Possible Virus - Help Request

Posted 12/15/2012 6:17 PM
#94824
User avatar

JohnP Valued member

Date Joined Nov 2016
Total Posts: 19
Evening All, <br/> <br/>I was hoping for some help as I suspect i have a virus. <br/> <br/>I'm having problems running some exe files, and file updates (such as itunes) and also no zip files will extract. Also, the PC is runnng very slowly and I've a usage warning hich is very strange. <br/> <br/>I've run the programs as advised (cc cleaner, Malware, virus scanner). The DDS scan wouldn't run from the link on this website (downloaded as a text file) and I've managed to download it from elsewhere but the scan won't complete. I will restart and try after I've posted this. <br/> <br/>I'd very much appreciate any help that can be offered. <br/> <br/>Thanks, <br/> <br/>John <br/> <br/>Virus scan is clean, but here is a report from the resident shield protection: <br/>Resident Shield detection <br/>Infection;"Object";"Result";"Detection time";"Object Type";"Process" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 17:35:59";"file";"C:\Windows\System32\consent.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 17:35:59";"file";"C:\Windows\System32\consent.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 17:28:00";"file";"C:\Windows\System32\taskeng.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 17:28:00";"file";"C:\Windows\System32\taskeng.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 17:21:32";"file";"C:\Windows\System32\taskeng.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 17:21:32";"file";"C:\Windows\System32\taskeng.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 17:11:03";"file";"C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 17:11:03";"file";"C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 16:58:31";"file";"C:\Windows\System32\rundll32.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 16:58:31";"file";"C:\Windows\System32\rundll32.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 16:56:54";"file";"C:\Windows\System32\taskeng.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 16:56:54";"file";"C:\Windows\System32\taskeng.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 16:56:11";"file";"C:\Program Files\Internet Explorer\ielowutil.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 16:56:11";"file";"C:\Program Files\Internet Explorer\ielowutil.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 16:53:48";"file";"C:\Windows\System32\msfeedssync.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 16:53:47";"file";"C:\Windows\System32\msfeedssync.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 16:45:00";"file";"C:\Program Files\Google\Update\GoogleUpdate.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 16:45:00";"file";"C:\Program Files\Google\Update\GoogleUpdate.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 16:33:43";"file";"C:\Windows\System32\VSSVC.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 16:33:43";"file";"C:\Windows\System32\VSSVC.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 16:31:35";"file";"C:\Windows\System32\rundll32.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 16:31:35";"file";"C:\Windows\System32\rundll32.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 16:22:40";"file";"C:\Windows\System32\Defrag.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 16:22:40";"file";"C:\Windows\System32\Defrag.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 16:11:00";"file";"C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 16:11:00";"file";"C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 16:10:13";"file";"C:\Program Files\Windows Media Player\wmpnscfg.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 16:10:12";"file";"C:\Program Files\Windows Media Player\wmpnscfg.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 15:56:53";"file";"C:\Windows\System32\taskeng.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 15:56:53";"file";"C:\Windows\System32\taskeng.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 15:51:18";"file";"C:\Windows\System32\wuauclt.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 15:51:18";"file";"C:\Windows\System32\wuauclt.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 15:49:28";"file";"C:\Windows\System32\wbem\WmiPrvSE.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 15:49:28";"file";"C:\Windows\System32\wbem\WmiPrvSE.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 15:48:04";"file";"C:\Program Files\AVG\AVG2012\avgcmgr.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 15:48:04";"file";"C:\Program Files\AVG\AVG2012\avgcmgr.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 15:47:07";"file";"C:\Program Files\AVG\AVG2012\avgmfapx.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 15:47:06";"file";"C:\Program Files\AVG\AVG2012\avgmfapx.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 15:46:22";"file";"C:\Windows\System32\wuauclt.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 15:46:21";"file";"C:\Windows\System32\wuauclt.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Moved to Virus Vault";"15/12/2012, 15:45:37";"file";"C:\Program Files\AVG\AVG2012\avgsrmax.exe" <br/>Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Moved to Virus Vault";"15/12/2012, 15:45:36";"file";"C:\Program Files\AVG\AVG2012\avgsrmax.exe" <br/>Trojan horse Downloader.Generic9.BEXB;"c:\Users\John\Downloads\Fake Webcam 6.1.3 with Keygen [.Dude.]\Fake Webcam 6.1.3\Keygen.exe";"Infected";"18/09/2012, 21:55:14";"file";"C:\Windows\explorer.exe" <br/>Trojan horse Downloader.Generic9.BEXB;"c:\Users\John\Downloads\Fake Webcam 6.1.3 with Keygen [.Dude.]\Fake Webcam 6.1.3\Keygen.exe";"Infected";"18/09/2012, 21:53:39";"file";"C:\Windows\explorer.exe" <br/> <br/>Hijack This log: <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 18:05:42, on 15/12/2012 <br/>Platform: Windows Vista SP2 (WinNT 6.00.1906) <br/>MSIE: Internet Explorer v9.00 (9.00.8112.16455) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\Windows\system32\taskeng.exe <br/>C:\Windows\system32\Dwm.exe <br/>C:\Windows\Explorer.EXE <br/>C:\Windows\RtHDVCpl.exe <br/>C:\Program Files\AVG\AVG2012\avgtray.exe <br/>C:\Program Files\Dell Support Center\bin\sprtcmd.exe <br/>C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe <br/>C:\Users\John\AppData\Local\Akamai\netsession_win.exe <br/>C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe <br/>C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe <br/>C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe <br/>C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe <br/>C:\Windows\ehome\ehtray.exe <br/>C:\Program Files\Windows Media Player\wmpnscfg.exe <br/>C:\Windows\ehome\ehmsas.exe <br/>C:\Users\John\AppData\Local\Akamai\netsession_win.exe <br/>C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe <br/>C:\Windows\System32\mobsync.exe <br/>C:\Windows\system32\wuauclt.exe <br/>C:\Program Files\Mozilla Firefox\firefox.exe <br/>C:\Program Files\Windows Live\Messenger\msnmsgr.exe <br/>C:\Program Files\Windows Live\Contacts\wlcomm.exe <br/>C:\Program Files\Mozilla Firefox\plugin-container.exe <br/>C:\Users\John\Documents\dds.com <br/>C:\Users\John\AppData\Local\Temp\nsmF460.tmp\nsB540.tmp <br/>C:\Windows\system32\cmd.exe <br/>C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <br/>C:\Users\John\AppData\Local\Temp\nsmF460.tmp\PEV.DAT <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.claro-search.com/?affID=116677&tt=5012_1&babsrc=HP_ss&mntrId=0adf335c000000000000001cdf55d5d3 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = <br/>R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) <br/>R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file) <br/>O1 - Hosts: ::1 localhost <br/>O2 - BHO: Claro LTD Helper Object - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.8.3.10\bh\claro.dll <br/>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll <br/>O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll <br/>O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll <br/>O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll <br/>O3 - Toolbar: Claro LTD Toolbar - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.8.3.10\claroTlbr.dll <br/>O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe <br/>O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" <br/>O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter <br/>O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe <br/>O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" <br/>O4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime <br/>O4 - HKLM\..\Run: [HFALoader] C:\Program Files\Hamster Soft\Free ZIP Archiver\HamsterArc.exe -loader <br/>O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe <br/>O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\John\AppData\Local\Akamai\netsession_win.exe" <br/>O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe <br/>O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe <br/>O4 - HKCU\..\Run: [SkyDrive] "C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background <br/>O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win <br/>O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe <br/>O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe <br/>O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 <br/>O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html <br/>O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll <br/>O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL <br/>O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing) <br/>O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing) <br/>O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics <br/>O13 - Gopher Prefix: <br/>O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll <br/>O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL <br/>O20 - AppInit_DLLs: c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL <br/>O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe <br/>O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe <br/>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe <br/>O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe <br/>O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe (file missing) <br/>O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe <br/>O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe <br/>O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe <br/>O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe <br/>O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe <br/> <br/>-- <br/>End of file - 9158 bytes
Posted 12/15/2012 7:20 PM
#94825
User avatar

JohnP Valued member

Date Joined Nov 2016
Total Posts: 19
More log files! First DDS one: <br/> <br/>DDS (Ver_2012-11-20.01) - NTFS_x86 <br/>Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2 <br/>Run by John at 18:22:54 on 2012-12-15 <br/>. <br/>============== Running Processes ================ <br/>. <br/>C:\Windows\system32\wininit.exe <br/>C:\Windows\system32\lsm.exe <br/>C:\Windows\system32\atiesrxx.exe <br/>C:\Windows\system32\SLsvc.exe <br/>C:\Windows\system32\atieclxx.exe <br/>C:\Windows\System32\spoolsv.exe <br/>C:\Windows\system32\AERTSrv.exe <br/>C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe <br/>C:\Program Files\AVG\AVG2012\avgwdsvc.exe <br/>C:\Program Files\Bonjour\mDNSResponder.exe <br/>C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe <br/>C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE <br/>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE <br/>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe <br/>C:\Windows\system32\taskeng.exe <br/>C:\Windows\system32\Dwm.exe <br/>C:\Windows\Explorer.EXE <br/>C:\Windows\System32\WUDFHost.exe <br/>C:\Windows\system32\taskeng.exe <br/>C:\Windows\RtHDVCpl.exe <br/>C:\Program Files\AVG\AVG2012\avgtray.exe <br/>C:\Program Files\Dell Support Center\bin\sprtcmd.exe <br/>C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe <br/>C:\Users\John\AppData\Local\Akamai\netsession_win.exe <br/>C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe <br/>C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe <br/>C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe <br/>C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe <br/>C:\Windows\ehome\ehtray.exe <br/>C:\Program Files\Windows Media Player\wmpnscfg.exe <br/>C:\Windows\ehome\ehmsas.exe <br/>C:\Users\John\AppData\Local\Akamai\netsession_win.exe <br/>C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe <br/>C:\Windows\System32\mobsync.exe <br/>C:\Program Files\Dell Support Center\bin\sprtsvc.exe <br/>C:\Windows\system32\wuauclt.exe <br/>C:\Program Files\Mozilla Firefox\firefox.exe <br/>C:\Program Files\Windows Live\Messenger\msnmsgr.exe <br/>C:\Program Files\Windows Live\Contacts\wlcomm.exe <br/>C:\Program Files\Mozilla Firefox\plugin-container.exe <br/>C:\Program Files\iPod\bin\iPodService.exe <br/>C:\Users\John\AppData\Local\Temp\nsmF460.tmp\nsB540.tmp <br/>C:\Windows\servicing\TrustedInstaller.exe <br/>C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <br/>C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe <br/>C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE <br/>C:\Program Files\AVG\AVG2012\avgcfgex.exe <br/>C:\Windows\system32\wbem\wmiprvse.exe <br/>C:\Users\John\AppData\Local\Temp\nsmF460.tmp\PEV.DAT <br/>C:\Windows\system32\svchost.exe -k DcomLaunch <br/>C:\Windows\system32\svchost.exe -k rpcss <br/>C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted <br/>C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted <br/>C:\Windows\system32\svchost.exe -k netsvcs <br/>C:\Windows\system32\svchost.exe -k GPSvcGroup <br/>C:\Windows\system32\svchost.exe -k LocalService <br/>C:\Windows\system32\svchost.exe -k NetworkService <br/>C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork <br/>C:\Windows\system32\svchost.exe -k imgsvc <br/>C:\Windows\System32\svchost.exe -k WerSvcGroup <br/>C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation <br/>. <br/>============== Pseudo HJT Report =============== <br/>. <br/>uStart Page = hxxp://www.claro-search.com/?affID=116677&tt=5012_1&babsrc=HP_ss&mntrId=0adf335c000000000000001cdf55d5d3 <br/>uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 <br/>uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s <br/>uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned> <br/>uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned> <br/>BHO: Claro LTD Helper Object: {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - c:\program files\claro ltd\claro\1.8.3.10\bh\claro.dll <br/>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll <br/>BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll <br/>BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll <br/>BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll <br/>BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll <br/>BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll <br/>BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll <br/>TB: Claro LTD Toolbar: {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - c:\program files\claro ltd\claro\1.8.3.10\claroTlbr.dll <br/>EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file> <br/>EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file> <br/>uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe <br/>uRun: [Akamai NetSession Interface] "c:\users\john\appdata\local\akamai\netsession_win.exe" <br/>uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe <br/>uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe <br/>uRun: [SkyDrive] "c:\users\john\appdata\local\microsoft\skydrive\SkyDrive.exe" /background <br/>uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win <br/>uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe <br/>mRun: [RtHDVCpl] RtHDVCpl.exe <br/>mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" <br/>mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter <br/>mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe <br/>mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" <br/>mRun: [DataCardMonitor] c:\program files\t-mobile\t-mobile internet manager\DataCardMonitor.exe <br/>mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime <br/>mRun: [HFALoader] c:\program files\hamster soft\free zip archiver\HamsterArc.exe -loader <br/>uPolicies-Explorer: NoDrives = dword:0 <br/>mPolicies-Explorer: NoDrives = dword:0 <br/>mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 <br/>mPolicies-System: EnableUIADesktopToggle = dword:0 <br/>IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204 <br/>IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 <br/>IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html <br/>IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll <br/>IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll <br/>IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} <br/>IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204 <br/>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab <br/>DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab <br/>DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab <br/>TCP: NameServer = 192.168.1.1 <br/>TCP: Interfaces\{726FD201-4437-40E8-8B1F-DB99A9D4DB59} : DHCPNameServer = 192.168.1.1 <br/>Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll <br/>Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll <br/>Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll <br/>AppInit_DLLs= c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll c:\progra~1\google\google~3\GOEC62~1.DLL <br/>LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg <br/>. <br/>================= FIREFOX =================== <br/>. <br/>FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\8v585965.default\ <br/>FF - prefs.js: browser.search.selectedEngine - <br/>FF - prefs.js: browser.startup.homepage - <br/>FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=116677&tt=5012_1&babsrc=KW_ss&mntrId=0adf335c000000000000001cdf55d5d3&q= <br/>FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll <br/>FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll <br/>FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll <br/>FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll <br/>FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll <br/>FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll <br/>FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll <br/>FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll <br/>FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll <br/>FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll <br/>FF - plugin: c:\program files\microsoft\office live\npOLW.dll <br/>FF - plugin: c:\users\john\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll <br/>FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll <br/>FF - plugin: c:\windows\system32\npdeployJava1.dll <br/>FF - plugin: c:\windows\system32\npmproxy.dll <br/>FF - ExtSQL: !HIDDEN! 2009-10-21 21:16; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension <br/>. <br/>---- FIREFOX POLICIES ---- <br/>FF - user.js: network.http.max-persistent-connections-per-server - 4 <br/>FF - user.js: nglayout.initialpaint.delay - 600 <br/>FF - user.js: content.notify.interval - 600000 <br/>FF - user.js: content.max.tokenizing.time - 1800000 <br/>FF - user.js: content.switch.threshold - 600000 <br/>FF - user.js: extensions.claro.tlbrSrchUrl - <br/>FF - user.js: extensions.claro.id - 0adf335c000000000000001cdf55d5d3 <br/>FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062} <br/>FF - user.js: extensions.claro.instlDay - 15685 <br/>FF - user.js: extensions.claro.vrsn - 1.8.3.10 <br/>FF - user.js: extensions.claro.vrsni - 1.8.3.10 <br/>FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1018:53:30 <br/>FF - user.js: extensions.claro.prtnrId - claro <br/>FF - user.js: extensions.claro.prdct - claro <br/>FF - user.js: extensions.claro.aflt - babsst <br/>FF - user.js: extensions.claro_i.smplGrp - none <br/>FF - user.js: extensions.claro.tlbrId - base <br/>FF - user.js: extensions.claro.instlRef - sst <br/>FF - user.js: extensions.claro.dfltLng - en <br/>FF - user.js: extensions.claro.excTlbr - false <br/>FF - user.js: extensions.claro.admin - false <br/>. <br/>============= SERVICES / DRIVERS =============== <br/>. <br/>R? AVGIDSAgent;AVGIDSAgent <br/>R? AVGIDSDriver;AVGIDSDriver <br/>R? AVGIDSFilter;AVGIDSFilter <br/>R? BrowserProtect;BrowserProtect <br/>R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 <br/>R? clwvd;CyberLink WebCam Virtual Driver <br/>R? easytether;easytether <br/>R? GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335 <br/>R? hwusbfake;Huawei DataCard USB Fake <br/>R? LMIRfsClientNP;LMIRfsClientNP <br/>R? McComponentHostService;McAfee Security Scan Component Host Service <br/>R? Netaapl;Apple Mobile Device Ethernet Service <br/>R? nmwcdnsu;Nokia USB Flashing Phone Parent <br/>R? nmwcdnsuc;Nokia USB Flashing Generic <br/>R? phc700;USB PC Camera (SPC700NC) <br/>R? Skype C2C Service;Skype C2C Service <br/>R? SkypeUpdate;Skype Updater <br/>R? TeamViewer7;TeamViewer 7 <br/>R? VCam_WDM;Fake Webcam 7.2 <br/>R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0 <br/>S? AERTFilters;Andrea RT Filters Service <br/>S? AMD External Events Utility;AMD External Events Utility <br/>S? Autodesk Content Service;Autodesk Content Service <br/>S? AVGIDSHX;AVGIDSHX <br/>S? AVGIDSShim;AVGIDSShim <br/>S? Avgldx86;AVG AVI Loader Driver <br/>S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield <br/>S? Avgrkx86;AVG Anti-Rootkit Driver <br/>S? Avgtdix;AVG TDI Driver <br/>S? avgwd;AVG WatchDog <br/>S? FontCache;Windows Font Cache Service <br/>S? LMIGuardianSvc;LMIGuardianSvc <br/>S? LMIInfo;LogMeIn Kernel Information Provider <br/>S? LMIRfsDriver;LogMeIn Remote File System Driver <br/>S? MBAMSwissArmy;MBAMSwissArmy <br/>S? rt61x86;Belkin F5D9000 Wireless G+ MIMO Desktop PCI Card Driver for Windows Vista <br/>. <br/>=============== File Associations =============== <br/>. <br/>FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1" <br/>. <br/>=============== Created Last 30 ================ <br/>. <br/>2012-12-15 18:04:11 -------- dc----w- c:\program files\Trend Micro <br/>2012-12-15 17:41:34 -------- dc----w- c:\users\john\appdata\local\{E5237BDA-8757-4871-8442-A8B6D11F7831} <br/>2012-12-13 03:01:35 9728 ----a-w- c:\windows\system32\Wdfres.dll <br/>2012-12-13 03:01:14 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys <br/>2012-12-13 03:01:14 16896 ----a-w- c:\windows\system32\winusb.dll <br/>2012-12-13 03:01:14 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys <br/>2012-12-13 03:01:13 73216 ----a-w- c:\windows\system32\WUDFSvc.dll <br/>2012-12-13 03:01:13 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll <br/>2012-12-13 03:01:08 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys <br/>2012-12-13 03:01:08 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys <br/>2012-12-13 03:01:06 34944 ----a-w- c:\windows\system32\drivers\winusb.sys <br/>2012-12-13 03:01:05 613888 ----a-w- c:\windows\system32\WUDFx.dll <br/>2012-12-13 03:01:05 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll <br/>2012-12-13 03:01:05 196608 ----a-w- c:\windows\system32\WUDFHost.exe <br/>2012-12-12 06:13:15 2048000 ----a-w- c:\windows\system32\win32k.sys <br/>2012-12-12 06:13:14 376320 ----a-w- c:\windows\system32\dpnet.dll <br/>2012-12-12 06:13:14 23040 ----a-w- c:\windows\system32\dpnsvr.exe <br/>2012-12-12 06:13:12 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys <br/>2012-12-12 06:13:07 34304 ----a-w- c:\windows\system32\atmlib.dll <br/>2012-12-12 06:13:07 293376 ----a-w- c:\windows\system32\atmfd.dll <br/>2012-12-12 06:13:05 2048 ----a-w- c:\windows\system32\tzres.dll <br/>2012-12-11 18:54:24 -------- dc----w- c:\users\john\appdata\roaming\HamsterSoft <br/>2012-12-11 18:54:24 -------- dc----w- c:\program files\Hamster Soft <br/>2012-12-11 18:53:42 -------- dc----w- c:\users\john\appdata\roaming\Claro <br/>2012-12-11 18:53:34 -------- dc----w- c:\programdata\BrowserProtect <br/>2012-12-11 18:53:32 -------- dc----w- c:\program files\Claro LTD <br/>2012-12-11 18:53:13 -------- dc----w- c:\users\john\appdata\roaming\Babylon <br/>2012-12-11 18:53:13 -------- dc----w- c:\programdata\Babylon <br/>2012-12-11 18:33:34 -------- dc----w- c:\users\john\appdata\local\{7B304D62-770F-433A-B17C-F6342C6D08F0} <br/>2012-12-03 18:33:10 -------- dc----w- c:\users\john\appdata\local\{A2AD8728-AEA6-432F-BC2F-4E34287B27A1} <br/>2012-11-20 22:18:23 -------- dc----w- c:\users\john\appdata\local\{CD44907A-6393-4A89-94C9-59C94EE68204} <br/>2012-11-19 18:09:16 -------- dc----w- c:\users\john\appdata\local\{021540BE-895D-412F-BF7A-2BF50E79192C} <br/>2012-11-18 14:05:45 -------- dc----w- c:\users\john\appdata\local\{7EF2953B-E4BE-48E4-9FF0-7E636B1567D5} <br/>2012-11-17 11:35:47 -------- dc----w- c:\users\john\appdata\local\{C4D595CE-A43A-4E20-8B4C-BE6E05A9E015} <br/>2012-11-16 19:17:57 -------- dc----w- c:\users\john\appdata\local\{B6779BDC-24C3-4E2A-A43D-9AA969A11581} <br/>2012-11-15 22:00:53 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll <br/>. <br/>==================== Find3M ==================== <br/>. <br/>2012-12-03 18:34:28 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe <br/>2012-12-03 18:34:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl <br/>2012-10-25 03:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx <br/>2012-10-25 03:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts <br/>2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll <br/>2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll <br/>2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl <br/>2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe <br/>2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll <br/>2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb <br/>2012-09-25 16:19:41 75776 ----a-w- c:\windows\system32\synceng.dll <br/>. <br/>============= FINISH: 19:15:31.84 ===============
Posted 12/15/2012 7:20 PM
#94826
User avatar

JohnP Valued member

Date Joined Nov 2016
Total Posts: 19
Second DDS File: <br/> <br/>. <br/>UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. <br/>IF REQUESTED, ZIP IT UP & ATTACH IT <br/>. <br/>DDS (Ver_2012-11-20.01) <br/>. <br/>Microsoft® Windows Vista™ Home Premium <br/>Boot Device: \Device\HarddiskVolume3 <br/>Install Date: 04/01/2009 12:02:12 <br/>System Uptime: 15/12/2012 15:39:59 (4 hours ago) <br/>. <br/>Motherboard: Dell Inc. | | 0K216C <br/>Processor: Intel(R) Core(TM)2 Duo CPU E7300 @ 2.66GHz | Socket 775 | 2667/266mhz <br/>. <br/>==== Disk Partitions ========================= <br/>. <br/>C: is FIXED (NTFS) - 288 GiB total, 107.725 GiB free. <br/>D: is FIXED (NTFS) - 10 GiB total, 4.805 GiB free. <br/>E: is CDROM () <br/>G: is Removable <br/>H: is Removable <br/>I: is Removable <br/>J: is Removable <br/>K: is FIXED (NTFS) - 932 GiB total, 917.964 GiB free. <br/>M: is FIXED (NTFS) - 233 GiB total, 137.554 GiB free. <br/>. <br/>==== Disabled Device Manager Items ============= <br/>. <br/>==== System Restore Points =================== <br/>. <br/>. <br/>==== Installed Programs ====================== <br/>. <br/> Update for Microsoft Office 2007 (KB2508958) <br/>7-Zip 4.65 <br/>Acrobat.com <br/>Adobe AIR <br/>Adobe Flash Player 11 ActiveX <br/>Adobe Flash Player 11 Plugin <br/>Adobe Reader X (10.1.4) <br/>Akamai NetSession Interface <br/>Anti-Spy.Info 1.8d <br/>Apple Application Support <br/>Apple Mobile Device Support <br/>Apple Software Update <br/>Asterisk Key 10.0 <br/>ATI Catalyst Control Center <br/>ATI Catalyst Install Manager <br/>µTorrent <br/>AutoCAD Architecture 2012 - English <br/>AutoCAD Architecture 2012 - English SP 1 <br/>AutoCAD Architecture 2012 Language Pack - English <br/>Autodesk Content Service <br/>Autodesk Design Review 2012 <br/>Autodesk Inventor Fusion 2012 <br/>Autodesk Inventor Fusion 2012 Language Pack <br/>Autodesk Material Library 2012 <br/>Autodesk Material Library Base Resolution Image Library 2012 <br/>AVG 2012 <br/>AVG 2013 <br/>BlackBerry Device Manager 7.0 <br/>BlackBerry Device Software Updater <br/>Bonjour <br/>Browser Address Error Redirector <br/>BrowserProtect <br/>Catalyst Control Center Core Implementation <br/>Catalyst Control Center Graphics Full Existing <br/>Catalyst Control Center Graphics Full New <br/>Catalyst Control Center Graphics Light <br/>Catalyst Control Center Graphics Previews Common <br/>Catalyst Control Center Graphics Previews Vista <br/>Catalyst Control Center Localization Chinese Standard <br/>Catalyst Control Center Localization Chinese Traditional <br/>Catalyst Control Center Localization French <br/>Catalyst Control Center Localization German <br/>Catalyst Control Center Localization Hungarian <br/>Catalyst Control Center Localization Italian <br/>Catalyst Control Center Localization Japanese <br/>Catalyst Control Center Localization Korean <br/>Catalyst Control Center Localization Polish <br/>Catalyst Control Center Localization Portuguese <br/>Catalyst Control Center Localization Spanish <br/>Catalyst Control Center Localization Thai <br/>Catalyst Control Center Localization Turkish <br/>ccc-core-static <br/>ccc-utility <br/>CCC Help Chinese Standard <br/>CCC Help Chinese Traditional <br/>CCC Help English <br/>CCC Help French <br/>CCC Help German <br/>CCC Help Hungarian <br/>CCC Help Italian <br/>CCC Help Japanese <br/>CCC Help Korean <br/>CCC Help Polish <br/>CCC Help Portuguese <br/>CCC Help Spanish <br/>CCC Help Thai <br/>CCC Help Turkish <br/>CCleaner <br/>Claro Chrome Toolbar <br/>Claro LTD toolbar <br/>Compatibility Pack for the 2007 Office system <br/>CutePDF Writer 2.8 <br/>D3DX10 <br/>Debut Video Capture Software <br/>Defraggler <br/>Dell Resource CD <br/>Dell Support Center (Support Software) <br/>DivX Converter <br/>DivX Plus DirectShow Filters <br/>DivX Setup <br/>DVD Flick <br/>DWG TrueView 2011 <br/>DWG TrueView 2012 <br/>Evernote v. 4.5.8 <br/>Facebook Video Calling 1.2.0.287 <br/>FARO LS 1.1.406.58 <br/>Free RAR Extract Frog <br/>Google Desktop <br/>Google SketchUp 8 <br/>Google Update Helper <br/>Hamster Lite Archiver 2.0.1.2 <br/>HijackThis 2.0.2 <br/>Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) <br/>Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) <br/>HP Deskjet 3050 J610 series Basic Device Software <br/>HP Deskjet 3050 J610 series Help <br/>HP Photo Creations <br/>HP Update <br/>HPDiagnosticAlert <br/>iCloud <br/>Intel(R) PRO Network Connections 12.1.11.0 <br/>iTunes <br/>Java 7 Update 9 <br/>Java Auto Updater <br/>Lagarith lossless video codec (Remove Only) <br/>LogMeIn <br/>Malwarebytes' Anti-Malware <br/>Mavis Beacon Teaches Typing Platinum 20 <br/>McAfee Security Scan Plus <br/>MediaRemoteConnector <br/>Microsoft .NET Framework 3.5 SP1 <br/>Microsoft .NET Framework 4 Client Profile <br/>Microsoft .NET Framework 4 Extended <br/>Microsoft Application Error Reporting <br/>Microsoft Office 2007 Service Pack 3 (SP3) <br/>Microsoft Office File Validation Add-In <br/>Microsoft Office Live Add-in 1.5 <br/>Microsoft Office Outlook Connector <br/>Microsoft Office PowerPoint Viewer 2007 (English) <br/>Microsoft Office Project 2007 Service Pack 3 (SP3) <br/>Microsoft Office Project MUI (English) 2007 <br/>Microsoft Office Project Professional 2007 <br/>Microsoft Office Proof (English) 2007 <br/>Microsoft Office Proof (French) 2007 <br/>Microsoft Office Proof (Spanish) 2007 <br/>Microsoft Office Proofing (English) 2007 <br/>Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) <br/>Microsoft Office Shared MUI (English) 2007 <br/>Microsoft Office Shared Setup Metadata MUI (English) 2007 <br/>Microsoft Office Standard Edition 2003 <br/>Microsoft Primary Interoperability Assemblies 2005 <br/>Microsoft Silverlight <br/>Microsoft SkyDrive <br/>Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 <br/>Microsoft Visual C++ 2005 Redistributable <br/>Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 <br/>Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 <br/>Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 <br/>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 <br/>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 <br/>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 <br/>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 <br/>Microsoft WSE 3.0 Runtime <br/>Mozilla Firefox 16.0.2 (x86 en-GB) <br/>Mozilla Maintenance Service <br/>MSVC80_x86 <br/>MSVC80_x86_v2 <br/>MSVC90_x86 <br/>MSVCRT <br/>MSVCSetup <br/>MSXML 4.0 SP2 (KB954430) <br/>MSXML 4.0 SP2 (KB973688) <br/>MusicBrainz Picard <br/>OGA Notifier 2.0.0048.0 <br/>pdfsam <br/>Philips VLounge <br/>QuickTime <br/>Realtek High Definition Audio Driver <br/>SDExplorer Advanced 3.5 <br/>Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) <br/>Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) <br/>Security Update for Microsoft .NET Framework 4 Extended (KB2487367) <br/>Security Update for Microsoft .NET Framework 4 Extended (KB2656351) <br/>Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition <br/>Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition <br/>Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition <br/>Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition <br/>Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition <br/>Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition <br/>Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition <br/>Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition <br/>Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition <br/>Segoe UI <br/>SketchUp DWG Importer <br/>Skins <br/>Skype Click to Call <br/>Skype™ 5.10 <br/>SPC 700NC PC Camera <br/>Speccy <br/>Spotify <br/>TeamViewer 7 <br/>Update for 2007 Microsoft Office System (KB967642) <br/>Update for Microsoft .NET Framework 3.5 SP1 (KB963707) <br/>Update for Microsoft .NET Framework 4 Client Profile (KB2468871) <br/>Update for Microsoft .NET Framework 4 Client Profile (KB2533523) <br/>Update for Microsoft .NET Framework 4 Client Profile (KB2600217) <br/>Update for Microsoft .NET Framework 4 Extended (KB2468871) <br/>Update for Microsoft .NET Framework 4 Extended (KB2533523) <br/>Update for Microsoft .NET Framework 4 Extended (KB2600217) <br/>Update for Microsoft Office 2007 Help for Common Features (KB963673) <br/>Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition <br/>Update for Microsoft Office Project 2007 Help (KB963668) <br/>Update for Microsoft Office Script Editor Help (KB963671) <br/>VC80CRTRedist - 8.0.50727.6195 <br/>VLC media player 2.0.2 <br/>Vuze <br/>Windows Live Communications Platform <br/>Windows Live Essentials <br/>Windows Live ID Sign-in Assistant <br/>Windows Live Installer <br/>Windows Live Messenger <br/>Windows Live Photo Common <br/>Windows Live PIMT Platform <br/>Windows Live SOXE <br/>Windows Live SOXE Definitions <br/>Windows Live UX Platform <br/>Windows Live UX Platform Language Pack <br/>Windows Media Player Firefox Plugin <br/>Yahoo! Messenger <br/>. <br/>==== End Of File ===========================
Posted 12/15/2012 9:05 PM
#94827
User avatar

JohnP Valued member

Date Joined Nov 2016
Total Posts: 19
And the Malware log!! <br/> <br/>Thanks in advance for any help. <br/> <br/>Malwarebytes' Anti-Malware 1.45 <br/>www.malwarebytes.org <br/> <br/>Database version: 3930 <br/> <br/>Windows 6.0.6002 Service Pack 2 <br/>Internet Explorer 9.0.8112.16421 <br/> <br/>15/12/2012 20:49:14 <br/>mbam-log-2012-12-15 (20-49-14).txt <br/> <br/>Scan type: Full scan (C:\|D:\|E:\|G:\|H:\|I:\|J:\|) <br/>Objects scanned: 397486 <br/>Time elapsed: 2 hour(s), 40 minute(s), 5 second(s) <br/> <br/>Memory Processes Infected: 0 <br/>Memory Modules Infected: 0 <br/>Registry Keys Infected: 0 <br/>Registry Values Infected: 0 <br/>Registry Data Items Infected: 0 <br/>Folders Infected: 0 <br/>Files Infected: 0 <br/> <br/>Memory Processes Infected: <br/>(No malicious items detected) <br/> <br/>Memory Modules Infected: <br/>(No malicious items detected) <br/> <br/>Registry Keys Infected: <br/>(No malicious items detected) <br/> <br/>Registry Values Infected: <br/>(No malicious items detected) <br/> <br/>Registry Data Items Infected: <br/>(No malicious items detected) <br/> <br/>Folders Infected: <br/>(No malicious items detected) <br/> <br/>Files Infected: <br/>(No malicious items detected)
Posted 12/16/2012 12:58 AM
#94829
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hi JohnP :-) <br/> <br/> <br/> <br/> <br/> <br/> <br/>"but here is a report from the resident shield protection:" <br/> <br/> <br/> <br/>From which scanner/Anitivirus ? <br/> <br/> <br/> <br/> <br/>It looks however, there are "only" one infected file: <br/> <br/>Trojan horse Downloader.Generic9.BEXB;"c:\Users\John\Downloads\Fake Webcam 6.1.3 with Keygen [.Dude.]\Fake Webcam 6.1.3\[color=red>Keygen.exe</FONT>[/b]";"Infected";"18/09/2012, 21:55:14";"file";"C:\Windows\explorer.exe" <br/> <br/> <br/>Keygen - huh :shocked: <br/> <br/> <br/> <br/> <br/> <br/>Remove from Programs in controlpanel: <br/> <br/> <br/> <br/>[code] <br/>µTorrent <br/>AVG 2012 <br/>Claro Chrome Toolbar <br/>Claro LTD toolbar <br/>McAfee Security Scan Plus <br/>Vuze <br/>[/code] <br/> <br/>Reboot. <br/> <br/> <br/> <br/> <br/> <br/>Please download -> <br/> <br/><SPAN style="FONT-FAMILY: Arial; COLOR: black; FONT-SIZE: 10.5pt; mso-ansi-language: EN-GB" lang=EN-GB> <br/><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN-GB" lang=EN-GB><SPAN style="mso-spacerun: yes">[3] [/3]</o:p> <br/> <br/><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN-GB" lang=EN-GB><o:p>[3] [/3]</o:p><SPAN style="FONT-FAMILY: Arial; FONT-SIZE: 13pt; mso-ansi-language: EN-GB" lang=EN-GB>Double click on<SPAN class=apple-converted-space> AdwCleaner.exe<SPAN class=apple-converted-space> to run the tool.<SPAN class=apple-converted-space> <br/><SPAN style="FONT-FAMILY: Arial; COLOR: red; FONT-SIZE: 13pt; mso-ansi-language: EN-GB" lang=EN-GB>***Note: Windows <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" /><st1:place w:st="on">Vista</st1:place> and Windows 7 users:<SPAN class=apple-converted-space><SPAN style="FONT-FAMILY: Arial; FONT-SIZE: 13pt; mso-ansi-language: EN-GB" lang=EN-GB> <SPAN style="FONT-FAMILY: Arial; FONT-SIZE: 13pt; mso-ansi-language: EN-GB" lang=EN-GB> <br/>Right click in the<SPAN class=apple-converted-space> adwCleaner.exe<SPAN class=apple-converted-space> and select<SPAN class=apple-converted-space> – Run as admin<SPAN class=apple-converted-space> <o:p></o:p> <br/> <br/><UL style="MARGIN-TOP: 0cm" type=disc> <br/><LI style="LINE-HEIGHT: 13.5pt; MARGIN: 0cm 0cm 0pt; BACKGROUND: white; COLOR: black; mso-list: l1 level1 lfo2; tab-stops: list 36.0pt" class=MsoNormal><SPAN style="FONT-FAMILY: Arial; FONT-SIZE: 13pt">Click<SPAN class=apple-converted-space> Delete.<SPAN class=apple-converted-space> <o:p></o:p></LI> <br/><LI style="LINE-HEIGHT: 13.5pt; MARGIN: 0cm 0cm 0pt; BACKGROUND: white; COLOR: black; mso-list: l1 level1 lfo2; tab-stops: list 36.0pt" class=MsoNormal><SPAN style="FONT-FAMILY: Arial; FONT-SIZE: 13pt; mso-ansi-language: EN-GB" lang=EN-GB>Everything<SPAN class=apple-converted-space><SPAN style="FONT-FAMILY: Arial; FONT-SIZE: 13pt; mso-ansi-language: EN-GB" lang=EN-GB> <SPAN style="FONT-FAMILY: Arial; FONT-SIZE: 13pt; mso-ansi-language: EN-GB" lang=EN-GB>that was found will be deleted.<SPAN class=apple-converted-space> <o:p></o:p></LI> <br/><LI style="LINE-HEIGHT: 13.5pt; MARGIN: 0cm 0cm 0pt; BACKGROUND: white; COLOR: black; mso-list: l1 level1 lfo2; tab-stops: list 36.0pt" class=MsoNormal><SPAN style="FONT-FAMILY: Arial; FONT-SIZE: 13pt; mso-ansi-language: EN-GB" lang=EN-GB>Save any open files and approve the reboot. A text file will open after the restart.<SPAN class=apple-converted-space> <o:p></o:p></LI></UL> <br/><SPAN style="FONT-FAMILY: Tahoma; mso-ansi-language: EN-GB" lang=EN-GB><o:p>[3] [/3]</o:p> <br/> <br/> <br/><SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB>Please download Combofix from: http://download.bleepingcomputer.com/sUBs/ComboFix.exe <br/> <br/><SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB><SPAN style="mso-spacerun: yes"> And save to the desktop.<o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB><o:p> </o:p> <br/> <br/><SPAN style="FONT-FAMILY: Arial; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC: <br/>Exit all windows that are currently open on your computer.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Arial; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt" lang=EN-GB><o:p> </o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN; mso-bidi-font-size: 11.0pt" lang=EN> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>Double-click on the combofix icon found on your desktop. <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt" lang=EN-GB>Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt" lang=EN-GB>In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.<o:p></o:p> <br/> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB><SPAN style="mso-spacerun: yes"> When finished, it will produce a logfile located at C:\combofix.txt.<SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB><o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB> <SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt" lang=EN-GB> <br/><SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB>Post the contents of that log in your next reply <o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB><o:p> </o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN; mso-bidi-font-size: 12.0pt" lang=EN>The logs will be reasonably large so you may have to divide them into sections and make several posts to post them. <br/><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><SPAN class=postbody><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma" lang=EN-GB><o:p></o:p> <br/> <br/><b> <br/></b>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/16/2012 11:56 AM
#94831
User avatar

JohnP Valued member

Date Joined Nov 2016
Total Posts: 19
Hi Touch, <br/> <br/>Thank you very much for taking the time to reply; it's appreciated. <br/> <br/>Everything went fine, bar the AVG antivirus just won't uninstall. The resident shield that I referred to earlier is part of this. <br/> <br/>I've been through the uninstall process and the only thing that seems to have happened is that it now says the anti-rootkit driver is now not found. The AVG website says a re-start will sort the problem out but it hasn't. An update to the anti virus software just says 'general error' now. I did manage to disable it to run all the scans though. <br/> <br/>Just for clarity, my AVG is my only antivirus running on this PC. <br/> <br/>Log from combofix below. <br/> <br/>Thanks again, <br/> <br/>John <br/> <br/>ComboFix 12-12-14.01 - John 16/12/2012 11:26:16.2.2 - x86 <br/>Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.678 [GMT 0:00] <br/>Running from: c:\users\John\Documents\ComboFix.exe <br/>AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} <br/>SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} <br/>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>C:\install.exe <br/>c:\windows\wininit.ini <br/>K:\Autorun.inf <br/>K:\Setup.exe <br/>. <br/>. <br/>((((((((((((((((((((((((( Files Created from 2012-11-16 to 2012-12-16 ))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>2012-12-16 11:42 . 2012-12-16 11:42 -------- dc----w- c:\users\John\AppData\Local\temp <br/>2012-12-16 11:42 . 2012-12-16 11:42 -------- dc----w- c:\users\Default\AppData\Local\temp <br/>2012-12-15 18:04 . 2012-12-15 18:04 -------- dc----w- c:\program files\Trend Micro <br/>2012-12-13 03:01 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll <br/>2012-12-13 03:01 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys <br/>2012-12-13 03:01 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys <br/>2012-12-13 03:01 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll <br/>2012-12-13 03:01 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll <br/>2012-12-13 03:01 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll <br/>2012-12-13 03:01 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys <br/>2012-12-13 03:01 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys <br/>2012-12-13 03:01 . 2009-07-13 23:51 34944 ----a-w- c:\windows\system32\drivers\winusb.sys <br/>2012-12-13 03:01 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe <br/>2012-12-13 03:01 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll <br/>2012-12-13 03:01 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll <br/>2012-12-12 06:13 . 2012-11-13 01:36 2048000 ----a-w- c:\windows\system32\win32k.sys <br/>2012-12-12 06:13 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll <br/>2012-12-12 06:13 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe <br/>2012-12-12 06:13 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys <br/>2012-12-12 06:13 . 2012-11-08 03:46 34304 ----a-w- c:\windows\system32\atmlib.dll <br/>2012-12-12 06:13 . 2012-11-08 01:36 293376 ----a-w- c:\windows\system32\atmfd.dll <br/>2012-12-12 06:13 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll <br/>2012-12-11 18:54 . 2012-12-11 18:54 -------- dc----w- c:\users\John\AppData\Roaming\HamsterSoft <br/>2012-12-11 18:54 . 2012-12-11 18:54 -------- dc----w- c:\program files\Hamster Soft <br/>2012-12-11 18:53 . 2012-12-11 18:53 -------- dc----w- c:\programdata\BrowserProtect <br/>. <br/>. <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2012-12-03 18:34 . 2012-04-04 16:18 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe <br/>2012-12-03 18:34 . 2011-06-20 06:21 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl <br/>2012-10-25 03:12 . 2012-10-25 03:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx <br/>2012-10-25 03:12 . 2012-10-25 03:12 69632 ----a-w- c:\windows\system32\QuickTime.qts <br/>2012-09-25 16:19 . 2012-11-14 05:21 75776 ----a-w- c:\windows\system32\synceng.dll <br/>2012-09-24 23:16 . 2012-11-15 22:00 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll <br/>2012-10-27 20:22 . 2012-10-27 20:22 261600 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll <br/>2010-06-15 18:41 . 2012-10-27 20:22 119808 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] <br/>@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" <br/>[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] <br/>2012-11-15 21:59 222712 -c--a-w- c:\users\John\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] <br/>@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" <br/>[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] <br/>2012-11-15 21:59 222712 -c--a-w- c:\users\John\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] <br/>@="{BBACC218-34EA-4666-9D7A-C78F2274A524}" <br/>[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] <br/>2012-11-15 21:59 222712 -c--a-w- c:\users\John\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll <br/>. <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] <br/>"Akamai NetSession Interface"="c:\users\John\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] <br/>"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280] <br/>"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-09-10 59280] <br/>"SkyDrive"="c:\users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-11-15 255992] <br/>"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2012-08-06 1591808] <br/>"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008] <br/>"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984] <br/>"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064] <br/>"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448] <br/>"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] <br/>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] <br/>"HFALoader"="c:\program files\Hamster Soft\Free ZIP Archiver\HamsterArc.exe" [2012-03-06 2260480] <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] <br/>"EnableUIADesktopToggle"= 0 (0x0) <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] <br/>"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] <br/>"aux9"=wdmaud.drv <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] <br/>@="Service" <br/>. <br/>[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] <br/>path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk <br/>backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup <br/>backupExtension=.CommonStartup <br/>. <br/>[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin700.exe.lnk] <br/>path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin700.exe.lnk <br/>backup=c:\windows\pss\TrayMin700.exe.lnk.CommonStartup <br/>backupExtension=.CommonStartup <br/>. <br/>[HKLM\~\startupfolder\C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk] <br/>path=c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk <br/>backup=c:\windows\pss\Dell Dock.lnk.Startup <br/>backupExtension=.Startup <br/>. <br/>[HKLM\~\startupfolder\C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk] <br/>path=c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk <br/>backup=c:\windows\pss\EvernoteClipper.lnk.Startup <br/>backupExtension=.Startup <br/>. <br/>[HKLM\~\startupfolder\C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteTray.lnk] <br/>path=c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk <br/>backup=c:\windows\pss\EvernoteTray.lnk.Startup <br/>backupExtension=.Startup <br/>. <br/>[HKLM\~\startupfolder\C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk] <br/>path=c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk <br/>backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup <br/>backupExtension=.Startup <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] <br/>2012-07-27 20:51 919008 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter] <br/>2008-10-04 13:58 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] <br/>2011-07-28 23:08 1259376 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update] <br/>2012-07-11 22:23 138096 -c--atw- c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] <br/>2010-06-15 18:41 30192 -c--a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] <br/>2008-10-24 09:14 206112 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] <br/>2012-09-09 22:30 421776 -c--a-w- c:\program files\iTunes\iTunesHelper.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI] <br/>2008-08-11 12:41 63048 -c--a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaRemoteControl] <br/>2012-01-10 11:07 103936 -c--a-w- c:\program files\MediaRemoteConnector\MediaRemoteConnector.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] <br/>2012-02-22 19:49 6591800 -c--a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phc700] <br/>2006-10-16 10:18 344064 -c--a-w- c:\windows\vphc700.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] <br/>2012-10-25 03:12 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] <br/>2012-07-13 12:33 17418928 -c--a-r- c:\program files\Skype\Phone\Skype.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] <br/>2012-09-10 10:37 1193176 -c--a-w- c:\users\John\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe <br/>. <br/>[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] <br/>"ehTray.exe"=c:\windows\ehome\ehTray.exe <br/>"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] <br/>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" <br/>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime <br/>"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe <br/>"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" <br/>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" <br/>"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" <br/>"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter <br/>"phc700"=c:\windows\vphc700.exe <br/>"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" <br/>"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW <br/>. <br/>S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x] <br/>. <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] <br/>HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 <br/>LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/>. <br/>2012-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job <br/>- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:34] <br/>. <br/>2012-12-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000Core.job <br/>- c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-29 22:23] <br/>. <br/>2012-12-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000UA.job <br/>- c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-29 22:23] <br/>. <br/>2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-05 09:39] <br/>. <br/>2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-05 09:39] <br/>. <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uStart Page = hxxp://www.google.com <br/>uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 <br/>uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> <br/>uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s <br/>IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204 <br/>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 <br/>IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html <br/>TCP: DhcpNameServer = 192.168.1.1 <br/>FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8v585965.default\ <br/>FF - prefs.js: browser.startup.homepage - <br/>FF - ExtSQL: !HIDDEN! 2009-10-21 21:16; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension <br/>. <br/>. <br/>------- File Associations ------- <br/>. <br/>.scr=AutoCADScriptFile <br/>. <br/>- - - - ORPHANS REMOVED - - - - <br/>. <br/>URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) <br/>URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file) <br/>WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) <br/>WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file) <br/>HKLM-Run-DataCardMonitor - c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe <br/>SafeBoot-WudfPf <br/>SafeBoot-WudfRd <br/>MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe <br/>MSConfigStartUp-Dell DataSafe Online - c:\program files\Dell DataSafe Online\DataSafeOnline.exe <br/>MSConfigStartUp-HW_OPENEYE_OUC_T-Mobile Internet Manager - c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe <br/>MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe <br/>MSConfigStartUp-YouCam Tray - c:\program files\CyberLink\YouCam\YouCamTray.exe <br/>. <br/>. <br/>. <br/>************************************************************************** <br/>. <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2012-12-16 11:42 <br/>Windows 6.0.6002 Service Pack 2 NTFS <br/>. <br/>scanning hidden processes ... <br/>. <br/>scanning hidden autostart entries ... <br/>. <br/>scanning hidden files ... <br/>. <br/>scan completed successfully <br/>hidden files: 0 <br/>. <br/>************************************************************************** <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/>. <br/>[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] <br/>@Denied: (2) (LocalSystem) <br/>"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, <br/> d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,09,9a,e6,0f,07,fc,40,a1,03,54,\ <br/>"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, <br/> d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,09,9a,e6,0f,07,fc,40,a1,03,54,\ <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] <br/>@Denied: (A 2) (Everyone) <br/>@="FlashBroker" <br/>"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] <br/>"Enabled"=dword:00000001 <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] <br/>@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] <br/>@Denied: (A 2) (Everyone) <br/>@="IFlashBroker5" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] <br/>@="{00020424-0000-0000-C000-000000000046}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>"Version"="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1*] <br/>"value"="?\0a\00\02\0a\09\00?" <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] <br/>@Denied: (A) (Users) <br/>@Denied: (A) (Everyone) <br/>@Allowed: (B 1 2 3 4 5) (S-1-5-20) <br/>"BlindDial"=dword:00000000 <br/>. <br/>Completion time: 2012-12-16 11:49:44 <br/>ComboFix-quarantined-files.txt 2012-12-16 11:49 <br/>ComboFix2.txt 2009-04-06 21:13 <br/>. <br/>Pre-Run: 108,734,070,784 bytes free <br/>Post-Run: 108,932,288,512 bytes free <br/>. <br/>- - End Of File - - CEAB5F25126E2FB5C019F9989BFF55A8
Posted 12/17/2012 8:47 AM
#94840
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
"Just for clarity, my AVG is my only antivirus running on this PC." <br/> <br/> <br/> <br/>I can see that, now ;-) <br/> <br/> <br/>It seems that you have so many things to boot up, so I would suggest we stop many of them, to make things easier. <br/> <br/>For this purpose, please follow below: <br/> <br/>Click here -> <br/>http://sourceforge.net/projects/hjt/ <br/> <br/>to download HJTinstall.exe <br/>• Save HJTinstall.exe to your desktop. <br/>• Double click on the HJTinstall.exe icon on your desktop. <br/>• By default it will install to C:\Program Files\Trend Micro\Hijack This. <br/>• Click I accept <br/>• Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log. <br/>• Click Save to save the log file and then the log will open in notepad. <br/>• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. <br/>• Come back here to this thread and Paste the log in your next reply. <br/> <br/>• DO NOT have Hijack This fix anything yet. <br/>• Most of what it finds will be harmless or even required.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/17/2012 10:04 AM
#94842
User avatar

JohnP Valued member

Date Joined Nov 2016
Total Posts: 19
Hello Touch, <br/> <br/>After I'd ran everything that you suggested, I tried again to update programs such as AVG, itunes and download a zip file, all of which worked fine, and the PC is working much faster, so I'm not sure if the programs you told me to run did manage to find and remove something. <br/> <br/>AVG is still operating, and I ran a fresh scan overnight last night to see if it picked anything up. <br/> <br/>I'm not on that PC at the moment but will post a fresh HJ log tonight. <br/> <br/>Thanks! <br/> <br/>John
Posted 12/17/2012 6:23 PM
#94843
User avatar

JohnP Valued member

Date Joined Nov 2016
Total Posts: 19
Touch, <br/> <br/>Thanks again. Please find below the HJ log as requested. <br/> <br/>A few notes: <br/> <br/>- The AVG scan last night found some threats. They state they are from unsigned drivers from Autodesk Architectural which is interesting because it's a licensed copy downloaded from Autodesk. I'm happy to remove Autodesk products as I primarily use them off another laptop. I've attached a screen shot of the report as I couldn't save a copy. <br/> <br/>- I've noted my Firefox is defaulting to Caro whch I remembering removing before. <br/> <br/>- The PC appears much slower again than it did after running everything the other day. <br/> <br/>Thanks, <br/> <br/>John <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 18:05:42, on 15/12/2012 <br/>Platform: Windows Vista SP2 (WinNT 6.00.1906) <br/>MSIE: Internet Explorer v9.00 (9.00.8112.16455) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\Windows\system32\taskeng.exe <br/>C:\Windows\system32\Dwm.exe <br/>C:\Windows\Explorer.EXE <br/>C:\Windows\RtHDVCpl.exe <br/>C:\Program Files\AVG\AVG2012\avgtray.exe <br/>C:\Program Files\Dell Support Center\bin\sprtcmd.exe <br/>C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe <br/>C:\Users\John\AppData\Local\Akamai\netsession_win.exe <br/>C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe <br/>C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe <br/>C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe <br/>C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe <br/>C:\Windows\ehome\ehtray.exe <br/>C:\Program Files\Windows Media Player\wmpnscfg.exe <br/>C:\Windows\ehome\ehmsas.exe <br/>C:\Users\John\AppData\Local\Akamai\netsession_win.exe <br/>C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe <br/>C:\Windows\System32\mobsync.exe <br/>C:\Windows\system32\wuauclt.exe <br/>C:\Program Files\Mozilla Firefox\firefox.exe <br/>C:\Program Files\Windows Live\Messenger\msnmsgr.exe <br/>C:\Program Files\Windows Live\Contacts\wlcomm.exe <br/>C:\Program Files\Mozilla Firefox\plugin-container.exe <br/>C:\Users\John\Documents\dds.com <br/>C:\Users\John\AppData\Local\Temp\nsmF460.tmp\nsB540.tmp <br/>C:\Windows\system32\cmd.exe <br/>C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <br/>C:\Users\John\AppData\Local\Temp\nsmF460.tmp\PEV.DAT <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.claro-search.com/?affID=116677&tt=5012_1&babsrc=HP_ss&mntrId=0adf335c000000000000001cdf55d5d3 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = <br/>R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) <br/>R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file) <br/>O1 - Hosts: ::1 localhost <br/>O2 - BHO: Claro LTD Helper Object - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.8.3.10\bh\claro.dll <br/>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll <br/>O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll <br/>O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll <br/>O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll <br/>O3 - Toolbar: Claro LTD Toolbar - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.8.3.10\claroTlbr.dll <br/>O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe <br/>O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" <br/>O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter <br/>O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe <br/>O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" <br/>O4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime <br/>O4 - HKLM\..\Run: [HFALoader] C:\Program Files\Hamster Soft\Free ZIP Archiver\HamsterArc.exe -loader <br/>O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe <br/>O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\John\AppData\Local\Akamai\netsession_win.exe" <br/>O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe <br/>O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe <br/>O4 - HKCU\..\Run: [SkyDrive] "C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background <br/>O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win <br/>O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe <br/>O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe <br/>O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 <br/>O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html <br/>O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll <br/>O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL <br/>O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing) <br/>O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing) <br/>O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics <br/>O13 - Gopher Prefix: <br/>O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll <br/>O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL <br/>O20 - AppInit_DLLs: c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL <br/>O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe <br/>O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe <br/>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe <br/>O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe <br/>O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe (file missing) <br/>O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe <br/>O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe <br/>O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe <br/>O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe <br/>O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe <br/> <br/>-- <br/>End of file - 9158 bytes
Post attachments:
AVG Log.jpg
Posted 12/18/2012 4:39 PM
#94848
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
" I'm happy to remove Autodesk products" <br/> <br/> <br/> <br/>Good, then I suggest you remove it. <br/> <br/> <br/>Download OTL by OldTimer, saving it to your desktop: http://oldtimer.geekstogo.com/OTL.exe <br/> <br/> <br/> <br/>• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. <br/>• Select All Users <br/>• Under the Custom Scan box paste this in: <br/> <br/> <br/> <br/>netsvcs <br/>activex <br/>msconfig <br/>%SYSTEMDRIVE%\*. <br/>%PROGRAMFILES%\*.exe <br/>%LOCALAPPDATA%\*.exe <br/>%windir%\Installer\*.* <br/>%windir%\system32\tasks\*.* <br/>%systemroot%\Fonts\*.exe <br/>%systemroot%\*. /mp /s <br/>/md5start <br/>consrv.dll <br/>explorer.exe <br/>winlogon.exe <br/>regedit.exe <br/>Userinit.exe <br/>svchost.exe <br/>MRESP50.SYS <br/>CBPSp50.sys <br/>/md5stop <br/>C:\Windows\assembly\tmp\U\*.* /s <br/>%Temp%\smtmp\1\*.* <br/>%Temp%\smtmp\2\*.* <br/>%Temp%\smtmp\3\*.* <br/>%Temp%\smtmp\4\*.* <br/>>C:\commands.txt echo list vol /raw /hide /c <br/>/wait <br/>>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c <br/>/wait <br/>type c:\diskreport.txt /c <br/>/wait <br/>erase c:\commands.txt /hide /c <br/>/wait <br/>erase c:\diskreport.txt /hide /c <br/>CREATERESTOREPOINT <br/> <br/> <br/>• <br/>• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. <br/>• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. <br/> <br/>• Post both logs

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/18/2012 8:25 PM
#94849
User avatar

JohnP Valued member

Date Joined Nov 2016
Total Posts: 19
Thank you. <br/> <br/>As requested. OTL.txt: <br/> <br/>OTL logfile created on: 18/12/2012 19:55:31 - Run 1 <br/>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Documents <br/>Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation <br/>Internet Explorer (Version = 9.0.8112.16421) <br/>Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy <br/> <br/>2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.47% Memory free <br/>4.23 Gb Paging File | 3.13 Gb Available in Paging File | 74.06% Paging File free <br/>Paging file location(s): ?:\pagefile.sys [binary data] <br/> <br/>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files <br/>Drive C: | 288.02 Gb Total Space | 86.34 Gb Free Space | 29.98% Space Free | Partition Type: NTFS <br/>Drive D: | 10.00 Gb Total Space | 4.80 Gb Free Space | 48.05% Space Free | Partition Type: NTFS <br/>Drive K: | 931.51 Gb Total Space | 922.39 Gb Free Space | 99.02% Space Free | Partition Type: NTFS <br/>Drive M: | 232.88 Gb Total Space | 137.41 Gb Free Space | 59.00% Space Free | Partition Type: NTFS <br/> <br/>Computer Name: JOHN-PC | User Name: John | Logged in as Administrator. <br/>Boot Mode: Normal | Scan Mode: All users | Quick Scan <br/>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days <br/> <br/>[color=#E56717]========== Processes (SafeList) ==========[/color] <br/> <br/>PRC - [2012/12/18 19:54:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Documents\OTL.exe <br/>PRC - [2012/11/28 16:37:22 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe <br/>PRC - [2012/11/28 16:23:06 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe <br/>PRC - [2012/11/28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe <br/>PRC - [2012/11/15 21:59:03 | 000,255,992 | ---- | M] (Microsoft Corporation) -- C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe <br/>PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe <br/>PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe <br/>PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe <br/>PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe <br/>PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe <br/>PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe <br/>PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\John\AppData\Local\Akamai\netsession_win.exe <br/>PRC - [2012/08/09 22:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe <br/>PRC - [2012/07/12 17:36:56 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe <br/>PRC - [2012/04/06 01:16:26 | 000,451,072 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe <br/>PRC - [2012/04/06 01:15:52 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe <br/>PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe <br/>PRC - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe <br/>PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe <br/>PRC - [2008/10/04 13:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe <br/>PRC - [2008/10/04 13:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe <br/>PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe <br/>PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe <br/> <br/> <br/>[color=#E56717]========== Modules (No Company Name) ==========[/color] <br/> <br/>MOD - [2012/11/15 03:23:51 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fb3f7dcfc0e32eb2db9d481ae090714c\System.Xml.ni.dll <br/>MOD - [2012/11/15 03:22:34 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll <br/>MOD - [2012/11/15 03:22:21 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll <br/>MOD - [2012/06/07 22:12:38 | 000,235,008 | ---- | M] () -- C:\Program Files\SDExplorer\sdectxmn32.dll <br/>MOD - [2012/04/06 00:09:12 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll <br/>MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll <br/>MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll <br/> <br/> <br/>[color=#E56717]========== Services (SafeList) ==========[/color] <br/> <br/>SRV - File not found [Auto | Stopped] -- C:\Windows\system32\HPZipm12.dll -- (Pml Driver HPZ12) <br/>SRV - File not found [Auto | Stopped] -- C:\Windows\system32\HPZinw12.dll -- (Net Driver HPZ12) <br/>SRV - File not found [Auto | Stopped] -- C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) <br/>SRV - [2012/12/03 18:34:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) <br/>SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) <br/>SRV - [2012/10/27 20:22:40 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) <br/>SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd) <br/>SRV - [2012/08/31 14:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) <br/>SRV - [2012/08/13 12:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) <br/>SRV - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) <br/>SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) <br/>SRV - [2012/07/12 17:37:34 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint) <br/>SRV - [2012/07/12 17:36:56 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc) <br/>SRV - [2012/04/06 01:15:52 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) <br/>SRV - [2011/12/15 23:44:37 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) <br/>SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) <br/>SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) <br/>SRV - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) <br/>SRV - [2008/10/04 13:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) <br/>SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) <br/>SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters) <br/> <br/> <br/>[color=#E56717]========== Driver Services (SafeList) ==========[/color] <br/> <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\easytthr.sys -- (easytether) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\clwvd.sys -- (clwvd) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\John\AppData\Local\Temp\catchme.sys -- (catchme) <br/>DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) <br/>DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) <br/>DRV - [2012/10/05 03:32:50 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) <br/>DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) <br/>DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) <br/>DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx) <br/>DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) <br/>DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) <br/>DRV - [2012/07/12 17:36:57 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) <br/>DRV - [2012/05/25 11:25:56 | 000,101,688 | ---- | M] (e2eSoft) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VCam_WDM.sys -- (VCam_WDM) <br/>DRV - [2012/04/06 04:21:12 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) <br/>DRV - [2012/04/06 04:21:12 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) <br/>DRV - [2012/04/06 04:21:12 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) <br/>DRV - [2012/04/06 00:10:24 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) <br/>DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) <br/>DRV - [2009/06/05 10:42:28 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) <br/>DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) <br/>DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo) <br/>DRV - [2008/06/12 09:46:40 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vncmirror.sys -- (vncmirror) <br/>DRV - [2007/11/08 21:17:44 | 000,316,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr61.sys -- (rt61x86) <br/>DRV - [2007/04/29 08:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) <br/>DRV - [2006/10/16 10:36:10 | 000,644,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\phc700.sys -- (phc700) <br/> <br/> <br/>[color=#E56717]========== Standard Registry (SafeList) ==========[/color] <br/> <br/> <br/>[color=#E56717]========== Internet Explorer ==========[/color] <br/> <br/>IE - HKLM\..\SearchScopes,DefaultScope = <br/>IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUK <br/> <br/> <br/>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 <br/> <br/>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 <br/> <br/>IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = <br/> <br/>IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = <br/> <br/>IE - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google <br/>IE - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 <br/>IE - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com <br/>IE - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 <br/>IE - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\..\SearchScopes,DefaultScope = <br/>IE - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC <br/>IE - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\..\SearchScopes\{2BD4956F-0D65-41A9-8C75-451E0514F67B}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7DLUK_en <br/>IE - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DLUK_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 <br/>IE - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 <br/>IE - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> <br/> <br/>[color=#E56717]========== FireFox ==========[/color] <br/> <br/>FF - prefs.js..browser.search.selectedEngine: "Claro Search" <br/>FF - prefs.js..browser.startup.homepage: "http://www.claro-search.com/?affID=116677&tt=5012_1&babsrc=HP_ss&mntrId=0adf335c000000000000001cdf55d5d3" <br/>FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 <br/>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 <br/>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 <br/>FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209 <br/>FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 <br/>FF - prefs.js..keyword.URL: "http://www.claro-search.com/?affID=116677&tt=5012_1&babsrc=KW_ss&mntrId=0adf335c000000000000001cdf55d5d3&q=" <br/>FF - prefs.js..network.proxy.socks_version: 0 <br/>FF - user.js - File not found <br/> <br/>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () <br/>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found <br/>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () <br/>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) <br/>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found <br/>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) <br/>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found <br/>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) <br/>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) <br/>FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) <br/>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () <br/>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) <br/>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) <br/>FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) <br/>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) <br/>FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\John\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) <br/> <br/>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/15 10:28:53 | 000,000,000 | ---D | M] <br/>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/18 16:24:54 | 000,000,000 | ---D | M] <br/>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/18 16:24:54 | 000,000,000 | ---D | M] <br/> <br/>[2009/01/06 14:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions <br/>[2012/12/16 11:17:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8v585965.default\extensions <br/>[2010/04/29 07:12:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8v585965.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} <br/>[2011/11/29 16:42:43 | 000,008,283 | ---- | M] () (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8v585965.default\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}.xpi <br/>[2012/12/03 18:37:59 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8v585965.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi <br/>[2012/10/27 20:22:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions <br/>[2012/10/27 20:22:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} <br/>[2012/12/18 07:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions <br/>[2012/12/18 07:43:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} <br/>[2012/12/18 07:44:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} <br/>[2012/04/15 10:28:53 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 <br/>[2012/10/27 20:22:40 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll <br/>[2012/04/26 20:42:16 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml <br/>[2012/08/30 16:47:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml <br/>[2012/04/26 20:42:16 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml <br/>[2012/04/26 20:42:16 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml <br/>[2012/10/20 15:51:47 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml <br/>[2012/04/26 20:42:16 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml <br/> <br/>O1 HOSTS File: ([2012/12/16 11:42:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts <br/>O1 - Hosts: 127.0.0.1 localhost <br/>O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) <br/>O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found <br/>O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) <br/>O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) <br/>O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. <br/>O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. <br/>O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. <br/>O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. <br/>O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) <br/>O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) <br/>O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) <br/>O4 - HKLM..\Run: [HFALoader] C:\Program Files\Hamster Soft\Free ZIP Archiver\HamsterArc.exe (Hamster Soft) <br/>O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) <br/>O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) <br/>O4 - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000..\Run: [Akamai NetSession Interface] C:\Users\John\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) <br/>O4 - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) <br/>O4 - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions (TM)) <br/>O4 - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) <br/>O4 - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000..\Run: [SkyDrive] C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) <br/>O4 - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_110_Plugin.exe (Adobe Systems Incorporated) <br/>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 <br/>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O7 - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O7 - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 <br/>O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) <br/>O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found <br/>O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) <br/>O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) <br/>O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) <br/>O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) <br/>O15 - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\..Trusted Domains: localhost ([]http in Local intranet) <br/>O15 - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\..Trusted Ranges: GD ([http] in Local intranet) <br/>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2) <br/>O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) <br/>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{726FD201-4437-40E8-8B1F-DB99A9D4DB59}: DhcpNameServer = 192.168.1.1 <br/>O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found <br/>O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) <br/>O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) <br/>O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) <br/>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) <br/>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) <br/>O24 - Desktop WallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg <br/>O24 - Desktop BackupWallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg <br/>O32 - HKLM CDRom: AutoRun - 1 <br/>O32 - AutoRun File - [2011/12/15 20:58:16 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] <br/>O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] <br/>O32 - AutoRun File - [2011/12/19 10:22:05 | 000,000,000 | ---D | M] - K:\Autocad -- [ NTFS ] <br/>O32 - AutoRun File - [2011/12/19 14:05:20 | 000,000,000 | ---D | M] - K:\AutoCAD_Architecture_2012_English_Win_32Bit -- [ NTFS ] <br/>O34 - HKLM BootExecute: (autocheck autochk *) <br/>O35 - HKLM\..comfile [open] -- "%1" %* <br/>O35 - HKLM\..exefile [open] -- "%1" %* <br/>O37 - HKLM\...com [@ = comfile] -- "%1" %* <br/>O37 - HKLM\...exe [@ = exefile] -- "%1" %* <br/>O37 - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found <br/>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) <br/>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) <br/> <br/>NetSvcs: FastUserSwitchingCompatibility - File not found <br/>NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) <br/>NetSvcs: Nla - File not found <br/>NetSvcs: Ntmssvc - File not found <br/>NetSvcs: NWCWorkstation - File not found <br/>NetSvcs: Nwsapagent - File not found <br/>NetSvcs: SRService - File not found <br/>NetSvcs: WmdmPmSp - File not found <br/>NetSvcs: LogonHours - File not found <br/>NetSvcs: PCAudit - File not found <br/>NetSvcs: helpsvc - File not found <br/>NetSvcs: uploadmgr - File not found <br/> <br/>ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) <br/>ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - <br/>ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 <br/>ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll <br/>ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack <br/>ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework <br/>ActiveX: {44830460-B286-1F5A-1D01-52EF71148533} - Microsoft Windows Media Player <br/>ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE <br/>ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - <br/>ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx <br/>ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help <br/>ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 <br/>ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools <br/>ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements <br/>ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player <br/>ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access <br/>ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders <br/>ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 <br/>ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework <br/>ActiveX: {844F4FD8-5367-EB0E-22DC-10836306A011} - Microsoft Windows Media Player <br/>ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll <br/>ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings <br/>ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install <br/>ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding <br/>ActiveX: {A84C8EF6-AEDA-F974-E762-65840E76ABD8} - Themes Setup <br/>ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts <br/>ActiveX: {CCE992CC-6FD5-11B3-34DB-8C1D08E409B6} - <br/>ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 <br/>ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error. <br/>ActiveX: {D95753A8-0528-9AD8-AFC2-CBE67D9F568D} - Microsoft Windows Media Player 11.0 <br/>ActiveX: {DD4700E1-BDC1-C9BD-6DC0-8324CDE61678} - Java (Sun) <br/>ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help <br/>ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. <br/>ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface <br/>ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP <br/>ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig <br/>ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP <br/> <br/>MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found <br/>MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin700.exe.lnk - C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe - () <br/>MsConfig - StartUpFolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk - - File not found <br/>MsConfig - StartUpFolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe - (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) <br/>MsConfig - StartUpFolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteTray.lnk - C:\Program Files\Evernote\Evernote\EvernoteTray.exe - (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) <br/>MsConfig - StartUpFolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - - File not found <br/>MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) <br/>MsConfig - StartUpReg: dellsupportcenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) <br/>MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () <br/>MsConfig - StartUpReg: Facebook Update - hkey= - key= - C:\Users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) <br/>MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) <br/>MsConfig - StartUpReg: ISUSPM - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) <br/>MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) <br/>MsConfig - StartUpReg: LogMeIn GUI - hkey= - key= - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) <br/>MsConfig - StartUpReg: MediaRemoteControl - hkey= - key= - C:\Program Files\MediaRemoteConnector\MediaRemoteConnector.exe (Christian Dullweber) <br/>MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) <br/>MsConfig - StartUpReg: phc700 - hkey= - key= - C:\Windows\vphc700.exe (Sonix) <br/>MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) <br/>MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) <br/>MsConfig - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\John\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () <br/>MsConfig - State: "startup" - 2 <br/>MsConfig - State: "services" - 2 <br/> <br/>CREATERESTOREPOINT <br/>Restore point Set: OTL Restore Point <br/> <br/>[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] <br/> <br/>[2012/12/18 19:54:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\John\Documents\OTL.exe <br/>[2012/12/17 18:24:10 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{EBE697CD-250B-481B-B444-82B00F65D274} <br/>[2012/12/16 19:05:16 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\join.me <br/>[2012/12/16 18:57:20 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\AVG2013 <br/>[2012/12/16 12:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes <br/>[2012/12/16 12:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod <br/>[2012/12/16 12:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 <br/>[2012/12/16 12:32:54 | 000,000,000 | ---D | C] -- C:\AVGTemp <br/>[2012/12/16 11:49:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN <br/>[2012/12/16 11:49:46 | 000,000,000 | ---D | C] -- C:\Windows\temp <br/>[2012/12/16 11:49:46 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\temp <br/>[2012/12/16 11:18:44 | 005,010,912 | R--- | C] (Swearware) -- C:\Users\John\Documents\ComboFix.exe <br/>[2012/12/16 10:21:58 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{2A573679-AF27-4F5E-9065-496BB114CBEF} <br/>[2012/12/15 18:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis <br/>[2012/12/15 18:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro <br/>[2012/12/15 18:01:54 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\John\Documents\HJTInstall.exe <br/>[2012/12/15 17:45:12 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\John\Documents\dds.com <br/>[2012/12/15 17:41:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{E5237BDA-8757-4871-8442-A8B6D11F7831} <br/>[2012/12/11 18:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hamster Soft <br/>[2012/12/11 18:54:24 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\HamsterSoft <br/>[2012/12/11 18:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hamster Soft <br/>[2012/12/11 18:53:43 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect <br/>[2012/12/11 18:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect <br/>[2012/12/11 18:33:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{7B304D62-770F-433A-B17C-F6342C6D08F0} <br/>[2012/12/08 17:07:45 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\SystemUpdate_16202_USB <br/>[2012/12/03 18:33:10 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{A2AD8728-AEA6-432F-BC2F-4E34287B27A1} <br/>[2012/11/20 22:18:23 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{CD44907A-6393-4A89-94C9-59C94EE68204} <br/>[2012/11/19 18:09:16 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{021540BE-895D-412F-BF7A-2BF50E79192C} <br/> <br/>[color=#E56717]========== Files - Modified Within 30 Days ==========[/color] <br/> <br/>[2012/12/18 19:54:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Documents\OTL.exe <br/>[2012/12/18 19:45:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job <br/>[2012/12/18 19:44:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job <br/>[2012/12/18 19:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job <br/>[2012/12/18 18:15:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 <br/>[2012/12/18 18:15:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 <br/>[2012/12/18 17:28:01 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000UA.job <br/>[2012/12/17 23:28:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000Core.job <br/>[2012/12/17 18:15:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat <br/>[2012/12/17 18:08:29 | 000,211,930 | ---- | M] () -- C:\Users\John\Desktop\AVG Log.jpg <br/>[2012/12/16 18:53:22 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk <br/>[2012/12/16 17:24:52 | 000,021,235 | ---- | M] () -- C:\Users\John\Desktop\Sag.jpg <br/>[2012/12/16 13:31:30 | 000,000,933 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk <br/>[2012/12/16 13:31:23 | 000,648,030 | ---- | M] () -- C:\Windows\System32\perfh009.dat <br/>[2012/12/16 13:31:23 | 000,124,030 | ---- | M] () -- C:\Windows\System32\perfc009.dat <br/>[2012/12/16 12:48:45 | 000,001,659 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk <br/>[2012/12/16 12:32:43 | 000,392,736 | ---- | M] () -- C:\Users\John\Documents\reset_access_avg2012_en.exe <br/>[2012/12/16 12:27:11 | 118,449,256 | ---- | M] () -- C:\Users\John\Documents\BASTILLE_-_OTHER_PEOPLE'S_HEARTACHE_PT_2.zip <br/>[2012/12/16 11:42:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts <br/>[2012/12/16 11:18:57 | 005,010,912 | R--- | M] (Swearware) -- C:\Users\John\Documents\ComboFix.exe <br/>[2012/12/16 10:41:09 | 000,545,819 | ---- | M] () -- C:\Users\John\Documents\adwcleaner.exe <br/>[2012/12/16 10:29:05 | 000,137,034 | ---- | M] () -- C:\Users\John\Desktop\Antivirus Log.jpg <br/>[2012/12/16 10:27:31 | 003,210,281 | ---- | M] () -- C:\Users\John\Desktop\AVGInstLog.cab <br/>[2012/12/15 18:09:05 | 000,020,050 | ---- | M] () -- C:\Users\John\Documents\Virus Log.csv <br/>[2012/12/15 18:04:17 | 000,001,869 | ---- | M] () -- C:\Users\John\Desktop\HijackThis.lnk <br/>[2012/12/15 18:02:14 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\John\Documents\HJTInstall.exe <br/>[2012/12/15 17:46:21 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\John\Documents\dds.com <br/>[2012/12/13 03:29:43 | 000,430,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT <br/>[2012/12/13 03:24:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf <br/>[2012/12/11 18:54:33 | 000,000,035 | ---- | M] () -- C:\Users\John\AppData\Local\installLang.ini <br/>[2012/12/11 18:54:27 | 000,001,941 | ---- | M] () -- C:\Users\John\Desktop\Hamster Lite Archiver.lnk <br/>[2012/12/11 18:52:37 | 000,614,264 | ---- | M] () -- C:\Users\John\Documents\cbsidlm-tr1_8-Hamster_Free_Zip_Archiver-ORG2-75335474(1).exe <br/>[2012/12/11 18:50:43 | 000,614,264 | ---- | M] () -- C:\Users\John\Documents\cbsidlm-tr1_8-Hamster_Free_Zip_Archiver-ORG2-75335474.exe <br/>[2012/12/08 17:02:17 | 113,030,954 | ---- | M] () -- C:\Users\John\Desktop\SystemUpdate_16202_USB.zip <br/>[2012/12/05 21:30:51 | 1951,052,032 | ---- | M] () -- C:\Users\John\Documents\AutoCAD_Architecture_2013_English_Win_32Bit.exe <br/> <br/>[color=#E56717]========== Files Created - No Company Name ==========[/color] <br/> <br/>[2012/12/17 18:08:28 | 000,211,930 | ---- | C] () -- C:\Users\John\Desktop\AVG Log.jpg <br/>[2012/12/16 19:05:21 | 000,000,895 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk <br/>[2012/12/16 18:53:22 | 000,000,837 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk <br/>[2012/12/16 17:24:51 | 000,021,235 | ---- | C] () -- C:\Users\John\Desktop\Sag.jpg <br/>[2012/12/16 12:48:45 | 000,001,659 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk <br/>[2012/12/16 12:32:41 | 000,392,736 | ---- | C] () -- C:\Users\John\Documents\reset_access_avg2012_en.exe <br/>[2012/12/16 11:23:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe <br/>[2012/12/16 11:23:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe <br/>[2012/12/16 10:40:59 | 000,545,819 | ---- | C] () -- C:\Users\John\Documents\adwcleaner.exe <br/>[2012/12/16 10:29:04 | 000,137,034 | ---- | C] () -- C:\Users\John\Desktop\Antivirus Log.jpg <br/>[2012/12/16 10:27:31 | 003,210,281 | ---- | C] () -- C:\Users\John\Desktop\AVGInstLog.cab <br/>[2012/12/15 18:09:04 | 000,020,050 | ---- | C] () -- C:\Users\John\Documents\Virus Log.csv <br/>[2012/12/15 18:04:16 | 000,001,869 | ---- | C] () -- C:\Users\John\Desktop\HijackThis.lnk <br/>[2012/12/13 03:24:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf <br/>[2012/12/13 03:01:46 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf <br/>[2012/12/13 03:01:46 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf <br/>[2012/12/11 18:54:27 | 000,001,941 | ---- | C] () -- C:\Users\John\Desktop\Hamster Lite Archiver.lnk <br/>[2012/12/11 18:54:26 | 000,000,035 | ---- | C] () -- C:\Users\John\AppData\Local\installLang.ini <br/>[2012/12/11 18:52:37 | 000,614,264 | ---- | C] () -- C:\Users\John\Documents\cbsidlm-tr1_8-Hamster_Free_Zip_Archiver-ORG2-75335474(1).exe <br/>[2012/12/11 18:50:43 | 000,614,264 | ---- | C] () -- C:\Users\John\Documents\cbsidlm-tr1_8-Hamster_Free_Zip_Archiver-ORG2-75335474.exe <br/>[2012/12/10 20:37:22 | 118,449,256 | ---- | C] () -- C:\Users\John\Documents\BASTILLE_-_OTHER_PEOPLE'S_HEARTACHE_PT_2.zip <br/>[2012/12/08 17:01:20 | 113,030,954 | ---- | C] () -- C:\Users\John\Desktop\SystemUpdate_16202_USB.zip <br/>[2012/12/05 21:08:36 | 1951,052,032 | ---- | C] () -- C:\Users\John\Documents\AutoCAD_Architecture_2013_English_Win_32Bit.exe <br/>[2012/09/18 21:47:26 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\LAGARITH.DLL <br/>[2012/04/14 17:23:49 | 000,007,268 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat <br/>[2012/01/10 20:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat <br/>[2011/12/15 23:48:06 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc <br/>[2011/09/12 22:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat <br/>[2010/01/24 14:11:26 | 000,038,435 | ---- | C] () -- C:\Users\John\AppData\Roaming\Comma Separated Values (Windows).ADR <br/>[2009/10/18 12:08:43 | 000,024,206 | ---- | C] () -- C:\Users\John\AppData\Roaming\UserTile.png <br/>[2009/09/14 20:07:14 | 000,038,424 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft Excel.ADR <br/>[2009/05/14 07:09:44 | 000,000,360 | ---- | C] () -- C:\Users\John\Music.lnk <br/>[2009/01/07 10:01:55 | 000,000,124 | ---- | C] () -- C:\Users\John\AppData\Roaming\wklnhst.dat <br/>[2009/01/06 11:35:08 | 000,145,920 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini <br/> <br/>[color=#E56717]========== ZeroAccess Check ==========[/color] <br/> <br/>[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini <br/> <br/>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] <br/> <br/>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] <br/>"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Apartment <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] <br/>"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Free <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] <br/>"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Both <br/> <br/>[color=#E56717]========== LOP Check ==========[/color] <br/> <br/>[2011/12/21 13:31:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Autodesk <br/>[2012/12/16 18:57:20 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG2013 <br/>[2012/03/31 17:52:20 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Azureus <br/>[2011/03/29 19:10:14 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Broderbund <br/>[2010/12/14 22:24:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Camfrog <br/>[2012/02/04 17:56:01 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Copyright © 2011-2012 RealNetworks <br/>[2012/12/11 18:54:28 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\HamsterSoft <br/>[2010/07/25 14:23:20 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech <br/>[2012/05/19 10:32:14 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\MediaRemoteControl <br/>[2011/01/03 11:32:16 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\MusicBrainz <br/>[2010/06/07 18:54:49 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Nokia <br/>[2010/01/27 17:25:42 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Nokia Ovi Suite <br/>[2012/01/07 14:33:21 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\OpenOffice.org <br/>[2010/01/24 10:23:17 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PC Suite <br/>[2010/11/23 18:25:34 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PCDr <br/>[2009/10/18 12:08:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PeerNetworking <br/>[2011/07/28 19:29:09 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Research In Motion <br/>[2012/02/04 17:23:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\rinsebyreal <br/>[2012/10/02 19:34:58 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Spotify <br/>[2010/07/04 20:54:40 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\T-Mobile <br/>[2010/07/24 16:25:20 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\T-Mobile Internet Manager <br/>[2009/01/07 10:01:55 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Template <br/>[2010/10/11 19:23:03 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TSO <br/>[2012/06/05 17:14:55 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TuneUp Software <br/>[2012/02/04 18:07:58 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TuneUpMedia <br/>[2012/12/16 10:19:13 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent <br/>[2011/07/10 21:10:12 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\WindSolutions <br/> <br/>[color=#E56717]========== Purity Check ==========[/color] <br/> <br/> <br/> <br/>[color=#E56717]========== Custom Scans ==========[/color] <br/> <br/>[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color] <br/>[2009/11/13 12:13:59 | 000,000,000 | -H-D | M] -- C:\$AVG <br/>[2012/12/16 11:49:54 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN <br/>[2011/12/15 20:58:16 | 000,000,000 | ---D | M] -- C:\Autodesk <br/>[2012/12/16 12:32:54 | 000,000,000 | ---D | M] -- C:\AVGTemp <br/>[2009/10/24 10:02:22 | 000,000,000 | ---D | M] -- C:\Boot <br/>[2012/12/17 17:45:18 | 000,000,000 | ---D | M] -- C:\Config.Msi <br/>[2010/01/21 08:43:38 | 000,000,000 | ---D | M] -- C:\DELL <br/>[2009/01/04 19:39:04 | 000,000,000 | ---D | M] -- C:\doctemp <br/>[2009/01/06 11:20:28 | 000,000,000 | -HSD | M] -- C:\Documents and Settings <br/>[2007/10/24 23:49:30 | 000,000,000 | ---D | M] -- C:\Drivers <br/>[2009/01/07 14:20:19 | 000,000,000 | R--D | M] -- C:\MSOCache <br/>[2008/01/21 02:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs <br/>[2012/12/16 12:47:54 | 000,000,000 | ---D | M] -- C:\Program Files <br/>[2012/12/16 12:47:51 | 000,000,000 | ---D | M] -- C:\ProgramData <br/>[2012/12/16 11:49:47 | 000,000,000 | ---D | M] -- C:\Qoobox <br/>[2012/10/18 08:06:47 | 000,000,000 | -H-D | M] -- C:\SkyDriveTemp <br/>[2012/12/18 19:57:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information <br/>[2009/01/06 11:21:04 | 000,000,000 | R--D | M] -- C:\Users <br/>[2012/12/17 23:37:34 | 000,000,000 | ---D | M] -- C:\Windows <br/> <br/>[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color] <br/> <br/>[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color] <br/> <br/>[color=#A23BEC]< %windir%\Installer\*.* >[/color] <br/>[2010/01/24 10:16:16 | 000,215,552 | ---- | M] () -- C:\Windows\Installer\1030e5.msi <br/>[2010/01/24 10:28:38 | 000,078,336 | ---- | M] () -- C:\Windows\Installer\1031dc.msi <br/>[2012/07/28 01:47:34 | 013,123,584 | R--- | M] () -- C:\Windows\Installer\1060afc.msp <br/>[2011/11/21 23:07:36 | 017,191,936 | R--- | M] () -- C:\Windows\Installer\10bf3a19.msp <br/>[2010/10/21 20:08:12 | 000,071,680 | ---- | M] () -- C:\Windows\Installer\11066bed.msi <br/>[2010/10/21 20:08:15 | 000,022,016 | ---- | M] () -- C:\Windows\Installer\11066bfc.msi <br/>[2010/10/21 20:08:18 | 000,191,488 | ---- | M] () -- C:\Windows\Installer\11066c00.msi <br/>[2010/10/21 20:08:19 | 000,022,528 | ---- | M] () -- C:\Windows\Installer\11066c04.msi <br/>[2010/04/21 16:46:50 | 005,522,432 | R--- | M] () -- C:\Windows\Installer\110e612.msp <br/>[2009/10/16 17:07:18 | 006,115,328 | R--- | M] () -- C:\Windows\Installer\110e626.msp <br/>[2009/01/07 14:23:54 | 004,716,032 | ---- | M] () -- C:\Windows\Installer\111112c.msi <br/>[2009/01/07 14:31:34 | 000,051,712 | ---- | M] () -- C:\Windows\Installer\1111133.msi <br/>[2008/10/05 04:12:22 | 004,784,128 | R--- | M] () -- C:\Windows\Installer\111113a.msp <br/>[2012/04/15 10:27:39 | 000,178,688 | ---- | M] () -- C:\Windows\Installer\112230d6.msi <br/>[2011/06/28 20:27:28 | 004,028,928 | R--- | M] () -- C:\Windows\Installer\1166d31.msp <br/>[2011/01/17 16:06:20 | 005,518,848 | R--- | M] () -- C:\Windows\Installer\12a73122.msp <br/>[2012/09/28 19:04:59 | 000,160,768 | ---- | M] () -- C:\Windows\Installer\130807ba.msi <br/>[2012/07/16 19:36:04 | 000,923,136 | ---- | M] () -- C:\Windows\Installer\13b568.msi <br/>[2009/04/24 11:38:18 | 001,229,312 | R--- | M] () -- C:\Windows\Installer\14bdd42.msp <br/>[2009/04/24 11:31:18 | 001,425,920 | R--- | M] () -- C:\Windows\Installer\14bdd4e.msp <br/>[2009/05/01 14:49:44 | 004,328,960 | R--- | M] () -- C:\Windows\Installer\14bdd6b.msp <br/>[2012/03/05 21:34:06 | 005,519,872 | R--- | M] () -- C:\Windows\Installer\14db0ad9.msp <br/>[2011/06/29 19:58:44 | 000,019,968 | ---- | M] () -- C:\Windows\Installer\14dca5d3.msi <br/>[2009/01/15 03:35:20 | 004,830,720 | R--- | M] () -- C:\Windows\Installer\14eb30.msp <br/>[2011/04/28 20:20:13 | 000,242,688 | ---- | M] () -- C:\Windows\Installer\158bd0a0.msi <br/>[2011/12/26 05:06:20 | 005,115,392 | R--- | M] () -- C:\Windows\Installer\1628a33.msp <br/>[2011/12/25 05:40:46 | 000,819,200 | R--- | M] () -- C:\Windows\Installer\1628a46.msp <br/>[2011/12/06 15:22:40 | 005,519,360 | R--- | M] () -- C:\Windows\Installer\1628a5a.msp <br/>[2011/09/05 18:09:17 | 000,361,984 | ---- | M] () -- C:\Windows\Installer\1632ca.msi <br/>[2010/08/24 08:49:22 | 006,825,472 | R--- | M] () -- C:\Windows\Installer\163f30f.msp <br/>[2010/10/04 15:32:10 | 005,517,824 | R--- | M] () -- C:\Windows\Installer\163f324.msp <br/>[2010/08/23 16:09:02 | 007,673,344 | R--- | M] () -- C:\Windows\Installer\163f339.msp <br/>[2010/08/13 17:02:20 | 002,545,664 | R--- | M] () -- C:\Windows\Installer\163f344.msp <br/>[2010/08/13 16:59:46 | 008,182,272 | R--- | M] () -- C:\Windows\Installer\163f34f.msp <br/>[2011/04/29 11:30:12 | 001,197,056 | R--- | M] () -- C:\Windows\Installer\1726eee3.msp <br/>[2011/04/29 12:04:54 | 005,053,440 | R--- | M] () -- C:\Windows\Installer\1726ef01.msp <br/>[2011/04/27 10:14:04 | 005,520,384 | R--- | M] () -- C:\Windows\Installer\1726ef16.msp <br/>[2010/05/03 15:06:36 | 005,053,952 | R--- | M] () -- C:\Windows\Installer\1948e45.msp <br/>[2010/04/24 16:10:46 | 008,486,400 | R--- | M] () -- C:\Windows\Installer\1948e4f.msp <br/>[2012/04/09 17:50:02 | 000,023,040 | ---- | M] () -- C:\Windows\Installer\19738e.msi <br/>[2012/04/09 17:48:11 | 004,426,240 | R--- | M] () -- C:\Windows\Installer\19739d.msp <br/>[2012/04/09 17:50:46 | 000,030,720 | ---- | M] () -- C:\Windows\Installer\1973a2.msi <br/>[2012/04/09 17:48:17 | 002,932,224 | R--- | M] () -- C:\Windows\Installer\1973b6.msp <br/>[2012/04/09 17:50:59 | 000,238,080 | ---- | M] () -- C:\Windows\Installer\1973bb.msi <br/>[2012/04/09 17:48:22 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\1973c0.msp <br/>[2012/04/09 17:51:06 | 000,212,992 | ---- | M] () -- C:\Windows\Installer\1973c5.msi <br/>[2012/04/09 17:48:38 | 001,139,712 | R--- | M] () -- C:\Windows\Installer\1973d1.msp <br/>[2012/04/09 17:51:15 | 000,058,880 | ---- | M] () -- C:\Windows\Installer\1973d6.msi <br/>[2012/04/09 17:48:45 | 000,715,264 | R--- | M] () -- C:\Windows\Installer\1973de.msp <br/>[2012/04/09 17:51:23 | 000,200,192 | ---- | M] () -- C:\Windows\Installer\1973e6.msi <br/>[2012/04/09 17:49:15 | 003,312,128 | R--- | M] () -- C:\Windows\Installer\197402.msp <br/>[2012/04/09 17:51:33 | 000,417,792 | ---- | M] () -- C:\Windows\Installer\197409.msi <br/>[2012/04/09 17:49:19 | 005,535,744 | R--- | M] () -- C:\Windows\Installer\19741d.msp <br/>[2012/04/09 17:52:03 | 000,022,016 | ---- | M] () -- C:\Windows\Installer\197423.msi <br/>[2012/04/09 17:49:21 | 000,029,184 | R--- | M] () -- C:\Windows\Installer\197429.msp <br/>[2012/04/09 17:52:12 | 000,029,184 | ---- | M] () -- C:\Windows\Installer\19742e.msi <br/>[2012/04/09 17:49:26 | 000,625,664 | R--- | M] () -- C:\Windows\Installer\197437.msp <br/>[2012/04/09 17:52:23 | 000,022,528 | ---- | M] () -- C:\Windows\Installer\19743c.msi <br/>[2012/04/09 17:49:28 | 000,468,480 | R--- | M] () -- C:\Windows\Installer\197446.msp <br/>[2012/04/09 17:52:28 | 000,023,552 | ---- | M] () -- C:\Windows\Installer\19744c.msi <br/>[2012/04/09 17:49:42 | 005,124,096 | R--- | M] () -- C:\Windows\Installer\197456.msp <br/>[2011/02/18 03:00:29 | 020,308,992 | R--- | M] () -- C:\Windows\Installer\19dd694.msp <br/>[2012/12/16 18:53:32 | 006,104,064 | ---- | M] () -- C:\Windows\Installer\19ff66d.msi <br/>[2010/05/10 16:17:22 | 005,520,896 | R--- | M] () -- C:\Windows\Installer\1a2a31c.msp <br/>[2010/05/04 21:25:30 | 007,681,024 | R--- | M] () -- C:\Windows\Installer\1a2a330.msp <br/>[2010/04/24 16:09:46 | 011,750,912 | R--- | M] () -- C:\Windows\Installer\1a2a33a.msp <br/>[2010/05/03 15:27:52 | 006,825,472 | R--- | M] () -- C:\Windows\Installer\1a2a363.msp <br/>[2010/05/11 10:30:58 | 011,194,880 | R--- | M] () -- C:\Windows\Installer\1a2a377.msp <br/>[2011/11/11 16:16:20 | 008,458,240 | R--- | M] () -- C:\Windows\Installer\1a9b932.msp <br/>[2011/11/17 10:55:20 | 005,522,944 | R--- | M] () -- C:\Windows\Installer\1a9b947.msp <br/>[2011/11/01 13:34:30 | 002,531,840 | R--- | M] () -- C:\Windows\Installer\1a9b952.msp <br/>[2011/10/29 23:10:18 | 006,824,960 | R--- | M] () -- C:\Windows\Installer\1a9b97e.msp <br/>[2011/11/01 13:34:28 | 002,247,168 | R--- | M] () -- C:\Windows\Installer\1a9b989.msp <br/>[2011/11/01 13:34:30 | 001,552,384 | R--- | M] () -- C:\Windows\Installer\1a9b994.msp <br/>[2011/07/26 12:50:18 | 005,522,432 | R--- | M] () -- C:\Windows\Installer\1aa8945.msp <br/>[2011/04/28 09:54:26 | 002,720,768 | R--- | M] () -- C:\Windows\Installer\1aa8952.msp <br/>[2011/11/03 13:31:36 | 005,525,504 | R--- | M] () -- C:\Windows\Installer\1acbe742.msp <br/>[2009/01/07 17:20:24 | 000,432,640 | ---- | M] () -- C:\Windows\Installer\1b407ec.msi <br/>[2007/07/27 09:03:06 | 119,977,472 | R--- | M] () -- C:\Windows\Installer\1b4092e.msp <br/>[2008/11/05 14:25:16 | 005,518,336 | R--- | M] () -- C:\Windows\Installer\1b40943.msp <br/>[2005/10/26 14:59:54 | 002,883,072 | R--- | M] () -- C:\Windows\Installer\1b40957.msp <br/>[2011/08/14 17:03:44 | 001,942,016 | ---- | M] () -- C:\Windows\Installer\1b6ef55.msi <br/>[2012/03/28 17:10:04 | 012,098,048 | R--- | M] () -- C:\Windows\Installer\1bed69b.msp <br/>[2012/03/22 12:09:58 | 005,521,920 | R--- | M] () -- C:\Windows\Installer\1bed6af.msp <br/>[2012/01/22 09:09:26 | 001,700,352 | R--- | M] () -- C:\Windows\Installer\1bed6b8.msp <br/>[2011/11/01 12:34:26 | 001,169,920 | R--- | M] () -- C:\Windows\Installer\1bed6c6.msp <br/>[2012/03/23 13:59:02 | 007,899,648 | R--- | M] () -- C:\Windows\Installer\1bed6d4.msp <br/>[2009/02/11 15:02:00 | 005,519,872 | R--- | M] () -- C:\Windows\Installer\1c563d.msp <br/>[2010/08/25 16:06:30 | 006,479,360 | R--- | M] () -- C:\Windows\Installer\1d3b528.msp <br/>[2010/08/20 12:50:16 | 005,518,848 | R--- | M] () -- C:\Windows\Installer\1d3b53d.msp <br/>[2010/08/04 14:13:04 | 000,686,080 | R--- | M] () -- C:\Windows\Installer\1d3b54d.msp <br/>[2010/08/05 09:57:58 | 004,066,304 | R--- | M] () -- C:\Windows\Installer\1d3b571.msp <br/>[2011/12/19 19:25:38 | 018,071,552 | R--- | M] () -- C:\Windows\Installer\1e6a60.msp <br/>[2011/01/06 03:00:37 | 020,304,384 | R--- | M] () -- C:\Windows\Installer\1f59ee3.msp <br/>[2010/10/22 13:25:02 | 005,521,408 | R--- | M] () -- C:\Windows\Installer\1f8004b.msp <br/>[2010/10/01 17:42:36 | 005,054,464 | R--- | M] () -- C:\Windows\Installer\1f80060.msp <br/>[2010/10/07 18:43:04 | 001,980,416 | R--- | M] () -- C:\Windows\Installer\1f8006b.msp <br/>[2010/10/14 16:57:14 | 011,189,248 | R--- | M] () -- C:\Windows\Installer\1f80080.msp <br/>[2010/09/17 06:04:16 | 009,401,856 | R--- | M] () -- C:\Windows\Installer\1f8008b.msp <br/>[2012/02/04 17:23:33 | 000,028,160 | ---- | M] () -- C:\Windows\Installer\1fe685f2.msi <br/>[2009/04/04 06:35:30 | 038,325,760 | R--- | M] () -- C:\Windows\Installer\20f3c0.msp <br/>[2009/04/04 06:35:48 | 036,977,152 | R--- | M] () -- C:\Windows\Installer\20f3cc.msp <br/>[2010/05/27 22:05:27 | 000,195,584 | ---- | M] () -- C:\Windows\Installer\21f8d23.msi <br/>[2010/06/26 01:02:34 | 001,160,192 | ---- | M] () -- C:\Windows\Installer\234d653.msi <br/>[2009/11/29 16:16:41 | 000,429,568 | ---- | M] () -- C:\Windows\Installer\27850d.msi <br/>[2010/07/10 19:14:14 | 002,850,816 | R--- | M] () -- C:\Windows\Installer\2916212.msp <br/>[2010/07/26 16:02:46 | 005,519,360 | R--- | M] () -- C:\Windows\Installer\2916226.msp <br/>[2010/06/28 21:53:16 | 006,819,840 | R--- | M] () -- C:\Windows\Installer\291623a.msp <br/>[2010/06/28 15:01:18 | 007,677,952 | R--- | M] () -- C:\Windows\Installer\291624e.msp <br/>[2012/06/29 13:33:46 | 006,063,616 | R--- | M] () -- C:\Windows\Installer\297096af.msp <br/>[2012/06/19 11:54:40 | 002,239,488 | R--- | M] () -- C:\Windows\Installer\297096bd.msp <br/>[2011/10/13 15:02:49 | 002,002,432 | ---- | M] () -- C:\Windows\Installer\2a0e3b1.msi <br/>[2010/05/24 18:45:21 | 002,397,184 | ---- | M] () -- C:\Windows\Installer\2a51123.msi <br/>[2010/05/24 18:45:31 | 000,501,248 | ---- | M] () -- C:\Windows\Installer\2a5112a.msi <br/>[2010/05/24 18:45:38 | 001,664,000 | ---- | M] () -- C:\Windows\Installer\2a51131.msi <br/>[2010/05/24 18:45:48 | 000,513,024 | ---- | M] () -- C:\Windows\Installer\2a5113e.msi <br/>[2010/05/24 18:45:57 | 000,516,608 | ---- | M] () -- C:\Windows\Installer\2a5114d.msi <br/>[2010/05/24 18:46:10 | 000,506,880 | ---- | M] () -- C:\Windows\Installer\2a51156.msi <br/>[2010/05/24 18:46:16 | 000,501,248 | ---- | M] () -- C:\Windows\Installer\2a5115d.msi <br/>[2010/05/24 18:47:26 | 005,594,112 | ---- | M] () -- C:\Windows\Installer\2a5116d.msi <br/>[2011/12/15 21:10:03 | 000,492,544 | ---- | M] () -- C:\Windows\Installer\2a8edd.msi <br/>[2011/12/15 21:23:54 | 004,535,808 | ---- | M] () -- C:\Windows\Installer\2a8f31.msi <br/>[2012/08/14 21:06:57 | 002,557,440 | ---- | M] () -- C:\Windows\Installer\2be4c5.msi <br/>[2009/03/17 21:18:42 | 000,301,056 | ---- | M] () -- C:\Windows\Installer\2f035b7.msi <br/>[2008/11/05 11:02:28 | 000,119,296 | R--- | M] () -- C:\Windows\Installer\2fdd534b.msp <br/>[2009/02/11 09:57:32 | 000,648,192 | ---- | M] () -- C:\Windows\Installer\31060ab.msi <br/>[2008/12/13 09:58:22 | 000,754,688 | R--- | M] () -- C:\Windows\Installer\31060b7.msp <br/>[2009/01/14 15:43:58 | 005,520,384 | R--- | M] () -- C:\Windows\Installer\31060e1.msp <br/>[2011/09/20 14:36:20 | 005,521,408 | R--- | M] () -- C:\Windows\Installer\317b7cd.msp <br/>[2011/07/11 16:19:28 | 010,619,904 | R--- | M] () -- C:\Windows\Installer\317b7db.msp <br/>[2011/10/13 17:35:03 | 020,333,568 | R--- | M] () -- C:\Windows\Installer\317b7e7.msp <br/>[2010/03/11 11:03:40 | 005,524,480 | R--- | M] () -- C:\Windows\Installer\31e190e.msp <br/>[2010/03/22 15:03:14 | 011,732,992 | R--- | M] () -- C:\Windows\Installer\31e1918.msp <br/>[2009/01/08 09:46:36 | 000,836,096 | ---- | M] () -- C:\Windows\Installer\334787d.msi <br/>[2009/04/14 03:50:22 | 005,191,680 | R--- | M] () -- C:\Windows\Installer\337ecf5.msp <br/>[2009/04/14 03:19:26 | 010,844,160 | R--- | M] () -- C:\Windows\Installer\337ecff.msp <br/>[2009/04/04 16:09:34 | 015,190,016 | R--- | M] () -- C:\Windows\Installer\337ed1d.msp <br/>[2009/04/04 16:09:44 | 009,084,416 | R--- | M] () -- C:\Windows\Installer\337ed2d.msp <br/>[2009/04/04 16:06:22 | 079,920,128 | R--- | M] () -- C:\Windows\Installer\337edba.msp <br/>[2009/04/04 16:10:08 | 009,926,144 | R--- | M] () -- C:\Windows\Installer\337edc6.msp <br/>[2009/04/04 16:10:16 | 007,888,384 | R--- | M] () -- C:\Windows\Installer\337edd1.msp <br/>[2009/04/04 16:10:24 | 001,282,560 | R--- | M] () -- C:\Windows\Installer\337edda.msp <br/>[2009/02/25 18:08:18 | 008,311,808 | R--- | M] () -- C:\Windows\Installer\337ede8.msp <br/>[2009/04/14 03:51:24 | 001,303,040 | R--- | M] () -- C:\Windows\Installer\337edf2.msp <br/>[2012/04/04 13:32:41 | 016,613,376 | R--- | M] () -- C:\Windows\Installer\347ab11.msp <br/>[2012/05/09 17:57:26 | 020,343,808 | R--- | M] () -- C:\Windows\Installer\348e94.msp <br/>[2011/07/27 06:39:50 | 009,892,352 | R--- | M] () -- C:\Windows\Installer\34fffeb.msp <br/>[2011/09/06 20:48:02 | 008,181,248 | R--- | M] () -- C:\Windows\Installer\350000d.msp <br/>[2011/07/21 11:34:34 | 003,456,000 | R--- | M] () -- C:\Windows\Installer\350001b.msp <br/>[2011/08/10 16:42:04 | 007,070,208 | R--- | M] () -- C:\Windows\Installer\3500025.msp <br/>[2011/08/16 11:35:02 | 005,519,872 | R--- | M] () -- C:\Windows\Installer\3500048.msp <br/>[2011/07/26 07:17:10 | 006,824,960 | R--- | M] () -- C:\Windows\Installer\350005d.msp <br/>[2011/07/26 15:33:48 | 010,984,448 | R--- | M] () -- C:\Windows\Installer\3500072.msp <br/>[2011/08/10 16:43:30 | 003,795,968 | R--- | M] () -- C:\Windows\Installer\350007d.msp <br/>[2010/02/21 01:00:02 | 008,480,768 | R--- | M] () -- C:\Windows\Installer\368747d.msp <br/>[2010/01/27 17:53:46 | 006,820,864 | R--- | M] () -- C:\Windows\Installer\3687491.msp <br/>[2010/02/04 18:11:54 | 005,526,528 | R--- | M] () -- C:\Windows\Installer\36874a5.msp <br/>[2009/11/20 23:46:06 | 011,524,608 | R--- | M] () -- C:\Windows\Installer\36874af.msp <br/>[2011/08/06 11:02:06 | 000,953,344 | ---- | M] () -- C:\Windows\Installer\369f10cb.msi <br/>[2011/04/07 02:43:30 | 123,313,664 | R--- | M] () -- C:\Windows\Installer\36da56c.msp <br/>[2011/05/18 21:55:38 | 019,624,448 | R--- | M] () -- C:\Windows\Installer\36da584.msp <br/>[2009/10/22 12:28:50 | 005,521,408 | R--- | M] () -- C:\Windows\Installer\37f95d.msp <br/>[2009/10/06 18:40:46 | 007,681,024 | R--- | M] () -- C:\Windows\Installer\37f970.msp <br/>[2009/08/18 12:58:56 | 008,301,056 | R--- | M] () -- C:\Windows\Installer\37f979.msp <br/>[2009/10/22 12:46:32 | 006,821,888 | R--- | M] () -- C:\Windows\Installer\37f98c.msp <br/>[2007/11/08 11:42:36 | 004,158,464 | R--- | M] () -- C:\Windows\Installer\38915fc.msp <br/>[2008/06/11 14:02:44 | 000,830,464 | R--- | M] () -- C:\Windows\Installer\389160f.msp <br/>[2008/07/08 11:27:36 | 008,436,736 | R--- | M] () -- C:\Windows\Installer\3891623.msp <br/>[2008/01/14 15:24:52 | 010,721,280 | R--- | M] () -- C:\Windows\Installer\3891636.msp <br/>[2008/10/25 09:15:10 | 006,227,456 | R--- | M] () -- C:\Windows\Installer\3891649.msp <br/>[2008/01/14 16:53:34 | 005,213,696 | R--- | M] () -- C:\Windows\Installer\389165c.msp <br/>[2008/01/31 10:30:52 | 009,947,648 | R--- | M] () -- C:\Windows\Installer\3891677.msp <br/>[2008/06/04 13:29:48 | 016,905,728 | R--- | M] () -- C:\Windows\Installer\389168b.msp <br/>[2008/10/22 22:48:56 | 007,672,832 | R--- | M] () -- C:\Windows\Installer\389169f.msp <br/>[2008/07/30 08:50:56 | 012,506,112 | R--- | M] () -- C:\Windows\Installer\38916b3.msp <br/>[2008/10/22 22:43:52 | 006,820,352 | R--- | M] () -- C:\Windows\Installer\38916c7.msp <br/>[2008/06/11 15:05:06 | 009,994,240 | R--- | M] () -- C:\Windows\Installer\38916df.msp <br/>[2011/09/05 22:01:26 | 013,135,872 | R--- | M] () -- C:\Windows\Installer\3a6940c.msp <br/>[2009/01/04 12:13:28 | 003,454,464 | ---- | M] () -- C:\Windows\Installer\3b651.msi <br/>[2009/01/04 12:14:57 | 000,261,632 | ---- | M] () -- C:\Windows\Installer\3b657.msi <br/>[2009/01/04 12:15:00 | 000,176,640 | ---- | M] () -- C:\Windows\Installer\3b65d.msi <br/>[2009/01/04 12:15:06 | 000,278,016 | ---- | M] () -- C:\Windows\Installer\3b663.msi <br/>[2009/01/04 12:15:09 | 000,174,592 | ---- | M] () -- C:\Windows\Installer\3b669.msi <br/>[2009/01/04 12:15:11 | 000,252,928 | ---- | M] () -- C:\Windows\Installer\3b66f.msi <br/>[2009/01/04 12:15:14 | 000,252,416 | ---- | M] () -- C:\Windows\Installer\3b675.msi <br/>[2009/01/04 12:15:16 | 000,205,312 | ---- | M] () -- C:\Windows\Installer\3b67b.msi <br/>[2009/01/04 12:15:17 | 000,259,584 | ---- | M] () -- C:\Windows\Installer\3b681.msi <br/>[2009/01/04 12:15:19 | 000,259,584 | ---- | M] () -- C:\Windows\Installer\3b687.msi <br/>[2009/01/04 12:15:21 | 000,182,784 | ---- | M] () -- C:\Windows\Installer\3b68d.msi <br/>[2009/01/04 12:15:22 | 000,259,072 | ---- | M] () -- C:\Windows\Installer\3b693.msi <br/>[2009/01/04 12:15:23 | 000,259,072 | ---- | M] () -- C:\Windows\Installer\3b699.msi <br/>[2009/01/04 12:15:24 | 000,181,248 | ---- | M] () -- C:\Windows\Installer\3b69f.msi <br/>[2009/01/04 12:15:26 | 000,181,248 | ---- | M] () -- C:\Windows\Installer\3b6a5.msi <br/>[2009/01/04 12:15:27 | 000,261,632 | ---- | M] () -- C:\Windows\Installer\3b6ab.msi <br/>[2009/01/04 12:15:29 | 000,262,656 | ---- | M] () -- C:\Windows\Installer\3b6b1.msi <br/>[2009/01/04 12:15:30 | 000,261,632 | ---- | M] () -- C:\Windows\Installer\3b6b7.msi <br/>[2009/01/04 12:15:31 | 000,261,632 | ---- | M] () -- C:\Windows\Installer\3b6bd.msi <br/>[2009/01/04 12:15:32 | 000,262,656 | ---- | M] () -- C:\Windows\Installer\3b6c3.msi <br/>[2009/01/04 12:15:33 | 000,262,656 | ---- | M] () -- C:\Windows\Installer\3b6c9.msi <br/>[2009/01/04 12:15:34 | 000,249,344 | ---- | M] () -- C:\Windows\Installer\3b6cf.msi <br/>[2009/01/04 12:15:35 | 000,252,928 | ---- | M] () -- C:\Windows\Installer\3b6d5.msi <br/>[2009/01/04 12:15:37 | 000,249,344 | ---- | M] () -- C:\Windows\Installer\3b6db.msi <br/>[2009/01/04 12:15:38 | 000,249,344 | ---- | M] () -- C:\Windows\Installer\3b6e1.msi <br/>[2009/01/04 12:15:39 | 000,250,880 | ---- | M] () -- C:\Windows\Installer\3b6e7.msi <br/>[2009/01/04 12:15:40 | 000,248,832 | ---- | M] () -- C:\Windows\Installer\3b6ed.msi <br/>[2009/01/04 12:15:41 | 000,248,832 | ---- | M] () -- C:\Windows\Installer\3b6f3.msi <br/>[2009/01/04 12:15:42 | 000,248,320 | ---- | M] () -- C:\Windows\Installer\3b6f9.msi <br/>[2009/01/04 12:15:43 | 000,250,880 | ---- | M] () -- C:\Windows\Installer\3b6ff.msi <br/>[2009/01/04 12:15:44 | 000,251,392 | ---- | M] () -- C:\Windows\Installer\3b705.msi <br/>[2009/01/04 12:15:45 | 000,250,880 | ---- | M] () -- C:\Windows\Installer\3b70b.msi <br/>[2009/01/04 12:15:47 | 000,250,880 | ---- | M] () -- C:\Windows\Installer\3b711.msi <br/>[2009/01/04 12:15:48 | 000,248,832 | ---- | M] () -- C:\Windows\Installer\3b717.msi <br/>[2009/01/04 12:15:50 | 000,248,832 | ---- | M] () -- C:\Windows\Installer\3b71d.msi <br/>[2009/01/04 12:15:51 | 000,188,928 | ---- | M] () -- C:\Windows\Installer\3b723.msi <br/>[2009/01/04 12:15:54 | 000,688,640 | ---- | M] () -- C:\Windows\Installer\3b729.msi <br/>[2009/01/04 12:18:43 | 000,020,992 | ---- | M] () -- C:\Windows\Installer\3b73c.msi <br/>[2009/01/04 12:19:36 | 000,422,912 | ---- | M] () -- C:\Windows\Installer\3b746.msi <br/>[2009/01/04 12:24:20 | 000,360,448 | ---- | M] () -- C:\Windows\Installer\3b750.msi <br/>[2009/01/04 12:24:30 | 000,355,840 | ---- | M] () -- C:\Windows\Installer\3b755.msi <br/>[2009/01/04 12:32:23 | 001,319,424 | ---- | M] () -- C:\Windows\Installer\3b79b.msi <br/>[2012/07/18 14:54:24 | 002,831,360 | R--- | M] () -- C:\Windows\Installer\3cd3a700.msp <br/>[2012/08/06 12:24:02 | 007,682,560 | R--- | M] () -- C:\Windows\Installer\3cd3a715.msp <br/>[2011/12/15 22:53:00 | 000,331,264 | ---- | M] () -- C:\Windows\Installer\40653f.msi <br/>[2011/12/15 23:18:23 | 003,331,584 | ---- | M] () -- C:\Windows\Installer\40656b.msi <br/>[2011/12/15 23:20:41 | 013,978,624 | ---- | M] () -- C:\Windows\Installer\406572.msi <br/>[2011/12/15 23:21:23 | 012,463,104 | ---- | M] () -- C:\Windows\Installer\406579.msi <br/>[2011/12/15 23:23:34 | 001,136,640 | ---- | M] () -- C:\Windows\Installer\406580.msi <br/>[2011/12/15 23:44:41 | 013,658,624 | ---- | M] () -- C:\Windows\Installer\4065b1.msi <br/>[2011/12/16 00:12:45 | 007,529,472 | ---- | M] () -- C:\Windows\Installer\4065e5.msi <br/>[2011/12/16 00:24:11 | 001,629,184 | ---- | M] () -- C:\Windows\Installer\4065f4.msi <br/>[2011/12/16 00:28:31 | 000,801,280 | ---- | M] () -- C:\Windows\Installer\4065fc.msi <br/>[2011/04/28 17:51:24 | 001,375,744 | R--- | M] () -- C:\Windows\Installer\406604.msp <br/>[2009/09/09 15:40:48 | 000,632,320 | R--- | M] () -- C:\Windows\Installer\4119aa.msp <br/>[2009/11/20 15:00:24 | 005,521,408 | R--- | M] () -- C:\Windows\Installer\4119bd.msp <br/>[2012/11/07 10:36:56 | 007,677,952 | R--- | M] () -- C:\Windows\Installer\411f18.msp <br/>[2012/11/21 15:13:14 | 005,522,432 | R--- | M] () -- C:\Windows\Installer\411f2d.msp <br/>[2010/09/23 20:02:28 | 000,798,208 | R--- | M] () -- C:\Windows\Installer\4286a06.msp <br/>[2009/08/18 12:08:34 | 001,373,696 | R--- | M] () -- C:\Windows\Installer\4352b85.msp <br/>[2009/05/26 17:53:56 | 000,579,072 | R--- | M] () -- C:\Windows\Installer\4352b93.msp <br/>[2009/10/16 06:08:48 | 002,237,952 | R--- | M] () -- C:\Windows\Installer\4352ba1.msp <br/>[2012/07/19 14:21:01 | 001,648,640 | ---- | M] () -- C:\Windows\Installer\443b0.msi <br/>[2011/02/16 15:22:49 | 000,019,968 | ---- | M] () -- C:\Windows\Installer\4764e0f.msi <br/>[2011/02/16 16:20:37 | 001,013,248 | ---- | M] () -- C:\Windows\Installer\476500d.msi <br/>[2011/02/16 16:31:56 | 005,230,080 | ---- | M] () -- C:\Windows\Installer\4765052.msi <br/>[2012/04/17 11:11:06 | 007,681,024 | R--- | M] () -- C:\Windows\Installer\4a36ad.msp <br/>[2012/02/17 07:45:24 | 002,299,392 | R--- | M] () -- C:\Windows\Installer\4a36bb.msp <br/>[2012/04/28 20:43:58 | 008,459,264 | R--- | M] () -- C:\Windows\Installer\4a36c5.msp <br/>[2012/04/27 14:09:22 | 005,521,408 | R--- | M] () -- C:\Windows\Installer\4a36d9.msp <br/>[2012/03/19 21:02:30 | 006,695,936 | R--- | M] () -- C:\Windows\Installer\4a36ed.msp <br/>[2012/04/09 15:50:24 | 006,829,568 | R--- | M] () -- C:\Windows\Installer\4a3701.msp <br/>[2011/12/15 12:40:40 | 023,374,336 | R--- | M] () -- C:\Windows\Installer\4a3717.msp <br/>[2012/04/04 21:38:16 | 003,620,864 | R--- | M] () -- C:\Windows\Installer\4a3720.msp <br/>[2012/01/19 12:37:24 | 008,999,936 | R--- | M] () -- C:\Windows\Installer\4a3741.msp <br/>[2011/12/22 15:50:54 | 000,256,000 | R--- | M] () -- C:\Windows\Installer\4a3749.msp <br/>[2012/04/04 21:38:44 | 002,831,360 | R--- | M] () -- C:\Windows\Installer\4a3753.msp <br/>[2012/12/16 12:38:19 | 001,547,776 | ---- | M] () -- C:\Windows\Installer\4c3f96.msi <br/>[2012/12/16 12:39:38 | 005,846,528 | ---- | M] () -- C:\Windows\Installer\4c4053.msi <br/>[2012/12/16 12:42:07 | 001,716,736 | ---- | M] () -- C:\Windows\Installer\4c40fd.msi <br/>[2012/12/16 12:49:23 | 004,509,696 | ---- | M] () -- C:\Windows\Installer\4c5052.msi <br/>[2010/01/13 14:26:40 | 000,119,296 | ---- | M] () -- C:\Windows\Installer\4fcbbfe.msi <br/>[2009/12/11 10:29:56 | 005,521,408 | R--- | M] () -- C:\Windows\Installer\4fcbc11.msp <br/>[2010/12/27 16:44:21 | 003,144,704 | ---- | M] () -- C:\Windows\Installer\55d8b.msi <br/>[2009/01/20 21:09:20 | 000,119,296 | R--- | M] () -- C:\Windows\Installer\563016.msp <br/>[2011/03/29 19:09:08 | 000,843,264 | ---- | M] () -- C:\Windows\Installer\56c8084.msi <br/>[2012/09/24 19:45:03 | 000,022,016 | ---- | M] () -- C:\Windows\Installer\56fb58.msi <br/>[2010/06/30 21:52:28 | 005,522,944 | R--- | M] () -- C:\Windows\Installer\581da85.msp <br/>[2010/05/25 10:45:58 | 008,445,440 | R--- | M] () -- C:\Windows\Installer\581da9a.msp <br/>[2010/11/10 00:23:40 | 001,139,712 | R--- | M] () -- C:\Windows\Installer\5925108.msp <br/>[2010/11/10 02:16:22 | 003,314,688 | R--- | M] () -- C:\Windows\Installer\5925141.msp <br/>[2010/11/10 01:15:38 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\592514b.msp <br/>[2010/11/10 00:46:30 | 004,427,776 | R--- | M] () -- C:\Windows\Installer\592515e.msp <br/>[2010/11/10 01:20:38 | 002,932,736 | R--- | M] () -- C:\Windows\Installer\5925176.msp <br/>[2011/09/15 18:37:40 | 037,148,160 | R--- | M] () -- C:\Windows\Installer\5b9a4b.msp <br/>[2011/09/15 18:37:28 | 016,691,712 | R--- | M] () -- C:\Windows\Installer\5b9a6b.msp <br/>[2011/09/15 18:37:44 | 009,697,280 | R--- | M] () -- C:\Windows\Installer\5b9a7d.msp <br/>[2011/09/15 18:34:22 | 089,837,056 | R--- | M] () -- C:\Windows\Installer\5b9ae2.msp <br/>[2011/09/15 18:38:04 | 010,838,528 | R--- | M] () -- C:\Windows\Installer\5b9aef.msp <br/>[2011/09/15 18:39:22 | 011,163,136 | R--- | M] () -- C:\Windows\Installer\5b9afd.msp <br/>[2011/09/15 18:40:36 | 007,959,552 | R--- | M] () -- C:\Windows\Installer\5b9b09.msp <br/>[2011/09/15 18:37:32 | 038,176,256 | R--- | M] () -- C:\Windows\Installer\5b9b1e.msp <br/>[2011/04/16 02:01:24 | 000,223,232 | ---- | M] () -- C:\Windows\Installer\65b4c64.msi <br/>[2010/11/20 22:33:46 | 001,980,928 | R--- | M] () -- C:\Windows\Installer\65b4c6e.msp <br/>[2011/01/11 16:50:38 | 008,177,152 | R--- | M] () -- C:\Windows\Installer\65b4c79.msp <br/>[2011/03/03 10:25:14 | 005,051,904 | R--- | M] () -- C:\Windows\Installer\65b4c8e.msp <br/>[2011/03/17 19:01:58 | 009,563,648 | R--- | M] () -- C:\Windows\Installer\65b4c99.msp <br/>[2011/02/11 07:43:44 | 010,951,168 | R--- | M] () -- C:\Windows\Installer\65b4cc0.msp <br/>[2010/11/20 22:34:34 | 001,198,080 | R--- | M] () -- C:\Windows\Installer\65b4cca.msp <br/>[2011/04/05 11:52:16 | 005,519,872 | R--- | M] () -- C:\Windows\Installer\65b4ce8.msp <br/>[2011/02/24 08:38:52 | 010,984,448 | R--- | M] () -- C:\Windows\Installer\65b4cfd.msp <br/>[2011/03/17 19:00:20 | 000,090,624 | R--- | M] () -- C:\Windows\Installer\65b4d07.msp <br/>[2011/01/27 13:49:14 | 006,825,472 | R--- | M] () -- C:\Windows\Installer\65b4d25.msp <br/>[2010/02/09 14:36:11 | 004,298,752 | ---- | M] () -- C:\Windows\Installer\684e361.msi <br/>[2012/09/11 08:49:46 | 005,174,272 | ---- | M] () -- C:\Windows\Installer\68a8520.msi <br/>[2008/10/20 10:18:14 | 006,474,240 | R--- | M] () -- C:\Windows\Installer\699a93.msp <br/>[2007/07/21 13:26:34 | 007,574,016 | R--- | M] () -- C:\Windows\Installer\699a9c.msp <br/>[2007/10/14 23:59:26 | 026,614,784 | R--- | M] () -- C:\Windows\Installer\699ab6.msp <br/>[2007/10/14 23:33:24 | 026,646,016 | R--- | M] () -- C:\Windows\Installer\699ac1.msp <br/>[2008/09/24 12:05:44 | 016,381,440 | R--- | M] () -- C:\Windows\Installer\699aca.msp <br/>[2008/08/11 11:49:32 | 022,457,344 | R--- | M] () -- C:\Windows\Installer\699ada.msp <br/>[2008/06/19 18:28:04 | 001,573,376 | R--- | M] () -- C:\Windows\Installer\699aeb.msp <br/>[2008/08/11 11:51:14 | 015,916,544 | R--- | M] () -- C:\Windows\Installer\699afb.msp <br/>[2008/10/20 10:22:54 | 011,758,592 | R--- | M] () -- C:\Windows\Installer\699b0b.msp <br/>[2012/09/24 20:08:18 | 019,838,976 | ---- | M] () -- C:\Windows\Installer\6b21cc.msi <br/>[2011/02/22 10:32:12 | 005,520,384 | R--- | M] () -- C:\Windows\Installer\6c04b58.msp <br/>[2012/09/25 12:35:46 | 004,285,952 | R--- | M] () -- C:\Windows\Installer\6c93aa95.msp <br/>[2012/11/04 19:47:18 | 005,520,896 | R--- | M] () -- C:\Windows\Installer\6c93aab5.msp <br/>[2012/09/25 12:35:30 | 007,695,360 | R--- | M] () -- C:\Windows\Installer\6c93aac1.msp <br/>[2012/09/27 16:53:12 | 006,825,472 | R--- | M] () -- C:\Windows\Installer\6c93aae6.msp <br/>[2012/09/25 12:36:20 | 008,465,408 | R--- | M] () -- C:\Windows\Installer\6c93aaf2.msp <br/>[2012/09/06 09:22:10 | 013,475,840 | R--- | M] () -- C:\Windows\Installer\6c93ab04.msp <br/>[2012/09/10 08:59:10 | 010,739,712 | R--- | M] () -- C:\Windows\Installer\6c93ab15.msp <br/>[2011/06/17 02:01:15 | 000,467,456 | ---- | M] () -- C:\Windows\Installer\6dafc34.msi <br/>[2011/04/29 11:33:30 | 008,173,568 | R--- | M] () -- C:\Windows\Installer\6dafc3e.msp <br/>[2011/05/17 17:28:52 | 006,862,848 | R--- | M] () -- C:\Windows\Installer\6dafc53.msp <br/>[2011/05/20 16:31:56 | 005,518,848 | R--- | M] () -- C:\Windows\Installer\6dafc68.msp <br/>[2011/04/27 18:51:18 | 006,825,472 | R--- | M] () -- C:\Windows\Installer\6dafc7d.msp <br/>[2011/06/17 02:04:07 | 020,333,056 | R--- | M] () -- C:\Windows\Installer\6dafc8b.msp <br/>[2011/06/17 02:05:12 | 000,223,744 | ---- | M] () -- C:\Windows\Installer\6dafc94.msi <br/>[2011/04/29 11:28:40 | 001,995,264 | R--- | M] () -- C:\Windows\Installer\6dafc9e.msp <br/>[2011/05/24 15:27:26 | 000,060,928 | R--- | M] () -- C:\Windows\Installer\6dafcc9.msp <br/>[2011/05/23 13:15:48 | 003,617,792 | R--- | M] () -- C:\Windows\Installer\7064d2e.msp <br/>[2012/12/15 17:47:56 | 002,449,920 | ---- | M] () -- C:\Windows\Installer\74631b.msi <br/>[2012/10/24 19:28:39 | 000,112,640 | ---- | M] () -- C:\Windows\Installer\74fab3.msi <br/>[2010/05/26 17:53:08 | 000,552,448 | ---- | M] () -- C:\Windows\Installer\79cae14.msi <br/>[2009/04/23 16:57:12 | 007,672,832 | R--- | M] () -- C:\Windows\Installer\79d2b.msp <br/>[2009/05/28 11:32:54 | 005,518,848 | R--- | M] () -- C:\Windows\Installer\79d3f.msp <br/>[2009/04/24 11:30:16 | 002,583,552 | R--- | M] () -- C:\Windows\Installer\79d4b.msp <br/>[2009/05/12 12:01:38 | 006,818,816 | R--- | M] () -- C:\Windows\Installer\79d5f.msp <br/>[2009/05/04 06:46:14 | 008,299,008 | R--- | M] () -- C:\Windows\Installer\79d6a.msp <br/>[2010/01/20 08:07:03 | 015,710,720 | R--- | M] () -- C:\Windows\Installer\7a4ce.msp <br/>[2009/10/21 20:13:13 | 000,248,832 | ---- | M] () -- C:\Windows\Installer\7d139.msi <br/>[2009/09/21 15:53:56 | 005,518,848 | R--- | M] () -- C:\Windows\Installer\7d14c.msp <br/>[2009/09/29 08:08:12 | 006,747,648 | R--- | M] () -- C:\Windows\Installer\7d160.msp <br/>[2009/10/21 20:15:27 | 015,709,696 | R--- | M] () -- C:\Windows\Installer\7d169.msp <br/>[2009/07/27 03:31:24 | 003,738,624 | R--- | M] () -- C:\Windows\Installer\7d172.msp <br/>[2009/03/20 10:48:56 | 000,183,808 | R--- | M] () -- C:\Windows\Installer\7d186.msp <br/>[2009/07/01 12:21:28 | 008,891,904 | R--- | M] () -- C:\Windows\Installer\7d19c.msp <br/>[2009/07/01 12:19:52 | 010,607,104 | R--- | M] () -- C:\Windows\Installer\7d19d.msp <br/>[2009/08/20 04:02:38 | 005,204,992 | R--- | M] () -- C:\Windows\Installer\7d1b1.msp <br/>[2009/08/21 09:14:20 | 008,363,008 | R--- | M] () -- C:\Windows\Installer\7d1cb.msp <br/>[2010/05/26 21:06:30 | 000,228,352 | ---- | M] () -- C:\Windows\Installer\84e0f5c.msi <br/>[2011/04/24 16:04:40 | 020,314,624 | R--- | M] () -- C:\Windows\Installer\869b6.msp <br/>[2012/09/12 19:37:59 | 000,873,984 | ---- | M] () -- C:\Windows\Installer\8e2045.msi <br/>[2012/09/12 19:39:49 | 000,176,128 | ---- | M] () -- C:\Windows\Installer\8e204c.msi <br/>[2010/09/04 01:36:14 | 020,303,872 | R--- | M] () -- C:\Windows\Installer\979210.msp <br/>[2009/11/15 09:28:03 | 000,324,608 | ---- | M] () -- C:\Windows\Installer\9a8a818.msi <br/>[2009/01/06 17:22:44 | 008,691,712 | ---- | M] () -- C:\Windows\Installer\9bf933.msi <br/>[2012/11/18 16:24:40 | 009,473,536 | ---- | M] () -- C:\Windows\Installer\9d34de9.msi <br/>[2008/10/26 22:33:58 | 000,444,416 | R--- | M] () -- C:\Windows\Installer\9dd1c76.msp <br/>[2011/07/28 19:23:14 | 000,228,352 | ---- | M] () -- C:\Windows\Installer\a107866.msi <br/>[2011/06/27 18:23:30 | 000,771,584 | ---- | M] () -- C:\Windows\Installer\a322781.msi <br/>[2011/12/15 23:21:52 | 001,097,728 | ---- | M] (Autodesk, Inc.) -- C:\Windows\Installer\adp_core-2_5.dll <br/>[2011/12/15 23:21:52 | 000,210,432 | ---- | M] (Autodesk, Inc.) -- C:\Windows\Installer\adp_data-2_5.dll <br/>[2011/12/15 23:21:59 | 000,356,352 | ---- | M] (Autodesk, Inc.) -- C:\Windows\Installer\adp_io_plugin-2_5.dll <br/>[2011/12/15 23:21:53 | 000,598,016 | ---- | M] (Autodesk, Inc.) -- C:\Windows\Installer\adp_service_opczip-2_5.dll <br/>[2011/12/15 23:21:52 | 000,557,568 | ---- | M] (Autodesk, Inc.) -- C:\Windows\Installer\adp_toolkit-2_5.dll <br/>[2010/06/03 21:39:31 | 020,242,432 | R--- | M] () -- C:\Windows\Installer\b206e2f.msp <br/>[2010/10/20 17:29:50 | 000,219,648 | ---- | M] () -- C:\Windows\Installer\b4fd519.msi <br/>[2012/08/02 09:29:26 | 005,521,920 | R--- | M] () -- C:\Windows\Installer\b874e1e.msp <br/>[2012/07/18 14:53:36 | 010,937,344 | R--- | M] () -- C:\Windows\Installer\b874e28.msp <br/>[2012/07/17 09:11:02 | 006,145,024 | R--- | M] () -- C:\Windows\Installer\b874e51.msp <br/>[2012/07/18 14:46:48 | 000,593,408 | R--- | M] () -- C:\Windows\Installer\b874e60.msp <br/>[2012/07/25 15:59:06 | 011,032,064 | R--- | M] () -- C:\Windows\Installer\b874e6f.msp <br/>[2012/07/17 09:17:04 | 022,363,136 | R--- | M] () -- C:\Windows\Installer\b874e82.msp <br/>[2012/06/26 17:03:12 | 003,875,840 | R--- | M] () -- C:\Windows\Installer\b874e8b.msp <br/>[2012/10/20 23:32:14 | 002,830,848 | R--- | M] () -- C:\Windows\Installer\ba2568e.msp <br/>[2012/11/15 12:44:38 | 043,956,736 | R--- | M] () -- C:\Windows\Installer\ba256a2.msp <br/>[2009/04/06 16:00:42 | 005,518,336 | R--- | M] () -- C:\Windows\Installer\bac7b7.msp <br/>[2010/01/24 09:40:51 | 000,163,840 | ---- | M] () -- C:\Windows\Installer\bb56f.msi <br/>[2010/09/28 20:46:19 | 020,303,872 | R--- | M] () -- C:\Windows\Installer\bfc3cb.msp <br/>[2011/06/19 10:48:53 | 002,295,808 | ---- | M] () -- C:\Windows\Installer\c1788e4.msi <br/>[2011/04/13 10:37:02 | 019,201,024 | R--- | M] () -- C:\Windows\Installer\c1788f4.msp <br/>[2011/03/25 08:03:44 | 005,079,552 | R--- | M] () -- C:\Windows\Installer\c1788fd.msp <br/>[2010/07/23 01:03:24 | 000,338,432 | R--- | M] () -- C:\Windows\Installer\c27f2c5.msp <br/>[2010/12/06 15:02:34 | 005,518,848 | R--- | M] () -- C:\Windows\Installer\c27f2da.msp <br/>[2010/11/12 11:08:30 | 000,889,344 | R--- | M] () -- C:\Windows\Installer\c27f2ee.msp <br/>[2010/10/22 15:45:16 | 008,444,928 | R--- | M] () -- C:\Windows\Installer\c27f304.msp <br/>[2012/04/22 21:37:42 | 001,182,720 | R--- | M] () -- C:\Windows\Installer\c53766e.msp <br/>[2012/03/15 12:43:28 | 004,216,320 | R--- | M] () -- C:\Windows\Installer\c537676.msp <br/>[2011/03/26 16:16:54 | 002,746,368 | ---- | M] () -- C:\Windows\Installer\d14ce32.msi <br/>[2011/03/26 16:17:16 | 000,134,656 | ---- | M] () -- C:\Windows\Installer\d14ce3a.msi <br/>[2009/01/07 09:16:15 | 001,227,776 | ---- | M] () -- C:\Windows\Installer\d21a9.msi <br/>[2012/05/19 09:14:35 | 000,488,448 | ---- | M] () -- C:\Windows\Installer\d95b718.msi <br/>[2008/12/12 11:09:40 | 005,517,824 | R--- | M] () -- C:\Windows\Installer\e007901.msp <br/>[2011/06/05 10:06:21 | 016,530,944 | ---- | M] () -- C:\Windows\Installer\e504c97.msi <br/>[2010/01/19 18:29:16 | 005,050,368 | R--- | M] () -- C:\Windows\Installer\e56297d.msp <br/>[2010/01/19 17:51:12 | 005,524,480 | R--- | M] () -- C:\Windows\Installer\e562990.msp <br/>[2011/06/05 10:32:18 | 000,691,200 | ---- | M] () -- C:\Windows\Installer\e69e55d.msi <br/>[2009/12/16 22:58:22 | 005,382,144 | R--- | M] () -- C:\Windows\Installer\eac98.msp <br/>[2009/03/05 14:40:52 | 006,819,840 | R--- | M] () -- C:\Windows\Installer\f3856b.msp <br/>[2009/02/25 18:07:14 | 011,646,464 | R--- | M] () -- C:\Windows\Installer\f38575.msp <br/>[2011/08/14 13:22:18 | 003,597,824 | ---- | M] () -- C:\Windows\Installer\f7375b.msi <br/>[2011/08/14 13:19:33 | 004,425,728 | R--- | M] () -- C:\Windows\Installer\f7376f.msp <br/>[2011/08/14 13:19:34 | 002,933,248 | R--- | M] () -- C:\Windows\Installer\f73788.msp <br/>[2011/08/14 13:19:36 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\f73792.msp <br/>[2011/08/14 13:19:39 | 001,139,200 | R--- | M] () -- C:\Windows\Installer\f737a3.msp <br/>[2011/08/14 13:19:44 | 000,715,264 | R--- | M] () -- C:\Windows\Installer\f737be.msp <br/>[2011/08/14 13:20:41 | 003,313,152 | R--- | M] () -- C:\Windows\Installer\f737e2.msp <br/>[2011/08/14 13:20:42 | 000,029,184 | R--- | M] () -- C:\Windows\Installer\f7381a.msp <br/>[2011/08/14 13:20:45 | 000,626,688 | R--- | M] () -- C:\Windows\Installer\f73828.msp <br/>[2011/08/14 13:20:47 | 000,468,480 | R--- | M] () -- C:\Windows\Installer\f73837.msp <br/>[2012/08/29 13:54:38 | 001,188,352 | ---- | M] () -- C:\Windows\Installer\f74e0b2.msi <br/>[2012/01/03 17:58:05 | 015,929,344 | R--- | M] () -- C:\Windows\Installer\fad9afe.msp <br/>[2012/01/25 14:55:08 | 005,520,384 | R--- | M] () -- C:\Windows\Installer\fc716f.msp <br/>[2011/10/26 15:38:54 | 002,830,848 | R--- | M] () -- C:\Windows\Installer\fc7178.msp <br/>[2012/02/14 23:08:45 | 020,333,056 | R--- | M] () -- C:\Windows\Installer\fc7184.msp <br/>[2011/12/15 23:21:59 | 007,173,632 | ---- | M] (Autodesk, Inc.) -- C:\Windows\Installer\libfbxsdk-2_5.dll <br/>[2011/12/15 23:21:59 | 000,038,912 | ---- | M] (Autodesk, Inc.) -- C:\Windows\Installer\Luc.exe <br/>[2011/12/15 23:21:51 | 000,000,524 | ---- | M] () -- C:\Windows\Installer\Microsoft.VC90.CRT.manifest <br/>[2011/12/15 23:21:51 | 000,224,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\Installer\msvcm90.dll <br/>[2011/12/15 23:21:51 | 000,568,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\Installer\msvcp90.dll <br/>[2011/12/15 23:21:51 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\Installer\msvcr90.dll <br/>[2011/12/15 23:21:53 | 000,179,392 | ---- | M] (Intel Corporation) -- C:\Windows\Installer\tbb.dll <br/>[2011/12/15 23:23:34 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}.SchedServiceConfig.rmi <br/>[2009/03/17 08:02:39 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{162B71B8-8464-4680-A086-601D555B331D}.SchedServiceConfig.rmi <br/>[2010/11/19 18:55:18 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{308B6AEA-DE50-4666-996D-0FA461719D6B}.SchedServiceConfig.rmi <br/>[2012/11/14 19:33:29 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{3C3901C5-3455-3E0A-A214-0B093A5070A6}.SchedServiceConfig.rmi <br/>[2012/12/16 12:42:07 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{459699C3-9430-4381-964B-4248D87B49F9}.SchedServiceConfig.rmi <br/>[2011/02/15 22:59:59 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}.SchedServiceConfig.rmi <br/>[2011/11/15 18:38:36 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{8153ED9A-C94A-426E-9880-5E6775C08B62}.SchedServiceConfig.rmi <br/>[2009/06/11 17:39:43 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{8355F970-601D-442D-A79B-1D7DB4F24CAD}.SchedServiceConfig.rmi <br/>[2010/06/21 19:34:12 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{85991ED2-010C-4930-96FA-52F43C2CE98A}.SchedServiceConfig.rmi <br/>[2012/06/17 21:09:57 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}.SchedServiceConfig.rmi <br/>[2010/04/28 06:32:05 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}.SchedServiceConfig.rmi <br/>[2011/10/13 15:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}.SchedServiceConfig.rmi <br/>[2009/11/16 14:51:02 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}.SchedServiceConfig.rmi <br/>[2009/04/06 19:47:20 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{AFA20D47-69C3-4030-8DF8-D37466E70F13}.SchedServiceConfig.rmi <br/>[2010/03/31 22:54:58 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{B5C3B892-0849-476C-9F46-B12F84819D57}.SchedServiceConfig.rmi <br/>[2011/06/27 18:18:32 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{C23CD6DA-1958-43A5-ADD0-59396572E02E}.SchedServiceConfig.rmi <br/>[2011/03/07 19:20:31 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{CACAEB5F-174D-4C7C-AC56-A33289A807CA}.SchedServiceConfig.rmi <br/>[2010/09/07 21:10:49 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}.SchedServiceConfig.rmi <br/>[2012/09/16 12:21:43 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}.SchedServiceConfig.rmi <br/>[2012/03/12 19:14:18 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}.SchedServiceConfig.rmi <br/>[18 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ] <br/> <br/>[color=#A23BEC]< %windir%\system32\tasks\*.* >[/color] <br/>[2012/12/03 18:34:57 | 000,003,682 | ---- | M] () -- C:\Windows\system32\tasks\Adobe Flash Player Updater <br/>[2012/06/05 17:30:35 | 000,003,656 | ---- | M] () -- C:\Windows\system32\tasks\Adobe online update program <br/>[2012/12/15 15:42:02 | 000,003,346 | ---- | M] () -- C:\Windows\system32\tasks\BrowserProtect <br/>[2012/06/05 17:30:47 | 000,003,700 | ---- | M] () -- C:\Windows\system32\tasks\Divx online update program <br/>[2012/07/11 22:23:39 | 000,003,528 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000Core <br/>[2012/07/11 22:23:39 | 000,003,896 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000UA <br/>[2012/09/24 18:39:53 | 000,003,630 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore <br/>[2012/09/24 18:40:08 | 000,003,882 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA <br/>[2012/06/05 17:30:32 | 000,003,638 | ---- | M] () -- C:\Windows\system32\tasks\HP online update program <br/>[2012/06/05 17:30:43 | 000,003,666 | ---- | M] () -- C:\Windows\system32\tasks\Java Update Scheduler <br/>[2012/06/05 17:59:41 | 000,003,280 | ---- | M] () -- C:\Windows\system32\tasks\TuneUp DiskDoctor <br/>[2012/12/18 19:02:21 | 000,003,678 | ---- | M] () -- C:\Windows\system32\tasks\User_Feed_Synchronization-{DD4DCA60-9F17-4E99-B212-349DBA39490B} <br/>[2011/06/05 10:02:42 | 000,003,038 | ---- | M] () -- C:\Windows\system32\tasks\{321F1E0E-0082-4738-B494-978D99495706} <br/>[2010/02/14 15:44:49 | 000,003,052 | ---- | M] () -- C:\Windows\system32\tasks\{36426164-7A7B-40DC-8B22-755B7AC34D5A} <br/>[2009/01/06 14:10:07 | 000,002,926 | ---- | M] () -- C:\Windows\system32\tasks\{3AD0BC28-67E3-475E-A0A5-CD18FA3E8528} <br/>[2010/03/02 17:06:36 | 000,003,058 | ---- | M] () -- C:\Windows\system32\tasks\{55E7CFB3-7CFD-4BE0-A18D-FB9F6AD27FFA} <br/>[2011/05/01 08:29:36 | 000,003,044 | ---- | M] () -- C:\Windows\system32\tasks\{6D40BF25-994F-430E-8079-1AC479F38355} <br/>[2010/05/25 21:37:21 | 000,003,014 | ---- | M] () -- C:\Windows\system32\tasks\{9CB989FB-95DE-454A-A88E-6730AF831B5F} <br/> <br/>[color=#A23BEC]< %systemroot%\Fonts\*.exe >[/color] <br/> <br/>[color=#A23BEC]< %systemroot%\*. /mp /s >[/color] <br/> <br/>[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] <br/>[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe <br/>[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe <br/>[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe <br/>[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe <br/>[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe <br/>[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe <br/>[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe <br/>[2008/01/21 02:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe <br/> <br/>[color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color] <br/>[2008/01/21 02:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\ERDNT\cache\regedit.exe <br/>[2008/01/21 02:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe <br/>[2008/01/21 02:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe <br/> <br/>[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] <br/>[2008/01/21 02:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe <br/>[2008/01/21 02:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe <br/>[2008/01/21 02:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe <br/> <br/>[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] <br/>[2008/01/21 02:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe <br/>[2008/01/21 02:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe <br/>[2008/01/21 02:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe <br/> <br/>[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] <br/>[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe <br/>[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe <br/>[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe <br/>[2008/01/21 02:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe <br/> <br/>[color=#A23BEC]< C:\Windows\assembly\tmp\U\*.* /s >[/color] <br/>[2006/11/02 13:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT <br/>[2006/11/02 13:01:49 | 000,032,552 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT <br/>[2010/09/05 09:39:42 | 000,000,882 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>[2010/09/05 09:39:43 | 000,000,886 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>[2012/01/29 14:18:29 | 000,000,900 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000Core.job <br/>[2012/01/29 14:18:30 | 000,000,922 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000UA.job <br/>[2012/04/04 16:19:00 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job <br/> <br/>[color=#A23BEC]< %Temp%\smtmp\1\*.* >[/color] <br/> <br/>[color=#A23BEC]< %Temp%\smtmp\2\*.* >[/color] <br/> <br/>[color=#A23BEC]< %Temp%\smtmp\3\*.* >[/color] <br/> <br/>[color=#A23BEC]< %Temp%\smtmp\4\*.* >[/color] <br/> <br/>[color=#A23BEC]< type c:\diskreport.txt /c >[/color] <br/>Microsoft DiskPart version 6.0.6002 <br/>Copyright (C) 1999-2007 Microsoft Corporation. <br/>On computer: JOHN-PC <br/> Volume ### Ltr Label Fs Type Size Status Info <br/> ---------- --- ----------- ----- ---------- ------- --------- -------- <br/> Volume 0 E DVD-ROM 0 B No Media <br/> Volume 1 D RECOVERY NTFS Partition 10 GB Healthy <br/> Volume 2 C OS NTFS Partition 288 GB Healthy System <br/> Volume 3 K John's Larg NTFS Partition 932 GB Healthy <br/> Volume 4 G Removable 0 B No Media <br/> Volume 5 H Removable 0 B No Media <br/> Volume 6 I Removable 0 B No Media <br/> Volume 7 J Removable 0 B No Media <br/> Volume 8 M John's Mini NTFS Partition 233 GB Healthy <br/> <br/>[color=#E56717]========== Alternate Data Streams ==========[/color] <br/> <br/>@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4 <br/> <br/>< End of report >
Posted 12/18/2012 8:26 PM
#94850
User avatar

JohnP Valued member

Date Joined Nov 2016
Total Posts: 19
And extras.txt: <br/> <br/>OTL Extras logfile created on: 18/12/2012 19:55:32 - Run 1 <br/>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Documents <br/>Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation <br/>Internet Explorer (Version = 9.0.8112.16421) <br/>Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy <br/> <br/>2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.47% Memory free <br/>4.23 Gb Paging File | 3.13 Gb Available in Paging File | 74.06% Paging File free <br/>Paging file location(s): ?:\pagefile.sys [binary data] <br/> <br/>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files <br/>Drive C: | 288.02 Gb Total Space | 86.34 Gb Free Space | 29.98% Space Free | Partition Type: NTFS <br/>Drive D: | 10.00 Gb Total Space | 4.80 Gb Free Space | 48.05% Space Free | Partition Type: NTFS <br/>Drive K: | 931.51 Gb Total Space | 922.39 Gb Free Space | 99.02% Space Free | Partition Type: NTFS <br/>Drive M: | 232.88 Gb Total Space | 137.41 Gb Free Space | 59.00% Space Free | Partition Type: NTFS <br/> <br/>Computer Name: JOHN-PC | User Name: John | Logged in as Administrator. <br/>Boot Mode: Normal | Scan Mode: All users | Quick Scan <br/>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days <br/> <br/>[color=#E56717]========== Extra Registry (SafeList) ==========[/color] <br/> <br/> <br/>[color=#E56717]========== File Associations ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] <br/>.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* <br/>.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) <br/> <br/>[HKEY_USERS\S-1-5-21-3702371316-2332676665-1026982982-1000\SOFTWARE\Classes\<extension>] <br/>.com [@ = ComFile] -- Reg Error: Key error. File not found <br/>.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) <br/>.vbs [@ = VBSFile] -- Reg Error: Key error. File not found <br/> <br/>[color=#E56717]========== Shell Spawning ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] <br/>batfile [open] -- "%1" %* <br/>cmdfile [open] -- "%1" %* <br/>comfile [open] -- "%1" %* <br/>cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* <br/>exefile [open] -- "%1" %* <br/>helpfile [open] -- Reg Error: Key error. <br/>hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) <br/>inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) <br/>piffile [open] -- "%1" %* <br/>regfile [merge] -- Reg Error: Key error. <br/>scrfile [config] -- "%1" <br/>scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l <br/>scrfile [open] -- "%1" /S <br/>txtfile [edit] -- Reg Error: Key error. <br/>Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 <br/>Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () <br/>Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) <br/>Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/>Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () <br/>Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) <br/>Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) <br/>Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/> <br/>[color=#E56717]========== Security Center Settings ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] <br/>"cval" = 1 <br/>"FirewallDisableNotify" = 0 <br/>"AntiVirusDisableNotify" = 0 <br/>"UpdatesDisableNotify" = 0 <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] <br/>"AntiVirusOverride" = 0 <br/>"AntiSpywareOverride" = 0 <br/>"FirewallOverride" = 0 <br/>"VistaSp1" = Reg Error: Unknown registry data type -- File not found <br/>"VistaSp2" = Reg Error: Unknown registry data type -- File not found <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] <br/> <br/>[color=#E56717]========== System Restore Settings ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] <br/>"DisableSR" = 0 <br/> <br/>[color=#E56717]========== Firewall Settings ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] <br/>"EnableFirewall" = 1 <br/>"DisableNotifications" = 0 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] <br/>"EnableFirewall" = 1 <br/>"DisableNotifications" = 0 <br/>"DoNotAllowExceptions" = 0 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] <br/>"EnableFirewall" = 1 <br/>"DisableNotifications" = 0 <br/> <br/>[color=#E56717]========== Authorized Applications List ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] <br/> <br/> <br/>[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] <br/>"{06C0DE20-1B64-4866-A6A7-D8062C4D7B6D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | <br/>"{0DF60FA5-CF86-4824-82A4-73835025721A}" = lport=445 | protocol=6 | dir=in | app=system | <br/>"{15E19AE0-2E5F-40C4-BE0E-61D0ECD63FEC}" = rport=10243 | protocol=6 | dir=out | app=system | <br/>"{17883F6A-3798-426E-8723-A07235090A5E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | <br/>"{1BFC9F93-1D42-4EC8-8E2A-B2CEC97226C8}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | <br/>"{2363C361-B6EF-48B3-BD45-0F5D80CA851D}" = lport=2869 | protocol=6 | dir=in | app=system | <br/>"{313B3867-D319-465C-B8A1-620C2A3ADA95}" = lport=137 | protocol=17 | dir=in | app=system | <br/>"{32DC8C5F-54AF-4381-B937-19AD07AFB68A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | <br/>"{34280BB1-97EC-4EE6-A4FF-69BE21BBFC4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | <br/>"{350184E5-7F58-4D5B-8933-D4A6F1543E80}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | <br/>"{3542F9A1-C400-4394-BC48-2D5A67BF1836}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | <br/>"{3669B5AA-A0AC-4260-B729-B8948B45C084}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | <br/>"{37512E2C-9778-4CD1-8A9D-DEC9C3151709}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | <br/>"{3A0DF30C-DE9E-47A2-A818-C0E4DB132D18}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | <br/>"{3A56B275-B6C0-453F-A5CF-DBEB5B49A039}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | <br/>"{3B167035-075F-469D-A7A3-FF6422EA16FE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | <br/>"{3E8A2F9B-788A-4CE5-9CAF-C451536B939C}" = rport=445 | protocol=6 | dir=out | app=system | <br/>"{3ED6FB6A-2DB4-4864-99D6-87C2D3441B9F}" = rport=10244 | protocol=6 | dir=out | app=system | <br/>"{42AA7630-0F23-491C-8D0A-F7C60B5F0AE7}" = lport=10244 | protocol=6 | dir=in | app=system | <br/>"{58573801-5264-4BEA-8225-0AA7F1102BEC}" = lport=2869 | protocol=6 | dir=in | app=system | <br/>"{6287EBF8-4904-4CC0-9B88-2E67F7A087B1}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | <br/>"{65B9F3B0-B321-4D44-A8E9-49DFD34EF084}" = rport=139 | protocol=6 | dir=out | app=system | <br/>"{6B887BCC-0FC6-4840-9548-B3874645F3F4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | <br/>"{70839EA0-A8AE-40D8-A1DC-115DCF72B887}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | <br/>"{754647C8-8B3D-4E2A-9839-C3913529D0A9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | <br/>"{77933F6F-7027-49DF-A863-B3D949B131AF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | <br/>"{7D767F25-FCD6-4819-8C52-3C42520B7825}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | <br/>"{7E4D14A7-BC6C-46B2-B9BA-464697F99C62}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | <br/>"{82B6519E-4327-43DA-8F64-219601DBA2FC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | <br/>"{8807602F-DE79-4362-9C51-705901193CE9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | <br/>"{8BCB891E-63FB-4700-BEEA-B82B4DDF1F8A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | <br/>"{96CC8E99-D80D-404B-BBC0-D204292E25E1}" = lport=10244 | protocol=6 | dir=in | app=system | <br/>"{9A4038F5-48AE-4C2F-B4AA-A870E26B0C62}" = rport=138 | protocol=17 | dir=out | app=system | <br/>"{9CEB8BE9-DD8D-4C41-A8A0-3E68266A7353}" = rport=10244 | protocol=6 | dir=out | app=system | <br/>"{A0B01B58-B741-478A-8B2E-0050A53A26D1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | <br/>"{A12440B2-472E-447A-99CF-1D7B1CF02E7F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | <br/>"{A8ACDBE4-3703-404A-9768-9747430ECF47}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | <br/>"{AA7BA044-1252-4C61-9B4C-0A5EE24A7EF2}" = lport=139 | protocol=6 | dir=in | app=system | <br/>"{B172C93E-82C6-4C26-AFD8-9C4281A2F4E1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | <br/>"{B4FBCC43-5C4C-460D-A1DB-6E88DB8FC2DF}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | <br/>"{B6FAAB02-E9F7-4E1D-A389-F17EAAC0A850}" = rport=137 | protocol=17 | dir=out | app=system | <br/>"{BD42DD9E-65E6-45AF-B516-1F79DC357474}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | <br/>"{C216290A-06B3-4E8B-B7D8-59D646E235CC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | <br/>"{C8CF1541-0616-4382-A715-145681BD092C}" = lport=3390 | protocol=6 | dir=in | app=system | <br/>"{C92CFB8C-3A0A-4CF2-ABE3-63A30BE7A5C5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | <br/>"{DCE272CE-B6A8-44AC-B261-9776AB907BAF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | <br/>"{DD27BF7F-3CCB-4C48-BB14-EEAE995E1D85}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | <br/>"{DD849E50-B5E9-4084-8CA5-25BB284D9AE1}" = lport=138 | protocol=17 | dir=in | app=system | <br/>"{DDF1D447-F171-4D1C-AC15-0C8804C3F2EA}" = lport=10243 | protocol=6 | dir=in | app=system | <br/>"{DE29DEA3-5786-4257-A017-7FC35B7CC1FE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | <br/>"{E225A40A-394F-4AC1-8724-FFEBC9E97B9F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | <br/>"{E2440105-072D-42A6-819B-BA880A070ACC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | <br/>"{F3308415-C977-4B6F-85E5-582C09B9B4AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | <br/>"{F6DB1DBF-06D0-41AF-942D-D987921C7402}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | <br/>"{FB27E8F6-01ED-4893-BAC1-E555FF60E0BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | <br/>"{FBBB3066-09D3-47B9-8C3D-1CDFA8693C49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | <br/>"{FEDD4962-2D74-496D-85F4-2F9A26BE48D7}" = lport=3390 | protocol=6 | dir=in | app=system | <br/> <br/>[color=#E56717]========== Vista Active Application Exception List ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] <br/>"{08652152-F474-4355-A1B3-9187C0B62014}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | <br/>"{0BD6F8F3-47E7-46FA-848D-B086E8CDD3CE}" = dir=in | app=c:\program files\itunes\itunes.exe | <br/>"{0C1DA678-F866-4867-98D6-52421678D25F}" = protocol=17 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe | <br/>"{0E37CD89-9317-47A7-8F58-D39FFDE52728}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | <br/>"{117303F6-8F32-492A-B26B-BE3D60968C44}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | <br/>"{1BF9CD5F-EC7B-406D-BD63-D14FFF556424}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | <br/>"{1D9E55B3-13F2-4235-9061-06E07E2F19FD}" = dir=in | app=c:\users\john\appdata\local\microsoft\skydrive\skydrive.exe | <br/>"{1F06EE8D-4FB2-4B68-97A2-9AB2D032ECD6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | <br/>"{2101D9F2-AAC5-4955-9DB4-557F267CC31D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | <br/>"{22EB462F-6116-4434-A7E0-10CE177FD92C}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | <br/>"{289AD30D-25BF-4925-B0F2-F0DBB926D5C6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | <br/>"{2A63F03E-C14E-47A5-B70A-E39B8F6E3EF5}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | <br/>"{2C692802-3079-4EEB-8450-1CBA00CC60CD}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | <br/>"{2F16FA8C-633B-446E-BF3A-B9FF291511EB}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | <br/>"{31CF61D4-D075-4E30-9FAF-49D42A92ACC7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | <br/>"{324A3023-A200-4EE4-BB8A-E0E195EA1485}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | <br/>"{36C0F2C9-602C-44D2-ACDB-F671E9D1339F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | <br/>"{3C91E47B-7500-4216-9750-10611086E499}" = protocol=17 | dir=in | app=e:\x86\ibiscont.exe | <br/>"{4489E623-56D2-4DB9-B3FC-87597A18E8DA}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | <br/>"{45F455A4-6918-4C78-A0E7-22FAAAD5CEF7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | <br/>"{468FB6D9-DE19-407B-B07A-3B68F55AFE34}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | <br/>"{496EE6BA-9981-4C27-95B5-7A11550C5EE7}" = protocol=6 | dir=in | app=e:\x86\ibiscont.exe | <br/>"{4DAC9D5C-40D1-415D-B9D0-DA7748CBC763}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | <br/>"{52D5614E-6956-4B33-81A9-57E8D77DFCC2}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | <br/>"{5374B255-0521-45B2-8A2E-8EFFC72BC460}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | <br/>"{546D5661-7BF7-4F6F-9511-75FE2534FC6A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | <br/>"{55FD6137-D887-4169-9434-40D5AB4B76E3}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | <br/>"{5975FD57-CD98-41A7-8C16-A1B91D252049}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | <br/>"{5A89B12F-BE60-449B-BBF5-5C9E4488CD5E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | <br/>"{5D94C5BB-1250-4306-A419-B297724FF829}" = dir=in | app=c:\program files\skype\phone\skype.exe | <br/>"{63787B34-2B3B-4ABA-85D4-B268C2A3D26F}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | <br/>"{6454A5F7-B158-426B-805A-550E3536BC37}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | <br/>"{65E44CF4-4D49-4DBA-8DC7-56D2D3AD8D32}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | <br/>"{67A08D03-721B-4B7B-9DBA-2E470C388794}" = dir=in | app=c:\users\john\appdata\local\facebook\video\skype\facebookvideocalling.exe | <br/>"{6A0992DD-6757-4495-B4F6-B44789049018}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | <br/>"{6F80DB0E-B863-468F-B292-87B0E1B89A0B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | <br/>"{707FE3E6-DA92-4B7A-9EF8-66D702723E02}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | <br/>"{730D3C01-9F95-4EA7-A16C-96DD26A230C8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | <br/>"{731D934A-F001-47A1-8903-DA5572FFFBB4}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | <br/>"{77A52F20-F807-43ED-81A0-8EA65C852357}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | <br/>"{798965C5-7F72-45D5-9B3A-A3AF386ACCFB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | <br/>"{79AFBAD6-988C-46F5-988B-48E29DD30E05}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | <br/>"{7C912291-3FA6-4F51-A2C3-6BE0B5562DF9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | <br/>"{7F5E1F7E-BAB7-4742-9A5E-34F85905A373}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | <br/>"{7FE6BB42-599B-4D59-A1B2-05F63228B9AB}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe | <br/>"{81A29012-FDFC-46D8-81AA-542DFED26489}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | <br/>"{8248E023-4183-4687-AB6B-900ADB56A0EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | <br/>"{8512BE37-837E-40EA-AF29-8F3AA802B9C3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | <br/>"{88531CD6-8EBE-4B2E-B84A-CD8C33C5B5CE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | <br/>"{8FA010B5-18EE-46B2-B0B2-FA11886CFCE9}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | <br/>"{9066933B-755C-4FBF-8E9C-E46AEE541CE2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | <br/>"{93F5E8F1-01CD-493B-9693-BCDD6A2ECC2E}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | <br/>"{96E2B094-92E3-4F3F-AE5F-C6C0451BA646}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | <br/>"{98FFABDD-3918-4F4B-8436-50D08762F83B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | <br/>"{99F4915D-8BEF-4462-89D2-DBF678C7BC2F}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | <br/>"{9E9CB8BA-8D61-4BAA-8087-7FF1C9D82114}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | <br/>"{A6014ACC-2975-4FDD-A1B2-91EB87667EF0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | <br/>"{A6EDF409-1B7C-47EA-917E-B7B9F0036827}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | <br/>"{A7C265B3-6886-4197-A50C-81B3F07C877E}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe | <br/>"{AB78865A-F3C8-4DFD-AD56-42ABB9F291C1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | <br/>"{AD0DDCFC-4712-43A4-AC61-51E106B85791}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe | <br/>"{ADD0E95A-03E2-4B16-B093-F8BC6E9B0EE0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | <br/>"{AEAA92D3-85FD-4FAB-AFA1-371BB6ECD9C4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | <br/>"{B17AA620-1329-44B5-99B0-11DA1B2FB3F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | <br/>"{B419EF2A-DD20-4C94-BBAB-8393C040A8A5}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | <br/>"{B6706F9C-F540-473C-9AAB-4DC800590FDF}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | <br/>"{B71013D9-9B81-4D93-994B-FDA3E095945B}" = protocol=6 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe | <br/>"{BF4CDC2C-9B2E-4098-8E89-778FF1BF008F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | <br/>"{BFD9C4CB-90C1-4232-A349-B8A94403940C}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | <br/>"{C09D2CFE-B644-444E-A701-3190E35AA491}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | <br/>"{C0C20217-7B53-4D3C-8A13-18AE53F6A368}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | <br/>"{C1DAE738-0C46-48C6-AFB0-CDD6234EB17C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | <br/>"{C92C9DAC-880D-4477-A283-049556302D8D}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | <br/>"{CD3D1637-9BC2-4C8D-AA8E-6B2FB17EEA3F}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe | <br/>"{D1F61E8A-F81F-4D43-AEF2-6A7DDB967F23}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | <br/>"{D4ED3459-D496-40E4-AE87-95282B0FD53C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | <br/>"{D752EFD7-3C8B-442F-B89C-7035689C2BAC}" = protocol=6 | dir=out | app=system | <br/>"{D8A7B9E6-819A-4104-AC23-EA1D5B69468B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | <br/>"{E3683297-03F7-4DD8-A036-AB2D9B4A93F5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | <br/>"{E875313B-D5C1-4B18-9254-E2C20FAC534F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | <br/>"{EC3313B0-B4FA-4D8D-8466-374250DCB09A}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | <br/>"{EF441E68-9903-4007-9354-85FE91124FC4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | <br/>"{F4875A62-B782-4AFF-9224-DF5A11F84C84}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | <br/>"{F4FD0B13-F296-4586-9AC7-262972ABDB2D}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | <br/>"{F8E576CC-DCA0-4ADD-A549-F63F6F1EBC64}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | <br/>"{F90BCA4D-D9A6-458E-95B5-A8EBE248E7DB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | <br/>"{FE9BFB22-C372-458F-9DCB-06017310CD2D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | <br/>"TCP Query User{274CFE59-F2CA-4EDF-BFE5-567BE803984B}C:\users\john\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\local\akamai\netsession_win.exe | <br/>"TCP Query User{395FF2B9-AACA-49F5-93AE-E08285F33303}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe | <br/>"TCP Query User{3EFDBE4E-B8C8-4DA4-8949-2BA79EE6127D}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | <br/>"TCP Query User{4D559B2A-0EF0-49A9-B5B7-2AD1252EA934}C:\users\john\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\spotify\spotify.exe | <br/>"TCP Query User{62FCC867-7591-42CF-BD1C-5DB56F130CA3}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | <br/>"TCP Query User{70DB31A3-D019-463A-8E03-187DE8946A96}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | <br/>"TCP Query User{763C40F0-0B7C-4770-83F3-A83130118198}C:\program files\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=c:\program files\musicbrainz picard\picard.exe | <br/>"TCP Query User{8951808A-6C2B-48F9-B3F7-E5E0AE9CC148}C:\program files\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=c:\program files\musicbrainz picard\picard.exe | <br/>"TCP Query User{8A387258-BABE-4461-9233-97DE6EEDAC0C}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe | <br/>"TCP Query User{8F3AFDC5-3E3A-4D34-BA8D-5C4252729C39}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | <br/>"TCP Query User{9D322AD9-4B1B-4A22-8161-666B3F790063}C:\program files\mediaremoteconnector\mediaremoteconnector.exe" = protocol=6 | dir=in | app=c:\program files\mediaremoteconnector\mediaremoteconnector.exe | <br/>"TCP Query User{B21228A3-F79B-44C8-96E7-04629A6FE6E0}C:\users\john\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\local\akamai\netsession_win.exe | <br/>"TCP Query User{D4A8CD46-EB9A-4016-AA59-DA0ADCD4AB00}C:\program files\printershare\paconsole.exe" = protocol=6 | dir=in | app=c:\program files\printershare\paconsole.exe | <br/>"TCP Query User{D6534213-C7A2-46D9-A509-B6C534DAD546}C:\program files\mediaremoteconnector\mediaremoteconnector.exe" = protocol=6 | dir=in | app=c:\program files\mediaremoteconnector\mediaremoteconnector.exe | <br/>"TCP Query User{E191EF0C-13F4-4FCE-90D0-2C51B4B60D33}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | <br/>"TCP Query User{EC3FEE8D-7E8E-4855-9310-D161C602A212}C:\program files\frog\frog\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\frog\frog\camfrog video chat.exe | <br/>"UDP Query User{03C051C6-BF8A-4D60-A304-B016C411BAA0}C:\program files\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=c:\program files\musicbrainz picard\picard.exe | <br/>"UDP Query User{127CCAB3-B515-4FC9-8CB4-91DCE8AFF2D8}C:\users\john\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\spotify\spotify.exe | <br/>"UDP Query User{1BE51EE6-30FB-418D-A67C-AAA63AFC2798}C:\users\john\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\local\akamai\netsession_win.exe | <br/>"UDP Query User{287212F1-7C6D-40A1-8A81-2C5875D95CA4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | <br/>"UDP Query User{303DE5D4-DBD0-4864-919B-BFBD6ADA6078}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | <br/>"UDP Query User{4EE9FD9C-089D-4FFB-94EC-4600E837E056}C:\program files\printershare\paconsole.exe" = protocol=17 | dir=in | app=c:\program files\printershare\paconsole.exe | <br/>"UDP Query User{6DFDBC87-24EA-4CFA-9250-1D0E799A03E2}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | <br/>"UDP Query User{704D533F-0085-43D5-904C-1322B7877E32}C:\program files\mediaremoteconnector\mediaremoteconnector.exe" = protocol=17 | dir=in | app=c:\program files\mediaremoteconnector\mediaremoteconnector.exe | <br/>"UDP Query User{7795AB3A-9245-48F6-B9F6-B959E72ED37D}C:\users\john\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\local\akamai\netsession_win.exe | <br/>"UDP Query User{8CF7E707-9B2F-4C48-9125-5F492289A77D}C:\program files\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=c:\program files\musicbrainz picard\picard.exe | <br/>"UDP Query User{8D2E8053-CF97-4267-95A1-5600287B8F51}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | <br/>"UDP Query User{BC02AFC1-A160-4AF3-89CC-B69DD87288A1}C:\program files\frog\frog\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\frog\frog\camfrog video chat.exe | <br/>"UDP Query User{C5EAF724-E1B8-41C1-8930-FFF955E81101}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe | <br/>"UDP Query User{CD0E10FA-69FD-4E2A-A060-D51263C97A52}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | <br/>"UDP Query User{DA7F3025-985B-4652-A681-A864E63D8A26}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe | <br/>"UDP Query User{DDFADFBE-75D3-4F3C-A5D0-2DB6968D4F6F}C:\program files\mediaremoteconnector\mediaremoteconnector.exe" = protocol=17 | dir=in | app=c:\program files\mediaremoteconnector\mediaremoteconnector.exe | <br/> <br/>[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] <br/>"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 <br/>"{00CD9341-46BF-C386-1D4C-4D980B615549}" = Catalyst Control Center Localization Chinese Standard <br/>"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center <br/>"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service <br/>"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended <br/>"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer <br/>"{0F81061C-661C-D357-F79C-31B1D78609F9}" = Catalyst Control Center Localization Spanish <br/>"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater <br/>"{170715E4-3235-8999-C05D-54156AC3F163}" = CCC Help German <br/>"{174C89F3-EBA7-17AB-2FCA-82AE6AF7C8C5}" = CCC Help Japanese <br/>"{1D9C9979-7B3D-0EBA-06B5-1A648DE8ECFC}" = Skins <br/>"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 <br/>"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions <br/>"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 <br/>"{250AD9EB-E6A4-FEE1-AAAF-66EB69E96060}" = CCC Help Polish <br/>"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 <br/>"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger <br/>"{2B64ACEB-703E-6D90-5CBE-140B9A66C85B}" = Catalyst Control Center Localization Portuguese <br/>"{2CADE3B6-6B69-2050-7B7C-2E6BB1183458}" = Catalyst Control Center Localization Thai <br/>"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update <br/>"{30C042F8-B207-313E-F932-3599ADF24651}" = CCC Help Korean <br/>"{3256C48C-78D0-4FC6-A0F5-81ADF3A9D7D4}" = AVG 2013 <br/>"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn <br/>"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup <br/>"{3AE375B7-4C1A-8954-D87B-126990CA06ED}" = Catalyst Control Center Localization Turkish <br/>"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile <br/>"{4229F016-3A60-439E-B626-DE4BD457469F}" = BlackBerry Device Manager 7.0 <br/>"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD <br/>"{42DB15D5-DAAD-A187-252F-80B669BFC970}" = CCC Help Turkish <br/>"{44F70E24-C55E-4C6E-29F1-573C03BDFB9D}" = CCC Help Chinese Traditional <br/>"{4517895C-2CCB-9CA7-D24A-E74559551426}" = Catalyst Control Center Localization Chinese Traditional <br/>"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support <br/>"{49041980-E77D-DCAD-8365-F22688D3A8AE}" = Catalyst Control Center Localization Hungarian <br/>"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater <br/>"{569F35EF-9A3E-7EA6-3817-01F7A142E608}" = CCC Help Thai <br/>"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011 <br/>"{5783F2D7-A004-0409-0002-0060B0CE6BBA}" = AutoCAD Architecture 2012 - English <br/>"{5783F2D7-A004-0409-1002-0060B0CE6BBA}" = AutoCAD Architecture 2012 Language Pack - English <br/>"{5783F2D7-A028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2012 <br/>"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack <br/>"{57E08EAC-F4FA-E453-6516-CA4D8AF4BD6D}" = CCC Help English <br/>"{58F9D852-9443-4955-A1ED-12C9E0504DD0}" = Mavis Beacon Teaches Typing Platinum 20 <br/>"{5D412B61-F3A7-42C6-9C07-29BBD3D442B1}" = AVG 2013 <br/>"{5D9748ED-2EC3-E694-68E7-14AE077AA686}" = Catalyst Control Center Core Implementation <br/>"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI <br/>"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector <br/>"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012 <br/>"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE <br/>"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin <br/>"{6C9C3437-FA3B-4C82-9F82-EA448606415A}" = MediaRemoteConnector <br/>"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 <br/>"{6DA93E66-5FA8-44ED-9CCA-40773444C10D}" = HP Deskjet 3050 J610 series Basic Device Software <br/>"{6FC963A4-D7C2-743E-4634-0BE6893D2D30}" = ccc-utility <br/>"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable <br/>"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable <br/>"{7484FF63-DFD5-4703-5D5A-7B197CBC6AF7}" = CCC Help Hungarian <br/>"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 <br/>"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0 <br/>"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com <br/>"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour <br/>"{79D4609A-AE25-B8CA-9FD2-9DC5A919414E}" = ccc-core-static <br/>"{7AC72E27-1BA9-D541-996D-AF926F21DB92}" = ATI Catalyst Install Manager <br/>"{7F19855D-DB03-2435-858D-8CD809994A3F}" = Catalyst Control Center Localization Korean <br/>"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform <br/>"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert <br/>"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 <br/>"{8958DFF1-3103-8A70-9108-40D7D359D8C6}" = Catalyst Control Center Graphics Full New <br/>"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight <br/>"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT <br/>"{8E3A5EA8-DE6D-9333-0DB4-55FB9B6EED46}" = CCC Help Chinese Standard <br/>"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012 <br/>"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 <br/>"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) <br/>"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 <br/>"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) <br/>"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 <br/>"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) <br/>"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system <br/>"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 <br/>"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007 <br/>"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3) <br/>"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 <br/>"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007 <br/>"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3) <br/>"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 <br/>"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In <br/>"{90CA0C98-4E23-8B12-29EC-FCEB49983E7E}" = Catalyst Control Center Localization Japanese <br/>"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 <br/>"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 <br/>"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) <br/>"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting <br/>"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector <br/>"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58 <br/>"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 <br/>"{9A57F3E7-F32D-FD92-124C-B9C9D7231C20}" = Catalyst Control Center Graphics Light <br/>"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 <br/>"{9C5B9ED6-0344-4550-A4AB-C4499EB36053}" = SPC 700NC PC Camera <br/>"{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012 <br/>"{A62F50D4-EED7-4417-A382-E89ABCF11BAC}" = SketchUp DWG Importer <br/>"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper <br/>"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common <br/>"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) <br/>"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime <br/>"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 <br/>"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes <br/>"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter <br/>"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 <br/>"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call <br/>"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 <br/>"{BB22EB20-70C4-32D9-CAE5-816E24F458CA}" = Catalyst Control Center Graphics Full Existing <br/>"{C3A0F1A3-7AD3-F7E3-D81A-0A5EC68F0397}" = Catalyst Control Center Localization Polish <br/>"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant <br/>"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update <br/>"{C70BF2F2-2B54-4303-ABE6-82A20038A2EA}" = SPC 700NC PC Camera <br/>"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support <br/>"{CD65BFB7-291F-9D67-760B-4FD16337FCB9}" = CCC Help Italian <br/>"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 <br/>"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform <br/>"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8 <br/>"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 <br/>"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common <br/>"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform <br/>"{D6B3114F-945B-4980-BF7A-AF12E9161A0F}" = iCloud <br/>"{DB98F489-0D1B-0244-2B95-24F4C9D6A5BD}" = CCC Help Spanish <br/>"{DC0D3295-0697-808C-4F1F-44E58330C3E8}" = Catalyst Control Center Localization German <br/>"{DED01768-E634-11E1-AEB0-984BE15F174E}" = Evernote v. 4.5.8 <br/>"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 <br/>"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) <br/>"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime <br/>"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger <br/>"{E79066AE-9AF1-9C3C-6F3A-95BC4A3C3E33}" = Catalyst Control Center Graphics Previews Common <br/>"{E87B8271-8225-31ED-95BE-0C7DB1813F7C}" = CCC Help French <br/>"{E87FE5BA-2E1B-A6F2-F40E-9D6865ADF886}" = Catalyst Control Center Localization French <br/>"{EA57A1B9-0DD2-44DD-9B70-64E8DA553F6F}" = Philips VLounge <br/>"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 <br/>"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 <br/>"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver <br/>"{F18E39EE-5306-6765-9EE3-CD3ECFE9678F}" = Catalyst Control Center Graphics Previews Vista <br/>"{F318B83E-27E2-2EFF-12EE-667C02A062D9}" = CCC Help Portuguese <br/>"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 <br/>"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help <br/>"{FCDBE9CF-CFB4-2260-8F84-09B6F7FD9A87}" = Catalyst Control Center Localization Italian <br/>"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials <br/>"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR <br/>"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 <br/>"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012 <br/>"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack <br/>"7-Zip" = 7-Zip 4.65 <br/>"Adobe AIR" = Adobe AIR <br/>"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX <br/>"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin <br/>"Anti-Spy.Info" = Anti-Spy.Info 1.8d <br/>"asterisk key" = Asterisk Key 10.0 <br/>"AutoCAD Architecture 2012 - English" = AutoCAD Architecture 2012 - English <br/>"AutoCAD Architecture 2012 - English SP 1" = AutoCAD Architecture 2012 - English SP 1 <br/>"Autodesk Design Review 2012" = Autodesk Design Review 2012 <br/>"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012 <br/>"AVG" = AVG 2013 <br/>"BlackBerry_HandheldManager" = BlackBerry Device Manager 7.0 <br/>"CCleaner" = CCleaner <br/>"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com <br/>"CutePDF Writer Installation" = CutePDF Writer 2.8 <br/>"Debut" = Debut Video Capture Software <br/>"Defraggler" = Defraggler <br/>"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters <br/>"DivX Setup" = DivX Setup <br/>"DVD Flick_is1" = DVD Flick <br/>"DWG TrueView 2012" = DWG TrueView 2012 <br/>"Free RAR Extract Frog" = Free RAR Extract Frog <br/>"Google Desktop" = Google Desktop <br/>"Hamster Lite Archiver_is1" = Hamster Lite Archiver 2.0.1.2 <br/>"HijackThis" = HijackThis 2.0.2 <br/>"HP Photo Creations" = HP Photo Creations <br/>"LAGARITH" = Lagarith lossless video codec (Remove Only) <br/>"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware <br/>"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 <br/>"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile <br/>"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended <br/>"Mozilla Firefox 16.0.2 (x86 en-GB)" = Mozilla Firefox 16.0.2 (x86 en-GB) <br/>"MozillaMaintenanceService" = Mozilla Maintenance Service <br/>"MusicBrainz Picard" = MusicBrainz Picard <br/>"pdfsam" = pdfsam <br/>"PRJPRO" = Microsoft Office Project Professional 2007 <br/>"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0 <br/>"SDEPRO20_is1" = SDExplorer Advanced 3.5 <br/>"Speccy" = Speccy <br/>"Spotify" = Spotify <br/>"TeamViewer 7" = TeamViewer 7 <br/>"VLC media player" = VLC media player 2.0.2 <br/>"WinLiveSuite" = Windows Live Essentials <br/>"Yahoo! Messenger" = Yahoo! Messenger <br/> <br/>[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] <br/> <br/>[HKEY_USERS\S-1-5-21-3702371316-2332676665-1026982982-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] <br/>"Akamai" = Akamai NetSession Interface <br/>"JoinMe" = join.me <br/>"SkyDriveSetup.exe" = Microsoft SkyDrive <br/>"Spotify" = Spotify <br/> <br/>[color=#E56717]========== Last 20 Event Log Errors ==========[/color] <br/> <br/>[ Application Events ] <br/>Error - 14/01/2011 17:37:04 | Computer Name = John-PC | Source = WinMgmt | ID = 10 <br/>Description = <br/> <br/>Error - 14/01/2011 17:41:53 | Computer Name = John-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 <br/>Description = <br/> <br/>Error - 14/01/2011 17:41:53 | Computer Name = John-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 <br/>Description = <br/> <br/>Error - 14/01/2011 17:41:53 | Computer Name = John-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 <br/>Description = <br/> <br/>Error - 14/01/2011 17:42:50 | Computer Name = John-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 <br/>Description = <br/> <br/>Error - 14/01/2011 17:42:51 | Computer Name = John-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 <br/>Description = <br/> <br/>Error - 14/01/2011 17:42:51 | Computer Name = John-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 <br/>Description = <br/> <br/>Error - 14/01/2011 17:46:06 | Computer Name = John-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 <br/>Description = <br/> <br/>Error - 14/01/2011 17:46:06 | Computer Name = John-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 <br/>Description = <br/> <br/>Error - 14/01/2011 17:46:06 | Computer Name = John-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 <br/>Description = <br/> <br/>[ Media Center Events ] <br/>Error - 15/11/2011 15:10:10 | Computer Name = John-PC | Source = Mcx2Dvcs | ID = 405 <br/>Description = <br/> <br/>[ System Events ] <br/>Error - 18/12/2012 16:05:03 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000 <br/>Description = <br/> <br/>Error - 18/12/2012 16:06:09 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000 <br/>Description = <br/> <br/>Error - 18/12/2012 16:07:00 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000 <br/>Description = <br/> <br/>Error - 18/12/2012 16:08:00 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000 <br/>Description = <br/> <br/>Error - 18/12/2012 16:09:02 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000 <br/>Description = <br/> <br/>Error - 18/12/2012 16:10:00 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000 <br/>Description = <br/> <br/>Error - 18/12/2012 16:11:02 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000 <br/>Description = <br/> <br/>Error - 18/12/2012 16:12:00 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000 <br/>Description = <br/> <br/>Error - 18/12/2012 16:13:03 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000 <br/>Description = <br/> <br/>Error - 18/12/2012 16:14:00 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000 <br/>Description = <br/> <br/> <br/>< End of report >
Posted 12/19/2012 4:22 PM
#94858
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
We need to run an OTL Fix <br/> <br/>• Please reopen OTL on your desktop. <br/>• Copy and Paste the following text in bold into the Custom Scan textbox. <br/>• <br/> <br/> <br/>:OTL <br/>O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. <br/>O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. <br/>O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. <br/>O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. <br/>MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found <br/>MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin700.exe.lnk - C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe - () <br/>MsConfig - StartUpFolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk - - File not found <br/>MsConfig - StartUpFolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe - (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) <br/>MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) <br/>[2012/12/18 19:45:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job <br/>[2012/12/18 19:44:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job <br/>[2012/12/18 19:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job <br/>[2012/12/18 18:15:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 <br/>[2012/12/18 18:15:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 <br/>[2012/12/18 17:28:01 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000UA.job <br/>[2012/12/17 23:28:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000Core.job <br/>[2012/12/03 18:34:57 | 000,003,682 | ---- | M] () -- C:\Windows\system32\tasks\Adobe Flash Player Updater <br/>[2012/06/05 17:30:35 | 000,003,656 | ---- | M] () -- C:\Windows\system32\tasks\Adobe online update program <br/>[2012/12/15 15:42:02 | 000,003,346 | ---- | M] () -- C:\Windows\system32\tasks\BrowserProtect <br/>[2012/06/05 17:30:47 | 000,003,700 | ---- | M] () -- C:\Windows\system32\tasks\Divx online update program <br/>[2012/07/11 22:23:39 | 000,003,528 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000Core <br/>[2012/07/11 22:23:39 | 000,003,896 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000UA <br/>[2012/09/24 18:39:53 | 000,003,630 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore <br/>[2012/09/24 18:40:08 | 000,003,882 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA <br/>[2012/06/05 17:30:32 | 000,003,638 | ---- | M] () -- C:\Windows\system32\tasks\HP online update program <br/>[2012/06/05 17:30:43 | 000,003,666 | ---- | M] () -- C:\Windows\system32\tasks\Java Update Scheduler <br/>[2012/06/05 17:59:41 | 000,003,280 | ---- | M] () -- C:\Windows\system32\tasks\TuneUp DiskDoctor <br/>[2012/12/18 19:02:21 | 000,003,678 | ---- | M] () -- C:\Windows\system32\tasks\User_Feed_Synchronization-{DD4DCA60-9F17-4E99-B212-349DBA39490B} <br/>[2011/06/05 10:02:42 | 000,003,038 | ---- | M] () -- C:\Windows\system32\tasks\{321F1E0E-0082-4738-B494-978D99495706} <br/>[2010/02/14 15:44:49 | 000,003,052 | ---- | M] () -- C:\Windows\system32\tasks\{36426164-7A7B-40DC-8B22-755B7AC34D5A} <br/>[2009/01/06 14:10:07 | 000,002,926 | ---- | M] () -- C:\Windows\system32\tasks\{3AD0BC28-67E3-475E-A0A5-CD18FA3E8528} <br/>[2010/03/02 17:06:36 | 000,003,058 | ---- | M] () -- C:\Windows\system32\tasks\{55E7CFB3-7CFD-4BE0-A18D-FB9F6AD27FFA} <br/>[2011/05/01 08:29:36 | 000,003,044 | ---- | M] () -- C:\Windows\system32\tasks\{6D40BF25-994F-430E-8079-1AC479F38355} <br/>[2010/05/25 21:37:21 | 000,003,014 | ---- | M] () -- C:\Windows\system32\tasks\{9CB989FB-95DE-454A-A88E-6730AF831B5F} <br/>• :Reg <br/>• <br/>• :Files <br/>• ipconfig /flushdns /c <br/>• :Commands <br/>• [purity] <br/>• [resethosts] <br/>• [CreateRestorePoint] <br/>• [emptytemp] <br/>[EMPTYFLASH] <br/> <br/> <br/> <br/>• Push Run Fix Button <br/>• OTL may ask to reboot the machine. Please do so if asked. <br/>• Click OK. <br/>• A report will open. Copy and Paste that report in your next reply, and tell how your computer are behaving ? <br/> <br/>• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/20/2012 8:23 PM
#94861
User avatar

JohnP Valued member

Date Joined Nov 2016
Total Posts: 19
Thanks!! log from OTL: <br/> <br/>All processes killed <br/>========== OTL ========== <br/>Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. <br/>Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. <br/>Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. <br/>Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk\ deleted successfully. <br/>C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup moved successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin700.exe.lnk\ deleted successfully. <br/>C:\Windows\pss\TrayMin700.exe.lnk.CommonStartup moved successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk\ deleted successfully. <br/>C:\Windows\pss\Dell Dock.lnk.Startup moved successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk\ deleted successfully. <br/>C:\Windows\pss\EvernoteClipper.lnk.Startup moved successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\QuickTime Task\ deleted successfully. <br/>C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully. <br/>C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully. <br/>C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully. <br/>File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot. <br/>File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot. <br/>C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000UA.job moved successfully. <br/>C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000Core.job moved successfully. <br/>C:\Windows\System32\Tasks\Adobe Flash Player Updater moved successfully. <br/>C:\Windows\System32\Tasks\Adobe online update program moved successfully. <br/>C:\Windows\System32\Tasks\BrowserProtect moved successfully. <br/>C:\Windows\System32\Tasks\Divx online update program moved successfully. <br/>C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000Core moved successfully. <br/>C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000UA moved successfully. <br/>C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore moved successfully. <br/>C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA moved successfully. <br/>C:\Windows\System32\Tasks\HP online update program moved successfully. <br/>C:\Windows\System32\Tasks\Java Update Scheduler moved successfully. <br/>C:\Windows\System32\Tasks\TuneUp DiskDoctor moved successfully. <br/>C:\Windows\System32\Tasks\User_Feed_Synchronization-{DD4DCA60-9F17-4E99-B212-349DBA39490B} moved successfully. <br/>C:\Windows\System32\Tasks\{321F1E0E-0082-4738-B494-978D99495706} moved successfully. <br/>C:\Windows\System32\Tasks\{36426164-7A7B-40DC-8B22-755B7AC34D5A} moved successfully. <br/>C:\Windows\System32\Tasks\{3AD0BC28-67E3-475E-A0A5-CD18FA3E8528} moved successfully. <br/>C:\Windows\System32\Tasks\{55E7CFB3-7CFD-4BE0-A18D-FB9F6AD27FFA} moved successfully. <br/>C:\Windows\System32\Tasks\{6D40BF25-994F-430E-8079-1AC479F38355} moved successfully. <br/>C:\Windows\System32\Tasks\{9CB989FB-95DE-454A-A88E-6730AF831B5F} moved successfully. <br/>File PTYFLASH] not found. <br/> <br/>OTL by OldTimer - Version 3.2.69.0 log created on 12202012_195938 <br/> <br/>Files\Folders moved on Reboot... <br/>File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot. <br/>File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot. <br/> <br/>PendingFileRenameOperations files... <br/> <br/>Registry entries deleted on Reboot...
Posted 12/23/2012 9:09 AM
#94868
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Please tell how things are running now ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/23/2012 11:27 AM
#94870
User avatar

JohnP Valued member

Date Joined Nov 2016
Total Posts: 19
Hi Touch, <br/> <br/>I have been on the PC very little although initally it seems to be running well but I'd need to do some work on it to be sure. <br/> <br/>One problem is that upon a restart I've had a box pop up telling me that an unautorised change was made to windows and I need to put the windows activiation key back in, so I'm going to try and need to find a windows CD which I hope I still have! Is there anyway of extracting the key from windows if I can't find it - it is a legit version of windows preinstalled by Dell (but some time ago). <br/> <br/>I'm away from my PC now for a week so thanks for your help and I'll pick up messages when I get back. I hope you have a good Christmas. <br/> <br/>John
Posted 12/23/2012 11:30 AM
#94871
User avatar

JohnP Valued member

Date Joined Nov 2016
Total Posts: 19
Ignore me, it's on the PC case!
Posted 12/26/2012 7:31 AM
#94885
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
I hope you have a good Christmas. Thank you <br/> <br/>Ignore me, it's on the PC case! :tongue: <br/>[/quote]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, December 5, 2016, 3:35 PM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 2 new threads and 3 reply posts.

Who's online

This forum has 37,965 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.