B4604}" = CCC Help Chinese Standard
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{6007FDAD-CBF0-4B15-6235-93F358273066}" = CCC Help Hungarian
"{60E333E5-93AF-E75A-3A22-A10B0DD351BE}" = CCC Help German
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{662E4107-92BC-228F-3BEE-6140BDF17BD7}" = Catalyst Control Center InstallProxy
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7C9B54C7-7777-41E4-8508-E78A6CE3BCE5}" = Catalyst Control Center - Branding
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{862AE653-4E32-087E-BA55-C11B853D4DF6}" = CCC Help Thai
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF4B62E-2ED0-0950-FA54-A46D59A93636}" = Catalyst Control Center Localization All
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{930A4D1B-AA42-D8DC-08F1-27CB7F6F6A13}" = CCC Help Danish
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{94650E3B-CCD1-AE32-46A1-3890787B3488}" = CCC Help Polish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" =
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADFAD16F-D86E-D4E2-3E0A-A94F54544DE9}" = Catalyst Control Center Profiles Mobile
"{AFE462CB-8D7D-1E68-1D3A-071E485CAF58}" = PX Profile Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1482DE6-FF00-2968-0155-57A643DCA7CB}" = CCC Help Portuguese
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{C0357E79-BAED-48F4-8AFE-A5E71AFC2658}" =
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C4040489-0C6A-6361-3270-CE574016BE0F}" = CCC Help Chinese Traditional
"{C4BD6ECC-FF0E-5AAC-8CB3-EA92B20D77A3}" = CCC Help Japanese
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO Manual
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" =
"{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D2F6976A-1935-F625-ACB4-CBF5C067C746}" = CCC Help Italian
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E085406A-685B-481C-9459-7B9049150534}" = Mindjet MindManager 2012
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E8A943BA-C038-B562-92AE-7C5A99C972A0}" = CCC Help French
"{EA441422-6D6A-6E91-A973-492BB9BFB0D6}" = Catalyst Control Center Graphics Previews Common
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFBEE79D-E49D-9451-459E-F776AC857F99}" = PX Profile Update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21A6101-3E12-32AE-AB8D-51F11005B55B}" = CCC Help Swedish
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F63FFE40-4F62-0F8C-5C97-7C66A2D7500A}" = CCC Help Turkish
"{F69CE215-9CE8-48DB-6943-9003B6AE5142}" = Catalyst Control Center
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8B48758-410A-4B09-A734-C5DEA282C7C9}" = VAIO Data Restore Tool
"{F8DD58A9-2A6A-5004-8740-D4E50FBF726C}" = CCC Help Finnish
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FED5269F-EAAA-5D64-AE23-3478C747A1F1}" = CCC Help Russian
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF5B1EEA-8766-4D05-A985-08610A21A739}" = CCC Help Dutch
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"BitTorrent" = BitTorrent
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CleanUp!" = CleanUp!
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON SX420W Series Manual" = EPSON SX420W Series Manual
"EPSON SX420W Series Network Guide" = EPSON SX420W Series Network Guide
"Google Chrome" = Google Chrome
"ImTOO DVD Ripper Ultimate 6" = ImTOO DVD Ripper Ultimate 6
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Media Player - Codec Pack" = Media Player Codec Pack 4.2.4
"Mozilla Firefox 16.0.2 (x86 en-GB)" = Mozilla Firefox 16.0.2 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MWSnap 3" = MWSnap 3
"PDF Password Remover v3.1_is1" = PDF Password Remover v3.1
"PremElem90" = Adobe Premiere Elements 9
"SmartDraw 2012" = SmartDraw 2012
"splashtop" = Quick Web Access
"VAIO Help and Support" =
"VoipBuster_is1" = VoipBuster
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 4.0 [64-Bit]
"WinLiveSuite" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.14

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2489319110-3914873036-576177692-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20/11/2012 05:27:54 | Computer Name = Silver | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 20/11/2012 15:19:26 | Computer Name = Silver | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 20/11/2012 16:25:00 | Computer Name = Silver | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 20/11/2012 16:56:15 | Computer Name = Silver | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 20/11/2012 16:57:12 | Computer Name = Silver | Source = System Restore | ID = 8210
Description =

Error - 20/11/2012 17:02:31 | Computer Name = Silver | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 20/11/2012 17:03:56 | Computer Name = Silver | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 20/11/2012 17:05:43 | Computer Name = Silver | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 20/11/2012 17:14:05 | Computer Name = Silver | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.
System
Error: A system shutdown is in progress. .

Error - 20/11/2012 17:15:09 | Computer Name = Silver | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

[ System Events ]
Error - 24/11/2012 16:47:20 | Computer Name = Silver | Source = DCOM | ID = 10010
Description =

Error - 24/11/2012 16:47:25 | Computer Name = Silver | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 24/11/2012 16:48:23 | Computer Name = Silver | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 24/11/2012 16:48:33 | Computer Name = Silver | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 24/11/2012 16:49:25 | Computer Name = Silver | Source = DCOM | ID = 10016
Description =

Error - 24/11/2012 17:05:38 | Computer Name = Silver | Source = DCOM | ID = 10010
Description =

Error - 24/11/2012 17:05:41 | Computer Name = Silver | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 24/11/2012 17:06:38 | Computer Name = Silver | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 24/11/2012 17:06:49 | Computer Name = Silver | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 24/11/2012 17:07:40 | Computer Name = Silver | Source = DCOM | ID = 10016
Description =


< End of report >

 

[LadyhawkeX]

OTL txt part 1

[FONT=Calibri]OTL logfile created on: 24/11/2012 23:09:56 - Run 1[/FONT]

[FONT=Calibri]OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cecilia\Desktop[/FONT]

[FONT=Calibri]64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation[/FONT]

[FONT=Calibri]Internet Explorer (Version = 9.0.8112.16421)[/FONT]

[FONT=Calibri]Locale: 00000809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]3.92 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 32.90% Memory free[/FONT]

[FONT=Calibri]7.83 Gb Paging File | 5.27 Gb Available in Paging File | 67.28% Paging File free[/FONT]

[FONT=Calibri]Paging file location(s): ?:\pagefile.sys [binary data][/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)[/FONT]

[FONT=Calibri]Drive C: | 451.33 Gb Total Space | 249.45 Gb Free Space | 55.27% Space Free | Partition Type: NTFS[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Computer Name: SILVER | User Name: Cecilia | Logged in as Administrator.[/FONT]

[FONT=Calibri]Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans[/FONT]

[FONT=Calibri]Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Processes (SafeList) ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]PRC - [2012/11/24 20:57:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cecilia\Desktop\OTL.exe[/FONT]

[FONT=Calibri]PRC - [2012/11/24 20:45:29 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[/FONT]

[FONT=Calibri]PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe[/FONT]

[FONT=Calibri]PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[/FONT]

[FONT=Calibri]PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[/FONT]

[FONT=Calibri]PRC - [2012/10/09 20:06:37 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe[/FONT]

[FONT=Calibri]PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[/FONT]

[FONT=Calibri]PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[/FONT]

[FONT=Calibri]PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[/FONT]

[FONT=Calibri]PRC - [2012/09/11 17:04:38 | 023,069,600 | ---- | M] (VoipBuster) -- C:\Program Files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe[/FONT]

[FONT=Calibri]PRC - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[/FONT]

[FONT=Calibri]PRC - [2011/11/10 12:17:16 | 000,038,248 | ---- | M] (Mindjet) -- C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe[/FONT]

[FONT=Calibri]PRC - [2011/11/03 16:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe[/FONT]

[FONT=Calibri]PRC - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe[/FONT]

[FONT=Calibri]PRC - [2011/01/29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe[/FONT]

[FONT=Calibri]PRC - [2011/01/05 06:11:44 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[/FONT]

[FONT=Calibri]PRC - [2011/01/05 06:10:33 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[/FONT]

[FONT=Calibri]PRC - [2010/12/23 15:24:52 | 000,206,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[/FONT]

[FONT=Calibri]PRC - [2010/12/23 15:24:52 | 000,095,632 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[/FONT]

[FONT=Calibri]PRC - [2010/12/13 02:41:14 | 000,308,040 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[/FONT]

[FONT=Calibri]PRC - [2010/11/17 17:30:12 | 000,673,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[/FONT]

[FONT=Calibri]PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[/FONT]

[FONT=Calibri]PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[/FONT]

[FONT=Calibri]PRC - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[/FONT]

[FONT=Calibri]PRC - [2009/12/03 09:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[/FONT]

[FONT=Calibri]PRC - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[/FONT]

[FONT=Calibri]PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Modules (No Company Name) ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]MOD - [2012/11/23 17:12:42 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3343dd79a8a8fc1befde1635a3532e0c\IAStorCommon.ni.dll[/FONT]

[FONT=Calibri]MOD - [2012/11/23 17:12:41 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\df85a94db4f59fa483bce708f4a54643\IAStorUtil.ni.dll[/FONT]

[FONT=Calibri]MOD - [2012/11/22 22:40:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll[/FONT]

[FONT=Calibri]MOD - [2012/11/22 22:40:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll[/FONT]

[FONT=Calibri]MOD - [2012/11/22 22:39:56 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll[/FONT]

[FONT=Calibri]MOD - [2012/11/22 22:39:44 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll[/FONT]

[FONT=Calibri]MOD - [2012/11/22 22:39:39 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll[/FONT]

[FONT=Calibri]MOD - [2012/11/22 22:39:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll[/FONT]

[FONT=Calibri]MOD - [2012/11/22 22:39:36 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll[/FONT]

[FONT=Calibri]MOD - [2012/11/22 22:39:29 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll[/FONT]

[FONT=Calibri]MOD - [2011/11/10 12:16:32 | 000,151,376 | ---- | M] () -- C:\Program Files (x86)\Mindjet\MindManager 10\zlib.dll[/FONT]

[FONT=Calibri]MOD - [2011/11/03 16:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl[/FONT]

[FONT=Calibri]MOD - [2011/11/03 16:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl[/FONT]

[FONT=Calibri]MOD - [2011/11/03 16:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl[/FONT]

[FONT=Calibri]MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll[/FONT]

[FONT=Calibri]MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Services (SafeList) ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]SRV:64bit: - [2012/01/13 09:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)[/FONT]

[FONT=Calibri]SRV:64bit: - [2011/12/22 06:54:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)[/FONT]

[FONT=Calibri]SRV:64bit: - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)[/FONT]

[FONT=Calibri]SRV:64bit: - [2011/01/29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)[/FONT]

[FONT=Calibri]SRV:64bit: - [2010/12/13 02:40:44 | 000,290,632 | ---- | M] (AuthenTec, Inc) [Auto | Running] -- C:\Program Files\TrueSuite\TrueSuite.Service.exe -- (FPLService)[/FONT]

[FONT=Calibri]SRV:64bit: - [2010/12/09 15:26:26 | 000,923,024 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)[/FONT]

[FONT=Calibri]SRV:64bit: - [2010/12/06 08:14:50 | 000,584,080 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)[/FONT]

[FONT=Calibri]SRV:64bit: - [2010/11/02 12:49:46 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)[/FONT]

[FONT=Calibri]SRV:64bit: - [2010/11/02 12:39:08 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)[/FONT]

[FONT=Calibri]SRV:64bit: - [2010/11/02 12:34:14 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)[/FONT]

[FONT=Calibri]SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)[/FONT]

[FONT=Calibri]SRV:64bit: - [2010/07/29 18:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)[/FONT]

[FONT=Calibri]SRV:64bit: - [2009/09/14 04:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)[/FONT]

[FONT=Calibri]SRV:64bit: - [2009/09/14 04:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)[/FONT]

[FONT=Calibri]SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)[/FONT]

[FONT=Calibri]SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)[/FONT]

[FONT=Calibri]SRV - [2012/11/24 20:45:29 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)[/FONT]

[FONT=Calibri]SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)[/FONT]

[FONT=Calibri]SRV - [2012/10/30 12:40:03 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)[/FONT]

[FONT=Calibri]SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)[/FONT]

[FONT=Calibri]SRV - [2012/10/10 19:06:38 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)[/FONT]

[FONT=Calibri]SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)[/FONT]

[FONT=Calibri]SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)[/FONT]

[FONT=Calibri]SRV - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)[/FONT]

[FONT=Calibri]SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)[/FONT]

[FONT=Calibri]SRV - [2011/12/07 06:38:10 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)[/FONT]

[FONT=Calibri]SRV - [2011/01/05 06:11:44 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)[/FONT]

[FONT=Calibri]SRV - [2011/01/05 06:10:33 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)[/FONT]

[FONT=Calibri]SRV - [2010/12/23 15:24:52 | 000,095,632 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)[/FONT]

[FONT=Calibri]SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)[/FONT]

[FONT=Calibri]SRV - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)[/FONT]

[FONT=Calibri]SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)[/FONT]

[FONT=Calibri]SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)[/FONT]

[FONT=Calibri]SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)[/FONT]

[FONT=Calibri]SRV - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)[/FONT]

[FONT=Calibri]SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Driver Services (SafeList) ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]DRV:64bit: - [2012/11/24 20:45:30 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)[/FONT]

[FONT=Calibri]DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)[/FONT]

[FONT=Calibri]DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)[/FONT]

[FONT=Calibri]DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)[/FONT]

[FONT=Calibri]DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)[/FONT]

[FONT=Calibri]DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)[/FONT]

[FONT=Calibri]DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)[/FONT]

[FONT=Calibri]DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)[/FONT]

[FONT=Calibri]DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)[/FONT]

[FONT=Calibri]DRV:64bit: - [2012/05/25 01:01:44 | 012,312,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)[/FONT]

[FONT=Calibri]DRV:64bit: - [2012/05/25 01:01:44 | 012,312,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)[/FONT]

[FONT=Calibri]DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)[/FONT]

[FONT=Calibri]DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)[/FONT]

[FONT=Calibri]DRV:64bit: - [2012/01/03 02:21:44 | 000,340,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)[/FONT]

[FONT=Calibri]DRV:64bit: - [2011/12/22 07:30:24 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)[/FONT]

[FONT=Calibri]DRV:64bit: - [2011/12/22 06:12:40 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)[/FONT]

[FONT=Calibri]DRV:64bit: - [2011/08/23 09:12:56 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)[/FONT]

[FONT=Calibri]DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)[/FONT]

[FONT=Calibri]DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)[/FONT]

[FONT=Calibri]DRV:64bit: - [2011/01/30 01:19:52 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)[/FONT]

[FONT=Calibri]DRV:64bit: - [2011/01/05 06:10:11 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)[/FONT]

[FONT=Calibri]DRV:64bit: - [2010/12/10 09:57:42 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)[/FONT]

[FONT=Calibri]DRV:64bit: - [2010/12/10 08:57:42 | 000,894,240 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)[/FONT]

[FONT=Calibri]DRV:64bit: - [2010/12/06 20:38:55 | 000,316,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)[/FONT]

[FONT=Calibri]DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)[/FONT]

[FONT=Calibri]DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)[/FONT]

[FONT=Calibri]DRV:64bit: - [2010/11/20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)[/FONT]

[FONT=Calibri]DRV:64bit: - [2010/11/09 02:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)[/FONT]

[FONT=Calibri]DRV:64bit: - [2010/11/03 22:35:22 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)[/FONT]

[FONT=Calibri]DRV:64bit: - [2010/11/03 22:35:21 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)[/FONT]

[FONT=Calibri]DRV:64bit: - [2010/11/03 22:35:21 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)[/FONT]

[FONT=Calibri]DRV:64bit: - [2010/11/03 22:35:21 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)[/FONT]

[FONT=Calibri]DRV:64bit: - [2010/11/03 22:34:50 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)[/FONT]

[FONT=Calibri]DRV:64bit: - [2010/11/01 20:09:19 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)[/FONT]

[FONT=Calibri]DRV:64bit: - [2010/11/01 20:09:19 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)[/FONT]

[FONT=Calibri]DRV:64bit: - [2010/04/26 20:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)[/FONT]

[FONT=Calibri]DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/11/04 15:59:36 | 000,133,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/11/04 15:59:36 | 000,117,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/11/04 15:59:36 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/07/14 00:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/07/14 00:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/07/13 23:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/06/10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/06/10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/06/10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/06/10 20:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/06/10 20:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)[/FONT]

[FONT=Calibri]DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)[/FONT]

[FONT=Calibri]DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)[/FONT]

[FONT=Calibri]DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Standard Registry (SafeList) ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Internet Explorer ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]IE:64bit: - HKLM\..\SearchScopes,DefaultScope = [/FONT]

[FONT=Calibri]IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7[/FONT]

[FONT=Calibri]IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}[/FONT]

[FONT=Calibri]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm[/FONT]

[FONT=Calibri]IE - HKLM\..\SearchScopes,DefaultScope = [/FONT]

[FONT=Calibri]IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7[/FONT]

[FONT=Calibri]IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = [/FONT]

[FONT=Calibri]IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = [/FONT]

[FONT=Calibri]IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com[/FONT]

[FONT=Calibri]IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\..\SearchScopes,DefaultScope = {4559CED3-E780-48B7-AE5E-1B80895996BF}[/FONT]

[FONT=Calibri]IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\..\SearchScopes\{4559CED3-E780-48B7-AE5E-1B80895996BF}: "URL" = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices[/FONT]

[FONT=Calibri]IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7SVEF_enIE459[/FONT]

[FONT=Calibri]IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...9c6951c95e9&lang=en&ds=AVG&pr=pr&d=2012-11-24 20:45:36&v=13.2.0.4&sap=dsp&q={searchTerms}[/FONT]

[FONT=Calibri]IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}[/FONT]

[FONT=Calibri]IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\..\SearchScopes\{B3A3F390-208B-479D-9D0E-0BEC026626E1}: "URL" = http://rover.ebay.com/rover/1//4?satitle={searchTerms}[/FONT]

[FONT=Calibri]IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0[/FONT]

[FONT=Calibri]IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== FireFox ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]FF - prefs.js..browser.startup.homepage: "http://www.google.ie/"[/FONT]

[FONT=Calibri]FF - user.js - File not found[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found[/FONT]

[FONT=Calibri]FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)[/FONT]

[FONT=Calibri]FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)[/FONT]

[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/30 12:40:03 | 000,000,000 | ---D | M][/FONT]

[FONT=Calibri]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][2012/08/12 15:03:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cecilia\AppData\Roaming\Mozilla\Extensions[/FONT]

[FONT=Calibri][2012/11/24 21:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\extensions[/FONT]

[FONT=Calibri][2012/10/09 20:11:25 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\extensions\OneClickDownload@OneClickDownload.com[/FONT]

[FONT=Calibri][2012/08/12 15:29:59 | 000,005,138 | ---- | M] () (No name found) -- C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\extensions\5027cbc9e6cca@5027cbc9e6d03.info.xpi[/FONT]

[FONT=Calibri][2012/10/30 12:40:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[/FONT]

[FONT=Calibri][2012/10/30 12:40:00 | 000,000,000 | ---D | M] (TrueSuite Website Log On) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com[/FONT]

[FONT=Calibri][2012/10/30 12:40:01 | 000,000,000 | ---D | M] (TrueSuite WebStore) -- C:\Program Files (x86)\Mozilla Firefox\extensions\webstore@truesuite.com[/FONT]

[FONT=Calibri]File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\13.2.0.4[/FONT]

[FONT=Calibri]File not found (No name found) -- C:\USERS\CECILIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C0QDT302.DEFAULT\EXTENSIONS\FFXTLBR@INCREDIBAR.COM[/FONT]

[FONT=Calibri]File not found (No name found) -- C:\USERS\CECILIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C0QDT302.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM[/FONT]

[FONT=Calibri][2012/10/30 12:40:03 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll[/FONT]

[FONT=Calibri][2012/06/28 16:38:51 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml[/FONT]

[FONT=Calibri][2012/08/31 20:49:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml[/FONT]

[FONT=Calibri][2012/06/28 16:38:51 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml[/FONT]

[FONT=Calibri][2012/06/28 16:38:51 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml[/FONT]

[FONT=Calibri][2012/10/17 13:35:08 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml[/FONT]

[FONT=Calibri][2012/06/28 16:38:51 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Chrome ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]CHR - homepage: http://www.google.com/[/FONT]

[FONT=Calibri]CHR - homepage: http://www.google.com/[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts[/FONT]

[FONT=Calibri]O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.[/FONT]

[FONT=Calibri]O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.)[/FONT]

[FONT=Calibri]O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)[/FONT]

[FONT=Calibri]O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.[/FONT]

[FONT=Calibri]O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)[/FONT]

[FONT=Calibri]O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll (AuthenTec Inc.)[/FONT]

[FONT=Calibri]O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll File not found[/FONT]

[FONT=Calibri]O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found[/FONT]

[FONT=Calibri]O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found[/FONT]

[FONT=Calibri]O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)[/FONT]

[FONT=Calibri]O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll File not found[/FONT]

[FONT=Calibri]O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found[/FONT]

[FONT=Calibri]O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.[/FONT]

[FONT=Calibri]O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)[/FONT]

[FONT=Calibri]O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)[/FONT]

 

[LadyhawkeX]

Part 2


[FONT=Calibri]O4:64bit: - HKLM..\Run: [ClientAppLogon] C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)[/FONT]

[FONT=Calibri]O4:64bit: - HKLM..\Run: [ClientAppLogon32] C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)[/FONT]

[FONT=Calibri]O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)[/FONT]

[FONT=Calibri]O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)[/FONT]

[FONT=Calibri]O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)[/FONT]

[FONT=Calibri]O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)[/FONT]

[FONT=Calibri]O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)[/FONT]

[FONT=Calibri]O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)[/FONT]

[FONT=Calibri]O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)[/FONT]

[FONT=Calibri]O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)[/FONT]

[FONT=Calibri]O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe (Mindjet)[/FONT]

[FONT=Calibri]O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found[/FONT]

[FONT=Calibri]O4 - HKLM..\Run: [VAIO Boot Manager] C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe (Sony Corporation)[/FONT]

[FONT=Calibri]O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found[/FONT]

[FONT=Calibri]O4 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001..\Run: [EPSON14FFC7 (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Users\Cecilia\AppData\Local\Temp\E_S7483.tmp" /EF "HKCU" File not found[/FONT]

[FONT=Calibri]O4 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001..\Run: [VoipBuster] C:\Program Files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe (VoipBuster)[/FONT]

[FONT=Calibri]O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present[/FONT]

[FONT=Calibri]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255[/FONT]

[FONT=Calibri]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0[/FONT]

[FONT=Calibri]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3[/FONT]

[FONT=Calibri]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0[/FONT]

[FONT=Calibri]O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present[/FONT]

[FONT=Calibri]O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present[/FONT]

[FONT=Calibri]O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present[/FONT]

[FONT=Calibri]O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present[/FONT]

[FONT=Calibri]O7 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present[/FONT]

[FONT=Calibri]O7 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255[/FONT]

[FONT=Calibri]O7 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0[/FONT]

[FONT=Calibri]O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found[/FONT]

[FONT=Calibri]O8:64bit: - Extra context menu item: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)[/FONT]

[FONT=Calibri]O8:64bit: - Extra context menu item: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)[/FONT]

[FONT=Calibri]O8:64bit: - Extra context menu item: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)[/FONT]

[FONT=Calibri]O8:64bit: - Extra context menu item: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)[/FONT]

[FONT=Calibri]O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found[/FONT]

[FONT=Calibri]O8 - Extra context menu item: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)[/FONT]

[FONT=Calibri]O8 - Extra context menu item: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)[/FONT]

[FONT=Calibri]O8 - Extra context menu item: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)[/FONT]

[FONT=Calibri]O8 - Extra context menu item: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)[/FONT]

[FONT=Calibri]O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)[/FONT]

[FONT=Calibri]O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)[/FONT]

[FONT=Calibri]O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)[/FONT]

[FONT=Calibri]O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)[/FONT]

[FONT=Calibri]O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)[/FONT]

[FONT=Calibri]O13 - gopher Prefix: missing[/FONT]

[FONT=Calibri]O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)[/FONT]

[FONT=Calibri]O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)[/FONT]

[FONT=Calibri]O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)[/FONT]

[FONT=Calibri]O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)[/FONT]

[FONT=Calibri]O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)[/FONT]

[FONT=Calibri]O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)[/FONT]

[FONT=Calibri]O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1[/FONT]

[FONT=Calibri]O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A37695B-FB06-49EA-8D47-825699C92FB7}: DhcpNameServer = 89.19.64.164 89.19.64.36[/FONT]

[FONT=Calibri]O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94D4E75C-BEEE-4126-8BF7-C538965B9200}: DhcpNameServer = 192.168.15.1[/FONT]

[FONT=Calibri]O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found[/FONT]

[FONT=Calibri]O18:64bit: - Protocol\Handler\livecall - No CLSID value found[/FONT]

[FONT=Calibri]O18:64bit: - Protocol\Handler\ms-help - No CLSID value found[/FONT]

[FONT=Calibri]O18:64bit: - Protocol\Handler\msnim - No CLSID value found[/FONT]

[FONT=Calibri]O18:64bit: - Protocol\Handler\skype4com - No CLSID value found[/FONT]

[FONT=Calibri]O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found[/FONT]

[FONT=Calibri]O18:64bit: - Protocol\Handler\wlpg - No CLSID value found[/FONT]

[FONT=Calibri]O18 - Protocol\Handler\gopher - No CLSID value found[/FONT]

[FONT=Calibri]O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)[/FONT]

[FONT=Calibri]O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)[/FONT]

[FONT=Calibri]O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)[/FONT]

[FONT=Calibri]O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)[/FONT]

[FONT=Calibri]O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)[/FONT]

[FONT=Calibri]O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)[/FONT]

[FONT=Calibri]O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.[/FONT]

[FONT=Calibri]O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.[/FONT]

[FONT=Calibri]O32 - HKLM CDRom: AutoRun - 1[/FONT]

[FONT=Calibri]O34 - HKLM BootExecute: (autocheck autochk *)[/FONT]

[FONT=Calibri]O35:64bit: - HKLM\..comfile [open] -- "%1" %*[/FONT]

[FONT=Calibri]O35:64bit: - HKLM\..exefile [open] -- "%1" %*[/FONT]

[FONT=Calibri]O35 - HKLM\..comfile [open] -- "%1" %*[/FONT]

[FONT=Calibri]O35 - HKLM\..exefile [open] -- "%1" %*[/FONT]

[FONT=Calibri]O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*[/FONT]

[FONT=Calibri]O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*[/FONT]

[FONT=Calibri]O37 - HKLM\...com [@ = ComFile] -- "%1" %*[/FONT]

[FONT=Calibri]O37 - HKLM\...exe [@ = exefile] -- "%1" %*[/FONT]

[FONT=Calibri]O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)[/FONT]

[FONT=Calibri]O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)[/FONT]

[FONT=Calibri]O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Files/Folders - Created Within 30 Days ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][2012/11/24 20:57:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Cecilia\Desktop\OTL.exe[/FONT]

[FONT=Calibri][2012/11/24 20:47:13 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\AVG2013[/FONT]

[FONT=Calibri][2012/11/24 20:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG[/FONT]

[FONT=Calibri][2012/11/24 20:45:35 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys[/FONT]

[FONT=Calibri][2012/11/24 20:45:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search[/FONT]

[FONT=Calibri][2012/11/24 20:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013[/FONT]

[FONT=Calibri][2012/11/24 20:32:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[/FONT]

[FONT=Calibri][2012/11/24 20:30:00 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Local\MFAData[/FONT]

[FONT=Calibri][2012/11/24 20:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData[/FONT]

[FONT=Calibri][2012/11/24 20:30:00 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Local\Avg2013[/FONT]

[FONT=Calibri][2012/11/24 18:34:20 | 004,411,440 | ---- | C] (AVG Technologies) -- C:\Users\Cecilia\Desktop\avg_avct_stb_all_2013_2667_cm10.exe[/FONT]

[FONT=Calibri][2012/11/24 18:14:08 | 000,000,000 | ---D | C] -- C:\Windows\temp[/FONT]

[FONT=Calibri][2012/11/24 18:03:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[/FONT]

[FONT=Calibri][2012/11/24 18:03:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[/FONT]

[FONT=Calibri][2012/11/24 18:03:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[/FONT]

[FONT=Calibri][2012/11/24 18:03:15 | 000,000,000 | ---D | C] -- C:\Qoobox[/FONT]

[FONT=Calibri][2012/11/24 18:02:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[/FONT]

[FONT=Calibri][2012/11/24 17:47:28 | 003,222,280 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Cecilia\Desktop\avg_remover_stf_x64_2013_2706.exe[/FONT]

[FONT=Calibri][2012/11/24 16:44:52 | 005,006,466 | R--- | C] (Swearware) -- C:\Users\Cecilia\Desktop\ComboFix.exe[/FONT]

[FONT=Calibri][2012/11/22 18:54:27 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Cecilia\Desktop\dds.com[/FONT]

[FONT=Calibri][2012/11/22 17:16:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Cecilia\Desktop\aswMBR.exe[/FONT]

[FONT=Calibri][2012/11/21 17:45:51 | 000,000,000 | ---D | C] -- C:\FRST[/FONT]

[FONT=Calibri][2012/11/21 14:10:46 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Desktop\MW problem[/FONT]

[FONT=Calibri][2012/11/21 08:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[/FONT]

[FONT=Calibri][2012/11/21 08:57:23 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[/FONT]

[FONT=Calibri][2012/11/20 19:17:34 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\Malwarebytes[/FONT]

[FONT=Calibri][2012/11/20 19:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[/FONT]

[FONT=Calibri][2012/11/20 19:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[/FONT]

[FONT=Calibri][2012/11/20 18:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mega Codec Pack[/FONT]

[FONT=Calibri][2012/11/20 18:05:17 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\Media Player Classic[/FONT]

[FONT=Calibri][2012/11/20 12:13:57 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Desktop\NEO exp 2011 & 2012[/FONT]

[FONT=Calibri][2012/11/15 12:13:52 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Documents\Exp Neo[/FONT]

[FONT=Calibri][2012/11/13 21:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essentials Codec Pack[/FONT]

[FONT=Calibri][2012/11/13 21:03:12 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Essentials Codec Pack[/FONT]

[FONT=Calibri][2012/11/13 21:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Essentials Codec Pack[/FONT]

[FONT=Calibri][2012/11/13 21:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack[/FONT]

[FONT=Calibri][2012/11/13 21:01:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\C2MP[/FONT]

[FONT=Calibri][2012/11/13 20:55:34 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Local\{0BAEF352-9A02-44CE-A574-DD55AF3C863A}[/FONT]

[FONT=Calibri][2012/11/11 13:34:54 | 001,497,768 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVVideo.ax[/FONT]

[FONT=Calibri][2012/11/11 13:34:54 | 000,503,464 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVSplitter.ax[/FONT]

[FONT=Calibri][2012/11/11 13:34:54 | 000,274,600 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVAudio.ax[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 001,172,648 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVVideo.ax[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 000,413,864 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVSplitter.ax[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 000,241,832 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVAudio.ax[/FONT]

[FONT=Calibri][2012/11/08 13:05:25 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Documents\AGV[/FONT]

[FONT=Calibri][2012/11/08 12:45:15 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\TuneUp Software[/FONT]

[FONT=Calibri][2012/11/08 12:01:08 | 004,418,888 | ---- | C] (AVG Technologies) -- C:\Users\Cecilia\Documents\avg_avc_stb_all_2013_2742.exe[/FONT]

[FONT=Calibri][2012/10/30 12:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox[/FONT]

[FONT=Calibri][2012/10/30 11:34:04 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Desktop\Today[/FONT]

[FONT=Calibri][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ][/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Files - Modified Within 30 Days ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][2012/11/24 23:06:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[/FONT]

[FONT=Calibri][2012/11/24 23:05:03 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[/FONT]

[FONT=Calibri][2012/11/24 21:14:03 | 000,013,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[/FONT]

[FONT=Calibri][2012/11/24 21:14:03 | 000,013,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[/FONT]

[FONT=Calibri][2012/11/24 21:11:08 | 000,730,512 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[/FONT]

[FONT=Calibri][2012/11/24 21:11:08 | 000,631,778 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[/FONT]

[FONT=Calibri][2012/11/24 21:11:08 | 000,111,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[/FONT]

[FONT=Calibri][2012/11/24 21:07:09 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[/FONT]

[FONT=Calibri][2012/11/24 21:07:03 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job[/FONT]

[FONT=Calibri][2012/11/24 21:06:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[/FONT]

[FONT=Calibri][2012/11/24 21:06:29 | 3155,054,592 | -HS- | M] () -- C:\hiberfil.sys[/FONT]

[FONT=Calibri][2012/11/24 20:57:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cecilia\Desktop\OTL.exe[/FONT]

[FONT=Calibri][2012/11/24 20:45:41 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk[/FONT]

[FONT=Calibri][2012/11/24 20:45:30 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys[/FONT]

[FONT=Calibri][2012/11/24 18:35:24 | 004,411,440 | ---- | M] (AVG Technologies) -- C:\Users\Cecilia\Desktop\avg_avct_stb_all_2013_2667_cm10.exe[/FONT]

[FONT=Calibri][2012/11/24 17:47:29 | 003,222,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Cecilia\Desktop\avg_remover_stf_x64_2013_2706.exe[/FONT]

[FONT=Calibri][2012/11/24 17:25:53 | 000,000,009 | ---- | M] () -- C:\END[/FONT]

[FONT=Calibri][2012/11/24 16:48:37 | 015,122,608 | ---- | M] () -- C:\Users\Cecilia\Desktop\AppRemover.exe[/FONT]

[FONT=Calibri][2012/11/24 16:45:18 | 005,006,466 | R--- | M] (Swearware) -- C:\Users\Cecilia\Desktop\ComboFix.exe[/FONT]

[FONT=Calibri][2012/11/23 16:34:51 | 000,444,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[/FONT]

[FONT=Calibri][2012/11/22 20:33:34 | 000,750,080 | ---- | M] () -- C:\Users\Cecilia\Desktop\RogueKiller.exe[/FONT]

[FONT=Calibri][2012/11/22 18:54:27 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Cecilia\Desktop\dds.com[/FONT]

[FONT=Calibri][2012/11/22 17:17:38 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Cecilia\Desktop\aswMBR.exe[/FONT]

[FONT=Calibri][2012/11/21 15:04:45 | 000,172,110 | ---- | M] () -- C:\Users\Cecilia\Desktop\JFN CV-1112 (OverviewMC).pdf[/FONT]

[FONT=Calibri][2012/11/21 10:41:46 | 000,001,133 | ---- | M] () -- C:\Users\Cecilia\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk[/FONT]

[FONT=Calibri][2012/11/21 08:57:25 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[/FONT]

[FONT=Calibri][2012/11/21 08:51:57 | 000,001,284 | ---- | M] () -- C:\Users\Cecilia\Desktop\mbam-setup-1.65.1.1000.exe - Shortcut.lnk[/FONT]

[FONT=Calibri][2012/11/20 11:07:46 | 000,000,868 | ---- | M] () -- C:\Users\Cecilia\Documents\ChatLog Various FAST and TIP meetings _DO NOT DELETE THIS MEETING_ 2012_11_20 11_07.rtf[/FONT]

[FONT=Calibri][2012/11/13 21:03:19 | 000,001,188 | ---- | M] () -- C:\Users\Cecilia\Desktop\Media Player Classic.lnk[/FONT]

[FONT=Calibri][2012/11/11 20:57:30 | 000,039,904 | ---- | M] () -- C:\Windows\SysWow64\dischandler.exe[/FONT]

[FONT=Calibri][2012/11/11 17:46:06 | 004,012,544 | ---- | M] () -- C:\Windows\SysNative\ffmpeg.dll[/FONT]

[FONT=Calibri][2012/11/11 17:45:22 | 000,474,624 | ---- | M] () -- C:\Windows\SysNative\ff_kernelDeint.dll[/FONT]

[FONT=Calibri][2012/11/11 17:45:12 | 000,127,488 | ---- | M] () -- C:\Windows\SysNative\ff_vfw.dll[/FONT]

[FONT=Calibri][2012/11/11 17:45:08 | 004,376,576 | ---- | M] () -- C:\Windows\SysNative\ffdshow.ax[/FONT]

[FONT=Calibri][2012/11/11 17:45:04 | 000,156,672 | ---- | M] () -- C:\Windows\SysNative\ff_libmad.dll[/FONT]

[FONT=Calibri][2012/11/11 17:44:38 | 000,631,296 | ---- | M] () -- C:\Windows\SysNative\TomsMoComp_ff.dll[/FONT]

[FONT=Calibri][2012/11/11 17:44:12 | 000,114,688 | ---- | M] () -- C:\Windows\SysNative\ff_wmv9.dll[/FONT]

[FONT=Calibri][2012/11/11 17:44:08 | 001,532,928 | ---- | M] () -- C:\Windows\SysNative\ff_samplerate.dll[/FONT]

[FONT=Calibri][2012/11/11 17:44:08 | 000,223,232 | ---- | M] () -- C:\Windows\SysNative\ff_libdts.dll[/FONT]

[FONT=Calibri][2012/11/11 17:44:08 | 000,183,296 | ---- | M] () -- C:\Windows\SysNative\ff_unrar.dll[/FONT]

[FONT=Calibri][2012/11/11 17:44:08 | 000,116,224 | ---- | M] () -- C:\Windows\SysNative\ff_liba52.dll[/FONT]

[FONT=Calibri][2012/11/11 17:42:32 | 003,915,776 | ---- | M] () -- C:\Windows\SysWow64\ffmpeg.dll[/FONT]

[FONT=Calibri][2012/11/11 17:41:46 | 000,112,640 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll[/FONT]

[FONT=Calibri][2012/11/11 17:41:40 | 003,504,128 | ---- | M] () -- C:\Windows\SysWow64\ffdshow.ax[/FONT]

[FONT=Calibri][2012/11/11 17:41:14 | 000,271,360 | ---- | M] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll[/FONT]

[FONT=Calibri][2012/11/11 17:40:50 | 000,157,184 | ---- | M] () -- C:\Windows\SysWow64\ff_unrar.dll[/FONT]

[FONT=Calibri][2012/11/11 17:40:50 | 000,099,840 | ---- | M] () -- C:\Windows\SysWow64\ff_wmv9.dll[/FONT]

[FONT=Calibri][2012/11/11 17:40:48 | 001,525,760 | ---- | M] () -- C:\Windows\SysWow64\ff_samplerate.dll[/FONT]

[FONT=Calibri][2012/11/11 17:40:48 | 000,211,968 | ---- | M] () -- C:\Windows\SysWow64\ff_libdts.dll[/FONT]

[FONT=Calibri][2012/11/11 17:40:48 | 000,147,456 | ---- | M] () -- C:\Windows\SysWow64\ff_libmad.dll[/FONT]

[FONT=Calibri][2012/11/11 17:40:48 | 000,114,688 | ---- | M] () -- C:\Windows\SysWow64\ff_liba52.dll[/FONT]

[FONT=Calibri][2012/11/11 13:34:54 | 001,497,768 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVVideo.ax[/FONT]

[FONT=Calibri][2012/11/11 13:34:54 | 000,503,464 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVSplitter.ax[/FONT]

[FONT=Calibri][2012/11/11 13:34:54 | 000,405,200 | ---- | M] () -- C:\Windows\SysNative\swscale-lav-2.dll[/FONT]

[FONT=Calibri][2012/11/11 13:34:54 | 000,274,600 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVAudio.ax[/FONT]

[FONT=Calibri][2012/11/11 13:34:54 | 000,252,792 | ---- | M] () -- C:\Windows\SysNative\avutil-lav-52.dll[/FONT]

[FONT=Calibri][2012/11/11 13:34:54 | 000,215,720 | ---- | M] () -- C:\Windows\SysNative\libbluray.dll[/FONT]

[FONT=Calibri][2012/11/11 13:34:54 | 000,178,472 | ---- | M] () -- C:\Windows\SysNative\avresample-lav-1.dll[/FONT]

[FONT=Calibri][2012/11/11 13:34:52 | 008,000,584 | ---- | M] () -- C:\Windows\SysNative\avcodec-lav-54.dll[/FONT]

[FONT=Calibri][2012/11/11 13:34:52 | 001,137,384 | ---- | M] () -- C:\Windows\SysNative\avformat-lav-54.dll[/FONT]

[FONT=Calibri][2012/11/11 13:34:52 | 000,181,568 | ---- | M] () -- C:\Windows\SysNative\avfilter-lav-3.dll[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 007,870,928 | ---- | M] () -- C:\Windows\SysWow64\avcodec-lav-54.dll[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 001,182,696 | ---- | M] () -- C:\Windows\SysWow64\avformat-lav-54.dll[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 001,172,648 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVVideo.ax[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 000,413,864 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVSplitter.ax[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 000,382,120 | ---- | M] () -- C:\Windows\SysWow64\swscale-lav-2.dll[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 000,241,832 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVAudio.ax[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 000,238,528 | ---- | M] () -- C:\Windows\SysWow64\avutil-lav-52.dll[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 000,183,976 | ---- | M] () -- C:\Windows\SysWow64\libbluray.dll[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 000,167,728 | ---- | M] () -- C:\Windows\SysWow64\avfilter-lav-3.dll[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 000,158,096 | ---- | M] () -- C:\Windows\SysWow64\avresample-lav-1.dll[/FONT]

[FONT=Calibri][2012/11/09 15:46:47 | 000,040,727 | ---- | M] () -- C:\test.xml[/FONT]

[FONT=Calibri][2012/11/08 12:01:08 | 004,418,888 | ---- | M] (AVG Technologies) -- C:\Users\Cecilia\Documents\avg_avc_stb_all_2013_2742.exe[/FONT]

 

[LadyhawkeX]

Part 3

[FONT=Calibri] [2012/11/06 11:01:11 | 000,000,660 | ---- | M] () -- C:\Users\Cecilia\Documents\ChatLog Various FAST and TIP meetings _DO NOT DELETE THIS MEETING_ 2012_11_06 11_01.rtf[/FONT]

[FONT=Calibri][2012/10/30 17:42: O4:64bit: - HKLM..\Run: [ClientAppLogon] C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)[/FONT]

[FONT=Calibri]O4:64bit: - HKLM..\Run: [ClientAppLogon32] C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)[/FONT]

[FONT=Calibri]O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)[/FONT]

[FONT=Calibri]O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)[/FONT]

[FONT=Calibri]O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)[/FONT]

[FONT=Calibri]O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)[/FONT]

[FONT=Calibri]O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)[/FONT]

[FONT=Calibri]O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)[/FONT]

[FONT=Calibri]O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)[/FONT]

[FONT=Calibri]O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)[/FONT]

[FONT=Calibri]O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe (Mindjet)[/FONT]

[FONT=Calibri]O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found[/FONT]

[FONT=Calibri]O4 - HKLM..\Run: [VAIO Boot Manager] C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe (Sony Corporation)[/FONT]

[FONT=Calibri]O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found[/FONT]

[FONT=Calibri]O4 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001..\Run: [EPSON14FFC7 (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Users\Cecilia\AppData\Local\Temp\E_S7483.tmp" /EF "HKCU" File not found[/FONT]

[FONT=Calibri]O4 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001..\Run: [VoipBuster] C:\Program Files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe (VoipBuster)[/FONT]

[FONT=Calibri]O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present[/FONT]

[FONT=Calibri]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255[/FONT]

[FONT=Calibri]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0[/FONT]

[FONT=Calibri]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3[/FONT]

[FONT=Calibri]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0[/FONT]

[FONT=Calibri]O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present[/FONT]

[FONT=Calibri]O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present[/FONT]

[FONT=Calibri]O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present[/FONT]

[FONT=Calibri]O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present[/FONT]

[FONT=Calibri]O7 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present[/FONT]

[FONT=Calibri]O7 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255[/FONT]

[FONT=Calibri]O7 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0[/FONT]

[FONT=Calibri]O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found[/FONT]

[FONT=Calibri]O8:64bit: - Extra context menu item: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)[/FONT]

[FONT=Calibri]O8:64bit: - Extra context menu item: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)[/FONT]

[FONT=Calibri]O8:64bit: - Extra context menu item: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)[/FONT]

[FONT=Calibri]O8:64bit: - Extra context menu item: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)[/FONT]

[FONT=Calibri]O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found[/FONT]

[FONT=Calibri]O8 - Extra context menu item: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)[/FONT]

[FONT=Calibri]O8 - Extra context menu item: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)[/FONT]

[FONT=Calibri]O8 - Extra context menu item: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)[/FONT]

[FONT=Calibri]O8 - Extra context menu item: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)[/FONT]

[FONT=Calibri]O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)[/FONT]

[FONT=Calibri]O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)[/FONT]

[FONT=Calibri]O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)[/FONT]

[FONT=Calibri]O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)[/FONT]

[FONT=Calibri]O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)[/FONT]

[FONT=Calibri]O13 - gopher Prefix: missing[/FONT]

[FONT=Calibri]O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)[/FONT]

[FONT=Calibri]O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)[/FONT]

[FONT=Calibri]O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)[/FONT]

[FONT=Calibri]O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)[/FONT]

[FONT=Calibri]O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)[/FONT]

[FONT=Calibri]O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)[/FONT]

[FONT=Calibri]O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1[/FONT]

[FONT=Calibri]O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A37695B-FB06-49EA-8D47-825699C92FB7}: DhcpNameServer = 89.19.64.164 89.19.64.36[/FONT]

[FONT=Calibri]O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94D4E75C-BEEE-4126-8BF7-C538965B9200}: DhcpNameServer = 192.168.15.1[/FONT]

[FONT=Calibri]O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found[/FONT]

[FONT=Calibri]O18:64bit: - Protocol\Handler\livecall - No CLSID value found[/FONT]

[FONT=Calibri]O18:64bit: - Protocol\Handler\ms-help - No CLSID value found[/FONT]

[FONT=Calibri]O18:64bit: - Protocol\Handler\msnim - No CLSID value found[/FONT]

[FONT=Calibri]O18:64bit: - Protocol\Handler\skype4com - No CLSID value found[/FONT]

[FONT=Calibri]O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found[/FONT]

[FONT=Calibri]O18:64bit: - Protocol\Handler\wlpg - No CLSID value found[/FONT]

[FONT=Calibri]O18 - Protocol\Handler\gopher - No CLSID value found[/FONT]

[FONT=Calibri]O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)[/FONT]

[FONT=Calibri]O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)[/FONT]

[FONT=Calibri]O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)[/FONT]

[FONT=Calibri]O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)[/FONT]

[FONT=Calibri]O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)[/FONT]

[FONT=Calibri]O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)[/FONT]

[FONT=Calibri]O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.[/FONT]

[FONT=Calibri]O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.[/FONT]

[FONT=Calibri]O32 - HKLM CDRom: AutoRun - 1[/FONT]

[FONT=Calibri]O34 - HKLM BootExecute: (autocheck autochk *)[/FONT]

[FONT=Calibri]O35:64bit: - HKLM\..comfile [open] -- "%1" %*[/FONT]

[FONT=Calibri]O35:64bit: - HKLM\..exefile [open] -- "%1" %*[/FONT]

[FONT=Calibri]O35 - HKLM\..comfile [open] -- "%1" %*[/FONT]

[FONT=Calibri]O35 - HKLM\..exefile [open] -- "%1" %*[/FONT]

[FONT=Calibri]O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*[/FONT]

[FONT=Calibri]O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*[/FONT]

[FONT=Calibri]O37 - HKLM\...com [@ = ComFile] -- "%1" %*[/FONT]

[FONT=Calibri]O37 - HKLM\...exe [@ = exefile] -- "%1" %*[/FONT]

[FONT=Calibri]O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)[/FONT]

[FONT=Calibri]O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)[/FONT]

[FONT=Calibri]O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Files/Folders - Created Within 30 Days ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][2012/11/24 20:57:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Cecilia\Desktop\OTL.exe[/FONT]

[FONT=Calibri][2012/11/24 20:47:13 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\AVG2013[/FONT]

[FONT=Calibri][2012/11/24 20:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG[/FONT]

[FONT=Calibri][2012/11/24 20:45:35 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys[/FONT]

[FONT=Calibri][2012/11/24 20:45:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search[/FONT]

[FONT=Calibri][2012/11/24 20:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013[/FONT]

[FONT=Calibri][2012/11/24 20:32:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[/FONT]

[FONT=Calibri][2012/11/24 20:30:00 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Local\MFAData[/FONT]

[FONT=Calibri][2012/11/24 20:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData[/FONT]

[FONT=Calibri][2012/11/24 20:30:00 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Local\Avg2013[/FONT]

[FONT=Calibri][2012/11/24 18:34:20 | 004,411,440 | ---- | C] (AVG Technologies) -- C:\Users\Cecilia\Desktop\avg_avct_stb_all_2013_2667_cm10.exe[/FONT]

[FONT=Calibri][2012/11/24 18:14:08 | 000,000,000 | ---D | C] -- C:\Windows\temp[/FONT]

[FONT=Calibri][2012/11/24 18:03:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[/FONT]

[FONT=Calibri][2012/11/24 18:03:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[/FONT]

[FONT=Calibri][2012/11/24 18:03:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[/FONT]

[FONT=Calibri][2012/11/24 18:03:15 | 000,000,000 | ---D | C] -- C:\Qoobox[/FONT]

[FONT=Calibri][2012/11/24 18:02:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[/FONT]

[FONT=Calibri][2012/11/24 17:47:28 | 003,222,280 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Cecilia\Desktop\avg_remover_stf_x64_2013_2706.exe[/FONT]

[FONT=Calibri][2012/11/24 16:44:52 | 005,006,466 | R--- | C] (Swearware) -- C:\Users\Cecilia\Desktop\ComboFix.exe[/FONT]

[FONT=Calibri][2012/11/22 18:54:27 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Cecilia\Desktop\dds.com[/FONT]

[FONT=Calibri][2012/11/22 17:16:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Cecilia\Desktop\aswMBR.exe[/FONT]

[FONT=Calibri][2012/11/21 17:45:51 | 000,000,000 | ---D | C] -- C:\FRST[/FONT]

[FONT=Calibri][2012/11/21 14:10:46 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Desktop\MW problem[/FONT]

[FONT=Calibri][2012/11/21 08:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[/FONT]

[FONT=Calibri][2012/11/21 08:57:23 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[/FONT]

[FONT=Calibri][2012/11/20 19:17:34 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\Malwarebytes[/FONT]

[FONT=Calibri][2012/11/20 19:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[/FONT]

[FONT=Calibri][2012/11/20 19:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[/FONT]

[FONT=Calibri][2012/11/20 18:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mega Codec Pack[/FONT]

[FONT=Calibri][2012/11/20 18:05:17 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\Media Player Classic[/FONT]

[FONT=Calibri][2012/11/20 12:13:57 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Desktop\NEO exp 2011 & 2012[/FONT]

[FONT=Calibri][2012/11/15 12:13:52 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Documents\Exp Neo[/FONT]

[FONT=Calibri][2012/11/13 21:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essentials Codec Pack[/FONT]

[FONT=Calibri][2012/11/13 21:03:12 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Essentials Codec Pack[/FONT]

[FONT=Calibri][2012/11/13 21:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Essentials Codec Pack[/FONT]

[FONT=Calibri][2012/11/13 21:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack[/FONT]

[FONT=Calibri][2012/11/13 21:01:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\C2MP[/FONT]

[FONT=Calibri][2012/11/13 20:55:34 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Local\{0BAEF352-9A02-44CE-A574-DD55AF3C863A}[/FONT]

[FONT=Calibri][2012/11/11 13:34:54 | 001,497,768 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVVideo.ax[/FONT]

[FONT=Calibri][2012/11/11 13:34:54 | 000,503,464 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVSplitter.ax[/FONT]

[FONT=Calibri][2012/11/11 13:34:54 | 000,274,600 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVAudio.ax[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 001,172,648 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVVideo.ax[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 000,413,864 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVSplitter.ax[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 000,241,832 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVAudio.ax[/FONT]

[FONT=Calibri][2012/11/08 13:05:25 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Documents\AGV[/FONT]

[FONT=Calibri][2012/11/08 12:45:15 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\TuneUp Software[/FONT]

[FONT=Calibri][2012/11/08 12:01:08 | 004,418,888 | ---- | C] (AVG Technologies) -- C:\Users\Cecilia\Documents\avg_avc_stb_all_2013_2742.exe[/FONT]

[FONT=Calibri][2012/10/30 12:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox[/FONT]

[FONT=Calibri][2012/10/30 11:34:04 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Desktop\Today[/FONT]

[FONT=Calibri][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ][/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Files - Modified Within 30 Days ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][2012/11/24 23:06:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[/FONT]

[FONT=Calibri][2012/11/24 23:05:03 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[/FONT]

[FONT=Calibri][2012/11/24 21:14:03 | 000,013,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[/FONT]

[FONT=Calibri][2012/11/24 21:14:03 | 000,013,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[/FONT]

[FONT=Calibri][2012/11/24 21:11:08 | 000,730,512 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[/FONT]

[FONT=Calibri][2012/11/24 21:11:08 | 000,631,778 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[/FONT]

[FONT=Calibri][2012/11/24 21:11:08 | 000,111,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[/FONT]

[FONT=Calibri][2012/11/24 21:07:09 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[/FONT]

[FONT=Calibri][2012/11/24 21:07:03 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job[/FONT]

[FONT=Calibri][2012/11/24 21:06:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[/FONT]

[FONT=Calibri][2012/11/24 21:06:29 | 3155,054,592 | -HS- | M] () -- C:\hiberfil.sys[/FONT]

[FONT=Calibri][2012/11/24 20:57:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cecilia\Desktop\OTL.exe[/FONT]

[FONT=Calibri][2012/11/24 20:45:41 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk[/FONT]

[FONT=Calibri][2012/11/24 20:45:30 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys[/FONT]

[FONT=Calibri][2012/11/24 18:35:24 | 004,411,440 | ---- | M] (AVG Technologies) -- C:\Users\Cecilia\Desktop\avg_avct_stb_all_2013_2667_cm10.exe[/FONT]

[FONT=Calibri][2012/11/24 17:47:29 | 003,222,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Cecilia\Desktop\avg_remover_stf_x64_2013_2706.exe[/FONT]

[FONT=Calibri][2012/11/24 17:25:53 | 000,000,009 | ---- | M] () -- C:\END[/FONT]

[FONT=Calibri][2012/11/24 16:48:37 | 015,122,608 | ---- | M] () -- C:\Users\Cecilia\Desktop\AppRemover.exe[/FONT]

[FONT=Calibri][2012/11/24 16:45:18 | 005,006,466 | R--- | M] (Swearware) -- C:\Users\Cecilia\Desktop\ComboFix.exe[/FONT]

[FONT=Calibri][2012/11/23 16:34:51 | 000,444,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[/FONT]

[FONT=Calibri][2012/11/22 20:33:34 | 000,750,080 | ---- | M] () -- C:\Users\Cecilia\Desktop\RogueKiller.exe[/FONT]

[FONT=Calibri][2012/11/22 18:54:27 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Cecilia\Desktop\dds.com[/FONT]

[FONT=Calibri][2012/11/22 17:17:38 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Cecilia\Desktop\aswMBR.exe[/FONT]

[FONT=Calibri][2012/11/21 15:04:45 | 000,172,110 | ---- | M] () -- C:\Users\Cecilia\Desktop\JFN CV-1112 (OverviewMC).pdf[/FONT]

[FONT=Calibri][2012/11/21 10:41:46 | 000,001,133 | ---- | M] () -- C:\Users\Cecilia\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk[/FONT]

[FONT=Calibri][2012/11/21 08:57:25 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[/FONT]

[FONT=Calibri][2012/11/21 08:51:57 | 000,001,284 | ---- | M] () -- C:\Users\Cecilia\Desktop\mbam-setup-1.65.1.1000.exe - Shortcut.lnk[/FONT]

[FONT=Calibri][2012/11/20 11:07:46 | 000,000,868 | ---- | M] () -- C:\Users\Cecilia\Documents\ChatLog Various FAST and TIP meetings _DO NOT DELETE THIS MEETING_ 2012_11_20 11_07.rtf[/FONT]

[FONT=Calibri][2012/11/13 21:03:19 | 000,001,188 | ---- | M] () -- C:\Users\Cecilia\Desktop\Media Player Classic.lnk[/FONT]

[FONT=Calibri][2012/11/11 20:57:30 | 000,039,904 | ---- | M] () -- C:\Windows\SysWow64\dischandler.exe[/FONT]

[FONT=Calibri][2012/11/11 17:46:06 | 004,012,544 | ---- | M] () -- C:\Windows\SysNative\ffmpeg.dll[/FONT]

 

[LadyhawkeX]

Part 4


[FONT=Calibri] [2012/11/11 17:45:22 | 000,474,624 | ---- | M] () -- C:\Windows\SysNative\ff_kernelDeint.dll[/FONT]

[FONT=Calibri][2012/11/11 17:45:12 | 000,127,488 | ---- | M] () -- C:\Windows\SysNative\ff_vfw.dll[/FONT]

[FONT=Calibri][2012/11/11 17:45:08 | 004,376,576 | ---- | M] () -- C:\Windows\SysNative\ffdshow.ax[/FONT]

[FONT=Calibri][2012/11/11 17:45:04 | 000,156,672 | ---- | M] () -- C:\Windows\SysNative\ff_libmad.dll[/FONT]

[FONT=Calibri][2012/11/11 17:44:38 | 000,631,296 | ---- | M] () -- C:\Windows\SysNative\TomsMoComp_ff.dll[/FONT]

[FONT=Calibri][2012/11/11 17:44:12 | 000,114,688 | ---- | M] () -- C:\Windows\SysNative\ff_wmv9.dll[/FONT]

[FONT=Calibri][2012/11/11 17:44:08 | 001,532,928 | ---- | M] () -- C:\Windows\SysNative\ff_samplerate.dll[/FONT]

[FONT=Calibri][2012/11/11 17:44:08 | 000,223,232 | ---- | M] () -- C:\Windows\SysNative\ff_libdts.dll[/FONT]

[FONT=Calibri][2012/11/11 17:44:08 | 000,183,296 | ---- | M] () -- C:\Windows\SysNative\ff_unrar.dll[/FONT]

[FONT=Calibri][2012/11/11 17:44:08 | 000,116,224 | ---- | M] () -- C:\Windows\SysNative\ff_liba52.dll[/FONT]

[FONT=Calibri][2012/11/11 17:42:32 | 003,915,776 | ---- | M] () -- C:\Windows\SysWow64\ffmpeg.dll[/FONT]

[FONT=Calibri][2012/11/11 17:41:46 | 000,112,640 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll[/FONT]

[FONT=Calibri][2012/11/11 17:41:40 | 003,504,128 | ---- | M] () -- C:\Windows\SysWow64\ffdshow.ax[/FONT]

[FONT=Calibri][2012/11/11 17:41:14 | 000,271,360 | ---- | M] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll[/FONT]

[FONT=Calibri][2012/11/11 17:40:50 | 000,157,184 | ---- | M] () -- C:\Windows\SysWow64\ff_unrar.dll[/FONT]

[FONT=Calibri][2012/11/11 17:40:50 | 000,099,840 | ---- | M] () -- C:\Windows\SysWow64\ff_wmv9.dll[/FONT]

[FONT=Calibri][2012/11/11 17:40:48 | 001,525,760 | ---- | M] () -- C:\Windows\SysWow64\ff_samplerate.dll[/FONT]

[FONT=Calibri][2012/11/11 17:40:48 | 000,211,968 | ---- | M] () -- C:\Windows\SysWow64\ff_libdts.dll[/FONT]

[FONT=Calibri][2012/11/11 17:40:48 | 000,147,456 | ---- | M] () -- C:\Windows\SysWow64\ff_libmad.dll[/FONT]

[FONT=Calibri][2012/11/11 17:40:48 | 000,114,688 | ---- | M] () -- C:\Windows\SysWow64\ff_liba52.dll[/FONT]

[FONT=Calibri][2012/11/11 13:34:54 | 001,497,768 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVVideo.ax[/FONT]

[FONT=Calibri][2012/11/11 13:34:54 | 000,503,464 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVSplitter.ax[/FONT]

[FONT=Calibri][2012/11/11 13:34:54 | 000,405,200 | ---- | M] () -- C:\Windows\SysNative\swscale-lav-2.dll[/FONT]

[FONT=Calibri][2012/11/11 13:34:54 | 000,274,600 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVAudio.ax[/FONT]

[FONT=Calibri][2012/11/11 13:34:54 | 000,252,792 | ---- | M] () -- C:\Windows\SysNative\avutil-lav-52.dll[/FONT]

[FONT=Calibri][2012/11/11 13:34:54 | 000,215,720 | ---- | M] () -- C:\Windows\SysNative\libbluray.dll[/FONT]

[FONT=Calibri][2012/11/11 13:34:54 | 000,178,472 | ---- | M] () -- C:\Windows\SysNative\avresample-lav-1.dll[/FONT]

[FONT=Calibri][2012/11/11 13:34:52 | 008,000,584 | ---- | M] () -- C:\Windows\SysNative\avcodec-lav-54.dll[/FONT]

[FONT=Calibri][2012/11/11 13:34:52 | 001,137,384 | ---- | M] () -- C:\Windows\SysNative\avformat-lav-54.dll[/FONT]

[FONT=Calibri][2012/11/11 13:34:52 | 000,181,568 | ---- | M] () -- C:\Windows\SysNative\avfilter-lav-3.dll[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 007,870,928 | ---- | M] () -- C:\Windows\SysWow64\avcodec-lav-54.dll[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 001,182,696 | ---- | M] () -- C:\Windows\SysWow64\avformat-lav-54.dll[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 001,172,648 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVVideo.ax[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 000,413,864 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVSplitter.ax[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 000,382,120 | ---- | M] () -- C:\Windows\SysWow64\swscale-lav-2.dll[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 000,241,832 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVAudio.ax[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 000,238,528 | ---- | M] () -- C:\Windows\SysWow64\avutil-lav-52.dll[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 000,183,976 | ---- | M] () -- C:\Windows\SysWow64\libbluray.dll[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 000,167,728 | ---- | M] () -- C:\Windows\SysWow64\avfilter-lav-3.dll[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 000,158,096 | ---- | M] () -- C:\Windows\SysWow64\avresample-lav-1.dll[/FONT]

[FONT=Calibri][2012/11/09 15:46:47 | 000,040,727 | ---- | M] () -- C:\test.xml[/FONT]

[FONT=Calibri][2012/11/08 12:01:08 | 004,418,888 | ---- | M] (AVG Technologies) -- C:\Users\Cecilia\Documents\avg_avc_stb_all_2013_2742.exe[/FONT]

[FONT=Calibri]22 | 000,000,451 | ---- | M] () -- C:\Users\Cecilia\Documents\ChatLog Various FAST and TIP meetings _DO NOT DELETE THIS MEETING_ 2012_10_30 17_42.rtf[/FONT]

[FONT=Calibri][2012/10/30 16:49:42 | 002,651,533 | ---- | M] () -- C:\Users\Cecilia\Desktop\IEEE_WIE_Magazine_Winter_07-08.pdf[/FONT]

[FONT=Calibri][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ][/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Files Created - No Company Name ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][2012/11/24 20:45:41 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk[/FONT]

[FONT=Calibri][2012/11/24 18:03:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[/FONT]

[FONT=Calibri][2012/11/24 18:03:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[/FONT]

[FONT=Calibri][2012/11/24 18:03:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[/FONT]

[FONT=Calibri][2012/11/24 18:03:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[/FONT]

[FONT=Calibri][2012/11/24 18:03:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[/FONT]

[FONT=Calibri][2012/11/24 16:55:07 | 000,000,009 | ---- | C] () -- C:\END[/FONT]

[FONT=Calibri][2012/11/24 16:48:14 | 015,122,608 | ---- | C] () -- C:\Users\Cecilia\Desktop\AppRemover.exe[/FONT]

[FONT=Calibri][2012/11/22 22:42:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf[/FONT]

[FONT=Calibri][2012/11/22 20:33:34 | 000,750,080 | ---- | C] () -- C:\Users\Cecilia\Desktop\RogueKiller.exe[/FONT]

[FONT=Calibri][2012/11/21 15:04:25 | 000,172,110 | ---- | C] () -- C:\Users\Cecilia\Desktop\JFN CV-1112 (OverviewMC).pdf[/FONT]

[FONT=Calibri][2012/11/21 08:57:25 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[/FONT]

[FONT=Calibri][2012/11/21 08:51:57 | 000,001,284 | ---- | C] () -- C:\Users\Cecilia\Desktop\mbam-setup-1.65.1.1000.exe - Shortcut.lnk[/FONT]

[FONT=Calibri][2012/11/20 21:39:08 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf[/FONT]

[FONT=Calibri][2012/11/20 11:07:46 | 000,000,868 | ---- | C] () -- C:\Users\Cecilia\Documents\ChatLog Various FAST and TIP meetings _DO NOT DELETE THIS MEETING_ 2012_11_20 11_07.rtf[/FONT]

[FONT=Calibri][2012/11/13 21:03:19 | 000,001,188 | ---- | C] () -- C:\Users\Cecilia\Desktop\Media Player Classic.lnk[/FONT]

[FONT=Calibri][2012/11/11 20:57:30 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe[/FONT]

[FONT=Calibri][2012/11/11 17:46:06 | 004,012,544 | ---- | C] () -- C:\Windows\SysNative\ffmpeg.dll[/FONT]

[FONT=Calibri][2012/11/11 17:45:22 | 000,474,624 | ---- | C] () -- C:\Windows\SysNative\ff_kernelDeint.dll[/FONT]

[FONT=Calibri][2012/11/11 17:45:12 | 000,127,488 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll[/FONT]

[FONT=Calibri][2012/11/11 17:45:08 | 004,376,576 | ---- | C] () -- C:\Windows\SysNative\ffdshow.ax[/FONT]

[FONT=Calibri][2012/11/11 17:45:04 | 000,156,672 | ---- | C] () -- C:\Windows\SysNative\ff_libmad.dll[/FONT]

[FONT=Calibri][2012/11/11 17:44:38 | 000,631,296 | ---- | C] () -- C:\Windows\SysNative\TomsMoComp_ff.dll[/FONT]

[FONT=Calibri][2012/11/11 17:44:12 | 000,114,688 | ---- | C] () -- C:\Windows\SysNative\ff_wmv9.dll[/FONT]

[FONT=Calibri][2012/11/11 17:44:08 | 001,532,928 | ---- | C] () -- C:\Windows\SysNative\ff_samplerate.dll[/FONT]

[FONT=Calibri][2012/11/11 17:44:08 | 000,223,232 | ---- | C] () -- C:\Windows\SysNative\ff_libdts.dll[/FONT]

[FONT=Calibri][2012/11/11 17:44:08 | 000,183,296 | ---- | C] () -- C:\Windows\SysNative\ff_unrar.dll[/FONT]

[FONT=Calibri][2012/11/11 17:44:08 | 000,116,224 | ---- | C] () -- C:\Windows\SysNative\ff_liba52.dll[/FONT]

[FONT=Calibri][2012/11/11 17:42:32 | 003,915,776 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll[/FONT]

[FONT=Calibri][2012/11/11 17:41:46 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll[/FONT]

[FONT=Calibri][2012/11/11 17:41:40 | 003,504,128 | ---- | C] () -- C:\Windows\SysWow64\ffdshow.ax[/FONT]

[FONT=Calibri][2012/11/11 17:41:14 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll[/FONT]

[FONT=Calibri][2012/11/11 17:40:50 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll[/FONT]

[FONT=Calibri][2012/11/11 17:40:50 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll[/FONT]

[FONT=Calibri][2012/11/11 17:40:48 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll[/FONT]

[FONT=Calibri][2012/11/11 17:40:48 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll[/FONT]

[FONT=Calibri][2012/11/11 17:40:48 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll[/FONT]

[FONT=Calibri][2012/11/11 17:40:48 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll[/FONT]

[FONT=Calibri][2012/11/11 13:34:54 | 000,405,200 | ---- | C] () -- C:\Windows\SysNative\swscale-lav-2.dll[/FONT]

[FONT=Calibri][2012/11/11 13:34:54 | 000,252,792 | ---- | C] () -- C:\Windows\SysNative\avutil-lav-52.dll[/FONT]

[FONT=Calibri][2012/11/11 13:34:54 | 000,215,720 | ---- | C] () -- C:\Windows\SysNative\libbluray.dll[/FONT]

[FONT=Calibri][2012/11/11 13:34:54 | 000,178,472 | ---- | C] () -- C:\Windows\SysNative\avresample-lav-1.dll[/FONT]

[FONT=Calibri][2012/11/11 13:34:52 | 008,000,584 | ---- | C] () -- C:\Windows\SysNative\avcodec-lav-54.dll[/FONT]

[FONT=Calibri][2012/11/11 13:34:52 | 001,137,384 | ---- | C] () -- C:\Windows\SysNative\avformat-lav-54.dll[/FONT]

[FONT=Calibri][2012/11/11 13:34:52 | 000,181,568 | ---- | C] () -- C:\Windows\SysNative\avfilter-lav-3.dll[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 007,870,928 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-54.dll[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 001,182,696 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-54.dll[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 000,382,120 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 000,238,528 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-52.dll[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 000,183,976 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 000,167,728 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll[/FONT]

[FONT=Calibri][2012/11/11 13:32:34 | 000,158,096 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-1.dll[/FONT]

[FONT=Calibri][2012/11/06 11:01:11 | 000,000,660 | ---- | C] () -- C:\Users\Cecilia\Documents\ChatLog Various FAST and TIP meetings _DO NOT DELETE THIS MEETING_ 2012_11_06 11_01.rtf[/FONT]

[FONT=Calibri][2012/10/30 17:42:22 | 000,000,451 | ---- | C] () -- C:\Users\Cecilia\Documents\ChatLog Various FAST and TIP meetings _DO NOT DELETE THIS MEETING_ 2012_10_30 17_42.rtf[/FONT]

[FONT=Calibri][2012/10/30 16:49:42 | 002,651,533 | ---- | C] () -- C:\Users\Cecilia\Desktop\IEEE_WIE_Magazine_Winter_07-08.pdf[/FONT]

[FONT=Calibri][2012/10/17 18:12:46 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI[/FONT]

[FONT=Calibri][2012/09/29 22:47:28 | 000,000,178 | ---- | C] () -- C:\Windows\SysWow64\Formats.ini[/FONT]

[FONT=Calibri][2012/08/31 12:05:16 | 000,027,520 | ---- | C] () -- C:\Users\Cecilia\AppData\Local\dt.dat[/FONT]

[FONT=Calibri][2012/07/10 08:16:35 | 013,913,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll[/FONT]

[FONT=Calibri][2012/07/10 08:16:35 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll[/FONT]

[FONT=Calibri][2012/05/08 10:52:54 | 000,963,884 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin[/FONT]

[FONT=Calibri][2012/05/08 10:52:54 | 000,221,264 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin[/FONT]

[FONT=Calibri][2012/04/30 08:54:03 | 000,000,060 | ---- | C] () -- C:\Windows\Sirius12Astrology.ini[/FONT]

[FONT=Calibri][2011/12/15 19:32:28 | 000,004,096 | -H-- | C] () -- C:\Users\Cecilia\AppData\Local\keyfile3.drm[/FONT]

[FONT=Calibri][2011/12/07 19:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll[/FONT]

[FONT=Calibri][2011/12/01 17:37:58 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[/FONT]

[FONT=Calibri][2011/12/01 15:23:56 | 000,000,060 | ---- | C] () -- C:\Windows\Sirius11Astrology.ini[/FONT]

[FONT=Calibri][2011/12/01 15:10:01 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat[/FONT]

[FONT=Calibri][2011/11/26 16:07:24 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat[/FONT]

[FONT=Calibri][2011/09/08 14:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll[/FONT]

[FONT=Calibri][2011/09/08 14:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll[/FONT]

[FONT=Calibri][2011/09/08 14:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll[/FONT]

[FONT=Calibri][2011/09/08 14:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll[/FONT]

[FONT=Calibri][2011/09/08 14:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe[/FONT]

[FONT=Calibri][2011/09/08 14:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll[/FONT]

[FONT=Calibri][2011/09/08 14:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe[/FONT]

[FONT=Calibri][2011/09/08 14:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe[/FONT]

[FONT=Calibri][2011/09/08 13:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll[/FONT]

[FONT=Calibri][2011/09/08 13:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll[/FONT]

[FONT=Calibri][2011/08/26 15:05:38 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll[/FONT]

[FONT=Calibri][2011/06/24 03:58:32 | 000,242,259 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll[/FONT]

[FONT=Calibri][2011/06/24 03:58:04 | 000,877,296 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll[/FONT]

[FONT=Calibri][2011/03/30 05:21:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin[/FONT]

[FONT=Calibri][2011/03/30 05:15:41 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat[/FONT]

[FONT=Calibri][2011/03/03 11:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll[/FONT]

[FONT=Calibri][2011/03/03 11:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll[/FONT]

[FONT=Calibri][2011/03/03 11:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll[/FONT]

[FONT=Calibri][2011/02/11 10:26:20 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll[/FONT]

[FONT=Calibri][2011/01/14 08:20:50 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== ZeroAccess Check ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64[/FONT]

[FONT=Calibri]"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)[/FONT]

[FONT=Calibri]"ThreadingModel" = Apartment[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][/FONT]

[FONT=Calibri]"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)[/FONT]

[FONT=Calibri]"ThreadingModel" = Apartment[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64[/FONT]

[FONT=Calibri]"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)[/FONT]

[FONT=Calibri]"ThreadingModel" = Free[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32][/FONT]

[FONT=Calibri]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)[/FONT]

[FONT=Calibri]"ThreadingModel" = Free[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64[/FONT]

[FONT=Calibri]"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)[/FONT]

[FONT=Calibri]"ThreadingModel" = Both[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32][/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== LOP Check ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][2012/07/30 21:01:34 | 000,000,000 | ---D | M] -- C:\Users\Cecilia\AppData\Roaming\AVG[/FONT]

[FONT=Calibri][2012/11/24 20:47:13 | 000,000,000 | ---D | M] -- C:\Users\Cecilia\AppData\Roaming\AVG2013[/FONT]

[FONT=Calibri][2012/11/20 21:26:43 | 000,000,000 | ---D | M] -- C:\Users\Cecilia\AppData\Roaming\BitTorrent[/FONT]

[FONT=Calibri][2012/10/17 14:01:34 | 000,000,000 | ---D | M] -- C:\Users\Cecilia\AppData\Roaming\EPSON[/FONT]

[FONT=Calibri][2011/12/01 13:54:56 | 000,000,000 | ---D | M] -- C:\Users\Cecilia\AppData\Roaming\ImTOO[/FONT]

[FONT=Calibri][2012/04/12 10:59:56 | 000,000,000 | ---D | M] -- C:\Users\Cecilia\AppData\Roaming\SmartDraw[/FONT]

[FONT=Calibri][2012/11/08 12:45:15 | 000,000,000 | ---D | M] -- C:\Users\Cecilia\AppData\Roaming\TuneUp Software[/FONT]

[FONT=Calibri][2012/07/02 16:56:32 | 000,000,000 | ---D | M] -- C:\Users\Cecilia\AppData\Roaming\Vodafone[/FONT]

[FONT=Calibri][2012/11/22 17:37:33 | 000,000,000 | ---D | M] -- C:\Users\Cecilia\AppData\Roaming\VoipBuster[/FONT]

[FONT=Calibri][2011/12/22 19:17:13 | 000,000,000 | ---D | M] -- C:\Users\Cecilia\AppData\Roaming\Wise Registry Cleaner[/FONT]

[FONT=Calibri][2012/11/08 18:21:28 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software[/FONT]

[FONT=Calibri][2012/11/08 18:21:28 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Purity Check ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========== Alternate Data Streams ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:0B4227B4[/FONT]

[FONT=Calibri]@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:0B4227B4[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]< End of report >[/FONT]

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
  O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
  O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll File not found
  O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
  O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found
  O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll File not found
  O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
  O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
  O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
  O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
  O4 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001..\Run: [EPSON14FFC7 (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Users\Cecilia\AppData\Local\Temp\E_S7483.tmp" /EF "HKCU" File not found
  O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
  O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
  [2011/12/22 19:17:13 | 000,000,000 | ---D | M] -- C:\Users\Cecilia\AppData\Roaming\Wise Registry Cleaner
  @Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:0B4227B4
  @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:0B4227B4
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

============================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[LadyhawkeX]

Well that's me done for the night... sorry about chopping it up but it seemed to be the only way it would post... have a good one

Ciao

 

[LadyhawkeX]

Hi Broni... just started this last bit you sent for the OTL fixes but from looking at the log I don't think it ran.. it was very quck and rebooted and there are all these error messages in the log... so I will wait to do the next steps in your instuctions (Security Check, FARBAR & TFC) until you have a chance to look at this log

All processes killed
Error: Unable to interpret <• :OTL> in the current context!
Error: Unable to interpret <• O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.> in the current context!
Error: Unable to interpret <• O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.> in the current context!
Error: Unable to interpret <• O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll File not found> in the current context!
Error: Unable to interpret <• O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found> in the current context!
Error: Unable to interpret <• O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found> in the current context!
Error: Unable to interpret <• O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll File not found> in the current context!
Error: Unable to interpret <• O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found> in the current context!
Error: Unable to interpret <• O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.> in the current context!
Error: Unable to interpret <• O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found> in the current context!
Error: Unable to interpret <• O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found> in the current context!
Error: Unable to interpret <• O4 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001..\Run: [EPSON14FFC7 (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Users\Cecilia\AppData\Local\Temp\E_S7483.tmp" /EF "HKCU" File not found> in the current context!
Error: Unable to interpret <• O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found> in the current context!
Error: Unable to interpret <• O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found> in the current context!
Error: Unable to interpret <• [2011/12/22 19:17:13 | 000,000,000 | ---D | M] -- C:\Users\Cecilia\AppData\Roaming\Wise Registry Cleaner> in the current context!
Error: Unable to interpret <• @Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:0B4227B4> in the current context!
Error: Unable to interpret <• @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:0B4227B4> in the current context!
Error: Unable to interpret <• > in the current context!
Error: Unable to interpret <• :Commands> in the current context!
Error: Unable to interpret <• [purity]> in the current context!
Error: Unable to interpret <• [emptytemp]> in the current context!
Error: Unable to interpret <• [emptyjava]> in the current context!
Error: Unable to interpret <• [emptyflash]> in the current context!
Error: Unable to interpret <• [Reboot]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 11262012_173156
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

 

[LadyhawkeX]

Hi Broni... well I didn't hear back from you so I ran this OTL again. I removed the dots in front of your lines of code and it seems to have run better this time.. I am assuming this since there are not error comments in the log below

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_ssl_v12 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2489319110-3914873036-576177692-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON14FFC7 (Epson Stylus SX420W) deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append Link Target to Existing PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append Link Target to Existing PDF\ not found.
C:\Users\Cecilia\AppData\Roaming\Wise Registry Cleaner\backup folder moved successfully.
C:\Users\Cecilia\AppData\Roaming\Wise Registry Cleaner folder moved successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP:0B4227B4 .
File rity] not found.
File ptytemp] not found.
File ptyjava] not found.
File ptyflash] not found.
File boot] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 11262012_220643
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

 

[LadyhawkeX]

FSS log


Farbar Service Scanner Version: 09-11-2012
Ran by Cecilia (administrator) on 26-11-2012 at 22:28:31
Running from "C:\Users\CecilAll processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_ssl_v12 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2489319110-3914873036-576177692-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON14FFC7 (Epson Stylus SX420W) deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append Link Target to Existing PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append Link Target to Existing PDF\ not found.
C:\Users\Cecilia\AppData\Roaming\Wise Registry Cleaner\backup folder moved successfully.
C:\Users\Cecilia\AppData\Roaming\Wise Registry Cleaner folder moved successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP:0B4227B4 .
File rity] not found.
File ptytemp] not found.
File ptyjava] not found.
File ptyflash] not found.
File boot] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 11262012_220643
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
ia\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-11-22 18:43] - [2012-10-03 17:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

 

[Broni]

I still need Security Check and Eset logs.

 

[LadyhawkeX]

Just finshed the Eset here is the log and I thought I already sent the security check log... not seeing on my desk top should I run it again?

C:\Users\Cecilia\Desktop\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Cecilia\Downloads\cnet2_WRCFree_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

 

[LadyhawkeX]

Sorry I think I missed the security check step... I got interupted a couple of times while I was doing this so I just ran it... hope that running it out of sequence was ok... here is the log

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Anti-Virus 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
AVG PC Tuneup
Wise Registry Cleaner 6.14
Java(TM) 6 Update 22
Java version out of Date!
Adobe Flash Player 11.4.402.287 Flash Player out of Date!
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox 16.0.2 Firefox out of Date!
Google Chrome 5.0.375.127
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

[Broni]

Update Adobe Flash Player
Download for Internet Explorer: http://www.filehippo.com/download_flashplayer_ie_64/
Download for Firefox, Opera and other Gecko-based browsers: http://www.filehippo.com/download_flashplayer_firefox_64/

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

==============================

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

===============================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.

 

[LadyhawkeX]

Hi Broni,, ok I was able to update the Java and the adobe reader.. but I can't download the Flash Player with either link.. Should I just go diirectly to the adobe page and load it from there?

 

[LadyhawkeX]

I am not sure I was really suscessful on these updates but here is the OTL log..Java is a mystery to me... progaming and code is out of my league... I have dyslexia..so I miss stuff and its why my spelling is atrocious... I would be lost without spell check...

OTL log

[FONT=Calibri]All processes killed[/FONT]

[FONT=Calibri]========== OTL ==========[/FONT]

[FONT=Calibri]========== COMMANDS ==========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][EMPTYTEMP][/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]User: All Users[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]User: Cecilia[/FONT]

[FONT=Calibri]->Temp folder emptied: 754464 bytes[/FONT]

[FONT=Calibri]->Temporary Internet Files folder emptied: 8877575 bytes[/FONT]

[FONT=Calibri]->Java cache emptied: 0 bytes[/FONT]

[FONT=Calibri]->FireFox cache emptied: 33243769 bytes[/FONT]

[FONT=Calibri]->Google Chrome cache emptied: 5301261 bytes[/FONT]

[FONT=Calibri]->Flash cache emptied: 506 bytes[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]User: Default[/FONT]

[FONT=Calibri]->Temp folder emptied: 0 bytes[/FONT]

[FONT=Calibri]->Temporary Internet Files folder emptied: 0 bytes[/FONT]

[FONT=Calibri]->Flash cache emptied: 0 bytes[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]User: Default User[/FONT]

[FONT=Calibri]->Temp folder emptied: 0 bytes[/FONT]

[FONT=Calibri]->Temporary Internet Files folder emptied: 0 bytes[/FONT]

[FONT=Calibri]->Flash cache emptied: 0 bytes[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]User: Public[/FONT]

[FONT=Calibri]->Temp folder emptied: 0 bytes[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]%systemdrive% .tmp files removed: 0 bytes[/FONT]

[FONT=Calibri]%systemroot% .tmp files removed: 0 bytes[/FONT]

[FONT=Calibri]%systemroot%\System32 .tmp files removed: 0 bytes[/FONT]

[FONT=Calibri]%systemroot%\System32 (64bit) .tmp files removed: 0 bytes[/FONT]

[FONT=Calibri]%systemroot%\System32\drivers .tmp files removed: 0 bytes[/FONT]

[FONT=Calibri]Windows Temp folder emptied: 10571711 bytes[/FONT]

[FONT=Calibri]%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes[/FONT]

[FONT=Calibri]RecycleBin emptied: 0 bytes[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Total Files Cleaned = 56.00 mb[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][EMPTYFLASH][/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]User: All Users[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]User: Cecilia[/FONT]

[FONT=Calibri]->Flash cache emptied: 0 bytes[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]User: Default[/FONT]

[FONT=Calibri]->Flash cache emptied: 0 bytes[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]User: Default User[/FONT]

[FONT=Calibri]->Flash cache emptied: 0 bytes[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]User: Public[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Total Flash Files Cleaned = 0.00 mb[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri][EMPTYJAVA][/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]User: All Users[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]User: Cecilia[/FONT]

[FONT=Calibri]->Java cache emptied: 0 bytes[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]User: Default[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]User: Default User[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]User: Public[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Total Java Files Cleaned = 0.00 mb[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Restore point Set: OTL Restore Point[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]OTL by OldTimer - Version 3.2.69.0 log created on 11272012_180134[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Files\Folders moved on Reboot...[/FONT]

[FONT=Calibri]C:\Users\Cecilia\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.[/FONT]

[FONT=Calibri]File\Folder C:\Users\Cecilia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4BAC2B54-EA6A-4058-8C3D-31817976E7AD}.tmp not found![/FONT]

[FONT=Calibri]File\Folder C:\Users\Cecilia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F72A3162-E09E-4C86-AD58-1944C9DEF0AB}.tmp not found![/FONT]

[FONT=Calibri]File\Folder C:\Users\Cecilia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F93D8626-248B-4942-B85A-BC280AECFF47}.tmp not found![/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]PendingFileRenameOperations files...[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Registry entries deleted on Reboot...[/FONT]

 

[Broni]

Go ahead with Adobe site: http://get.adobe.com/flashplayer/?promoid=JZEFT
Make sure you UN-check McAfee Security Scan Plus installation.

 

[LadyhawkeX]

Hi Broni... I am not having any sucess with installing this... I tired to install it but it would not install.. I think that was because there was another version... so I uninstalled it using the control panel command I uninsatlled the flashplayer and the plugin app...maybe this was not correct... still did not work... so then I down loaded the Adobe uninstall program and ran it... said it was sucessful... then I tried again toinstall the flash palyer... I close all applications and browsers that use it... it still would not install... it half way through and I got an error message... which I need to rerun now to remeber what it was... ok I need to close eveything... error message in the next post....sorry