# IE Not Responsive



## justgreene (Jun 21, 2005)

I hope I am posting in the right place. My Windows 7 pc has been acting up for quite a while. I am not sure if it's an ISP issue or just my pc. When I am running IE or Firefox or Chrome, my websites become non-responsive. Or I will click on a link and nothing happens. It is very "jumpy" meaning pages seem to lock and then switch to new pages after some time has passed. I get the message box pop-up saying that IE is uisng so much RAM and it is usually over 250 MB. I am not sure if it's a hardware issue or internet issue. I did a speedtest and came back over 4 mbps. My issues seem to get worse by the evening. I don't have many issues when using software...just internet websites.

Running a Compaq Windows 7
AMD Dual-Core procesor 2.3 Ghz
3 GB RAM


----------



## captainron276 (Sep 11, 2010)

To help us help you,please use the TSG System Info tool to let Tech's know the specs of your computer: http://static.techguy.org/download/SysInfo.exe Copy and paste the results here in your thread. *You can use the TSG Info to fill in your computer information in your user profile as well.*

Also, if its a brand name system like an Acer,Dell or HP, please post the exact model of the system.


----------



## justgreene (Jun 21, 2005)

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Athlon(tm) Dual Core Processor 4450e, AMD64 Family 15 Model 107 Stepping 2
Processor Count: 2
RAM: 2942 Mb
Graphics Card: NVIDIA GeForce 6150SE nForce 430 (Microsoft Corporation - WDDM), 128 Mb
Hard Drives: C: Total - 226949 MB, Free - 121187 MB; D: Total - 38138 MB, Free - 15319 MB; E: Total - 11523 MB, Free - 1542 MB; G: Total - 76308 MB, Free - 14626 MB; H: Total - 476813 MB, Free - 124496 MB; I: Total - 2861575 MB, Free - 2650812 MB;
Motherboard: ECS, Iris8
Antivirus: AVG Anti-Virus Free Edition 2012, Updated and Enabled

Compaq Presario SR5710F


----------



## eddie5659 (Mar 19, 2001)

Hiya

I see you posted a reply in the malware forum as well. I've closed that one, as this one has a reply from Ron, but lets just see if it is malware related. If it is, I'll move this there, and carry on 

So, can you do the following for me:

Download *OTL* to your Desktop


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Select 
*All Users*
*LOP Check*
*Purity Check*
Under the *Standard Registry* box change it to *All*

Please copy the text in the code box below and paste it in the *Custom Scans/Fixes* box in OTL:


```
netsvcs
activex
msconfig
%SYSTEMDRIVE%\*.
%$Recycle.Bin\
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%windir%\system32\tasks\*.* /64
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
services.exe
user32.dll
ATAPI.SYS
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
```

Click the *Run Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.

Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic


eddie


----------



## justgreene (Jun 21, 2005)

I've tried doing the OTL scan twice now. It scans good but then it gets to scanning Chrome settings and I get the not responding messsage from OTL. What should I do?


----------



## justgreene (Jun 21, 2005)

I have tried doing the OTL scan numerous times and it just freezes up - not responding. I give up.


----------



## eddie5659 (Mar 19, 2001)

That's okay, just try this one instead:


Download *random's system information tool (RSIT)* by *random/random* from *here*.
*It is important that is saved to your desktop.*
Double click on *RSIT.exe* to run *RSIT*.
Click *Continue* at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both *log.txt* (<<will be maximized) and *info.txt* (<<will be minimized)


----------



## justgreene (Jun 21, 2005)

Logfile of random's system information tool 1.09 (written by random/random)
Run by Justin at 2013-01-11 17:05:34
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 114 GB (50%) free of 227 GB
Total RAM: 2942 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:05:49 PM, on 1/11/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Justin\AppData\Local\Google\Update\1.3.21.124\GoogleCrashHandler.exe
C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Justin\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Justin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
R3 - URLSearchHook: (no name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [MusicManager] "C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\SysWow64\Shdocvw.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12922 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2758387876-317494887-4176309356-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2758387876-317494887-4176309356-1000UA.job
C:\Windows\tasks\ReclaimerUpdateFiles_Justin.job
C:\Windows\tasks\ReclaimerUpdateXML_Justin.job
C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Justin.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default

prefs.js - "browser.startup.homepage" - "http://www.yahoo.com/|http://pinterest.com/"

"[email protected]"=C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files (x86)\AVG\AVG2012\Firefox4\
"{F53C93F1-07D5-430c-86D4-C9531B27DFAF}"=C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\
"[email protected]"=C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
"{0153E448-190B-4987-BDE1-F256CADA672F}"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.146 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14]
"Description"=RealPlayer Download Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@virtools.com/3DviaPlayer]
"Description"=3Dvia Player For Mozilla Based Broswer
"Path"=C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
npCouponPrinter.xpt
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
NPcol400.dll
npCouponPrinter.dll
npMozCouponPrinter.dll
nppdf32.dll
nppl3260.dll
nppl3260.xpt
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpplugin.dll
QuickTimePlugin.class

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
babylon.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\extensions\
[email protected]

C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\searchplugins\
askcom.xml
BabylonMngr.xml
conduit.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-09-27 426736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll [2012-08-13 938104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll [2012-06-24 1417336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-24 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-12-14 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-24 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{98889811-442D-49dd-99D7-DC866BE87DBC}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-12-14 192144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"=C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2012-07-31 2596984]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-11-28 59280]
"TkBellExe"=C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-09-27 296096]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MusicManager"=C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [2012-12-10 7416320]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2012-08-03 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=lvcodec2.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.voxacm160"=vct3216.acm
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"wave2"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-01-11 17:05:37 ----D---- C:\Program Files (x86)\trend micro
2013-01-11 17:05:34 ----D---- C:\rsit
2013-01-05 16:11:04 ----D---- C:\Forks Over Knives
2013-01-05 11:33:35 ----D---- C:\Star Wars #5_Empire Strikes Back
2013-01-05 11:32:09 ----D---- C:\New folder
2013-01-01 22:47:49 ----D---- C:\Star Wars #6_Return of the Jedi
2013-01-01 21:48:14 ----D---- C:\Star Wars #3_Revenge of the Sith
2012-12-29 12:34:07 ----D---- C:\Star Wars #2_Attack of the Clones
2012-12-29 12:33:09 ----D---- C:\Star Wars #4_ A New Hope
2012-12-27 19:39:31 ----A---- C:\Windows\SysWOW64\vbscript.dll
2012-12-27 19:39:31 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2012-12-27 19:39:31 ----A---- C:\Windows\SysWOW64\ieui.dll
2012-12-27 19:39:30 ----A---- C:\Windows\SysWOW64\urlmon.dll
2012-12-27 19:39:30 ----A---- C:\Windows\SysWOW64\url.dll
2012-12-27 19:39:30 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2012-12-27 19:39:29 ----A---- C:\Windows\SysWOW64\wininet.dll
2012-12-27 19:39:29 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2012-12-27 19:39:27 ----A---- C:\Windows\SysWOW64\jscript9.dll
2012-12-27 19:39:27 ----A---- C:\Windows\SysWOW64\jscript.dll
2012-12-27 19:39:26 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2012-12-27 19:39:26 ----A---- C:\Windows\SysWOW64\iertutil.dll
2012-12-27 19:39:24 ----A---- C:\Windows\SysWOW64\mshtml.dll
2012-12-27 19:39:21 ----A---- C:\Windows\SysWOW64\ieframe.dll
2012-12-27 19:38:56 ----A---- C:\Windows\SysWOW64\atmlib.dll
2012-12-27 19:38:55 ----A---- C:\Windows\SysWOW64\atmfd.dll
2012-12-27 19:37:42 ----A---- C:\Windows\SysWOW64\tzres.dll
2012-12-27 19:37:27 ----A---- C:\Windows\SysWOW64\KernelBase.dll
2012-12-27 19:37:27 ----A---- C:\Windows\SysWOW64\kernel32.dll
2012-12-27 19:37:26 ----A---- C:\Windows\SysWOW64\setup16.exe
2012-12-27 19:37:26 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2012-12-27 19:37:25 ----A---- C:\Windows\SysWOW64\wow32.dll
2012-12-27 19:37:23 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-27 19:37:23 ----A---- C:\Windows\SysWOW64\instnm.exe
2012-12-27 19:37:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-27 19:37:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-27 19:37:21 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-27 19:37:21 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-27 19:37:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-27 19:37:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-27 19:37:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-27 19:37:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-27 19:37:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-27 19:37:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-27 19:37:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-27 19:37:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-27 19:37:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-27 19:37:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-27 19:37:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-27 19:37:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-27 19:37:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-27 19:37:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-27 19:37:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-27 19:37:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-27 19:37:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-27 19:37:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-27 19:37:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-27 19:37:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-27 19:37:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-27 19:37:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-27 19:37:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-27 19:37:19 ----A---- C:\Windows\SysWOW64\user.exe
2012-12-27 19:37:07 ----A---- C:\Windows\SysWOW64\dpnet.dll
2012-12-26 16:22:48 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-26 16:22:48 ----D---- C:\Program Files (x86)\iTunes
2012-12-19 15:10:26 ----D---- C:\Users\Justin\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1

======List of files/folders modified in the last 1 month======

2013-01-11 17:05:49 ----D---- C:\Windows\Prefetch
2013-01-11 17:05:37 ----RD---- C:\Program Files (x86)
2013-01-11 09:47:30 ----D---- C:\Windows\Temp
2013-01-11 09:11:15 ----D---- C:\ProgramData\MFAData
2013-01-10 20:33:06 ----SHD---- C:\System Volume Information
2013-01-08 23:21:02 ----D---- C:\Windows\Tasks
2013-01-08 22:51:18 ----D---- C:\Users\Justin\AppData\Roaming\Spotify
2013-01-08 20:35:30 ----D---- C:\ProgramData\CanonIJPLM
2013-01-08 15:16:06 ----D---- C:\Windows\SysWOW64
2013-01-08 15:16:02 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-01-06 20:18:45 ----D---- C:\ProgramData\Real
2013-01-06 20:18:02 ----D---- C:\Users\Justin\AppData\Roaming\Real
2013-01-06 01:00:03 ----D---- C:\Windows\inf
2013-01-05 15:32:30 ----D---- C:\ProgramData\DVD Shrink
2013-01-03 17:09:49 ----D---- C:\Users\Justin\AppData\Roaming\Skype
2012-12-28 14:25:37 ----D---- C:\Users\Justin\AppData\Roaming\Apple Computer
2012-12-27 20:25:38 ----D---- C:\Windows\rescache
2012-12-27 19:48:54 ----D---- C:\Windows\winsxs
2012-12-27 19:45:49 ----D---- C:\Windows\SysWOW64\en-US
2012-12-27 19:45:49 ----D---- C:\Windows\System32
2012-12-27 19:45:48 ----D---- C:\Windows\SysWOW64\migration
2012-12-27 19:45:48 ----D---- C:\Windows\AppPatch
2012-12-27 19:45:48 ----D---- C:\Program Files (x86)\Internet Explorer
2012-12-27 19:41:10 ----D---- C:\Windows\debug
2012-12-27 19:39:33 ----SHD---- C:\Windows\Installer
2012-12-27 19:38:51 ----HD---- C:\Config.Msi
2012-12-26 21:26:54 ----D---- C:\Users\Justin\AppData\Roaming\Adobe
2012-12-26 16:23:23 ----RD---- C:\Program Files
2012-12-26 16:23:10 ----D---- C:\Program Files (x86)\Common Files\Apple
2012-12-26 16:22:48 ----HD---- C:\ProgramData
2012-12-24 11:42:19 ----D---- C:\Users\Justin\AppData\Roaming\uTorrent
2012-12-24 11:30:47 ----D---- C:\My Music
2012-12-20 21:31:28 ----D---- C:\Windows

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys []
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys []
R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys []
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys []
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys []
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys []
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys []
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\avgidsfiltera.sys []
R3 AVMNgBasM780;AVerMedia M780 Base Driver; C:\Windows\system32\DRIVERS\AVerBas.sys []
R3 AVMNgCapM780;AVerMedia M780 Audio/Video Capture Driver; C:\Windows\system32\DRIVERS\AVerCap.sys []
R3 AVMNgTunM780;AVerMedia M780 TVTuner Driver; C:\Windows\system32\DRIVERS\AVerTun.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys []
R3 LVUVC64;Logitech Webcam C260(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys []
R3 NVNET;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6264.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys []
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys []
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8; C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2008-10-09 107912]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 UMVPFSrv;UMVPFSrv; C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-03 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-08 251400]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-11-16 867080]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-03 116648]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-11 194032]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-12-12 641504]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-11-29 115168]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.09 2013-01-11 17:05:58

======Uninstall list======

µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
3DVIA player 5.0.0.20-->MsiExec.exe /X{B01DD1A4-F4E1-4CE7-AB6E-3168C5BD5D30}
7-Zip 9.22beta-->"C:\Program Files (x86)\7-Zip\Uninstall.exe"
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}
Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_Plugin.exe -maintain plugin
Adobe Photoshop Elements 8.0-->msiexec /i {17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}
Adobe Photoshop.com Inspiration Browser-->msiexec /qb /x {D0DDF9EE-C67F-368B-EB42-ECB44FD7556D}
Adobe Photoshop.com Inspiration Browser-->MsiExec.exe /I{D0DDF9EE-C67F-368B-EB42-ECB44FD7556D}
Adobe Reader X (10.1.4)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
Advertising Center-->MsiExec.exe /X{b2ec4a38-b545-4a00-8214-13fe0e915e6d}
Angry Birds-->MsiExec.exe /I{0CE0711D-A5E3-4E98-B3C0-0227A5E000CA}
Apple Application Support-->MsiExec.exe /I{CCE825DB-347A-4004-A186-5F4A6FDD8547}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
CameraHelperMsi-->MsiExec.exe /I{15634701-BACE-4449-8B25-1567DA8C9FD3}
Canon Easy-PhotoPrint EX-->C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\uninst.exe Uninst.ini uinstrsc.dll
Canon Easy-PhotoPrint Pro - PRO-1 series Extention Data-->C:\Program Files (x86)\Canon\Easy-PhotoPrint Pro\Profile\PRO-1\uninst.exe uninst.ini uinstrsc.dll
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data-->C:\Program Files (x86)\Canon\Easy-PhotoPrint Pro\Profile\Pro9000\uninst.exe uninst.ini uinstrsc.dll
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data-->C:\Program Files (x86)\Canon\Easy-PhotoPrint Pro\Profile\Pro9500 series\uninst.exe uninst.ini uinstrsc.dll
Canon Easy-PhotoPrint Pro-->C:\Program Files (x86)\Canon\Easy-PhotoPrint Pro\uninst.exe uninst.ini uinstrsc.dll
Canon Inkjet Printer/Scanner/Fax Extended Survey Program-->C:\Program Files (x86)\Canon\IJPLM\SETUP.EXE -R
Canon Pro9000 Mark II series User Registration-->C:\Program Files (x86)\Canon\IJEREG\Pro9000 Mark II series\UNINST.EXE
Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini uinstrsc.dll
Canon Utilities Solution Menu-->C:\Program Files (x86)\Canon\SolutionMenu\uninst.exe uninst.ini uinstrsc.dll
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ConvertXtoDVD 4.1.19.365-->"C:\Program Files (x86)\VSO\ConvertX\4\unins000.exe"
Coupon Printer for Windows-->"C:\Program Files (x86)\Coupons\uninstall.exe" "/U:C:\Program Files (x86)\Coupons\Uninstall\uninstall.xml"
Creative Memories Memory Manager 3-->MsiExec.exe /I{055C7B5D-B655-495D-BC4B-787994519AAA}
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DolbyFiles-->MsiExec.exe /X{b1adf008-e898-4fe2-8a1f-690d9a06acaf}
Duplicate Finder-->"C:\Program Files (x86)\Duplicate Finder\unins000.exe"
DVD Shrink 3.2-->"C:\Program Files (x86)\DVD Shrink\unins000.exe"
erLT-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Freemake Video Converter version 3.1.1-->"C:\Program Files (x86)\Freemake\Freemake Video Converter\Uninstall\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_94DDE1EDD1CDF6A3.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
Java 7 Update 9-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217007FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
LightScribe System Software-->MsiExec.exe /X{82EF29B1-9B60-4142-A155-0599216DD053}
Logitech Vid HD-->C:\Program Files (x86)\Logitech\Vid HD\uninst.exe
Logitech Webcam Software-->"C:\Program Files (x86)\Common Files\LogiShrd\Installer\{D40EB009-0499-459c-A8AF-C9C110766215}\setup.exe" /lang=ENU /guid="{D40EB009-0499-459c-A8AF-C9C110766215}"
LWS Facebook-->MsiExec.exe /I{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}
LWS Gallery-->MsiExec.exe /I{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}
LWS Help_main-->MsiExec.exe /I{1651216E-E7AD-4250-92A1-FB8ED61391C9}
LWS Launcher-->MsiExec.exe /I{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}
LWS Motion Detection-->MsiExec.exe /I{71E66D3F-A009-44AB-8784-75E2819BA4BA}
LWS Pictures And Video-->MsiExec.exe /I{08610298-29AE-445B-B37D-EFBE05802967}
LWS Twitter-->MsiExec.exe /I{174A3B31-4C43-43DD-866F-73C9DB887B48}
LWS Video Mask Maker-->MsiExec.exe /I{EED027B7-0DB6-404B-8F45-6DFEE34A0441}
LWS Webcam Software-->MsiExec.exe /I{8937D274-C281-42E4-8CDB-A0B2DF979189}
LWS WLM Plugin-->MsiExec.exe /I{9DAEA76B-E50F-4272-A595-0124E826553D}
LWS YouTube Plugin-->MsiExec.exe /I{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}
Malwarebytes Anti-Malware version 1.65.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Memory Manager 3 Service Update-->MsiExec.exe /I{114AA498-39E6-4229-94DB-1E3777C2F486}
Menu Templates - Starter Kit-->MsiExec.exe /X{b78120a0-cf84-4366-a393-4d0a59bc546c}
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office XP Professional-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Movie Templates - Starter Kit-->MsiExec.exe /X{e498385e-1c51-459a-b45f-1721e37aa1a0}
Mozilla Firefox 17.0.1 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 9-->C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-02A4-TE7Z-248H-2AE2-EXP6-7435-6A2L"
Nero BurnRights-->MsiExec.exe /X{7829db6f-a066-4e40-8912-cb07887c20bb}
Nero ControlCenter-->MsiExec.exe /X{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}
Nero CoverDesigner-->MsiExec.exe /X{62ac81f6-bdd3-4110-9d36-3e9eaab40999}
Nero DiscSpeed-->MsiExec.exe /X{869200db-287a-4dc0-b02b-2b6787fbcd4c}
Nero DriveSpeed-->MsiExec.exe /X{33cf58f5-48d8-4575-83d6-96f574e4d83a}
Nero InfoTool-->MsiExec.exe /X{fbcdfd61-7dcf-4e71-9226-873ba0053139}
Nero Installer-->MsiExec.exe /X{e8a80433-302b-4ff1-815d-fcc8eac482ff}
Nero Live-->MsiExec.exe /X{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}
Nero PhotoSnap-->MsiExec.exe /X{9e82b934-9a25-445b-b8df-8012808074ac}
Nero Recode-->MsiExec.exe /X{359cfc0a-beb1-440d-95ba-cf63a86da34f}
Nero Rescue Agent-->MsiExec.exe /X{368ba326-73ad-4351-84ed-3c0a7a52cc53}
Nero ShowTime-->MsiExec.exe /X{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}
Nero StartSmart-->MsiExec.exe /X{7748ac8c-18e3-43bb-959b-088faea16fb2}
Nero Vision-->MsiExec.exe /X{43e39830-1826-415d-8bae-86845787b54b}
Nero WaveEditor-->MsiExec.exe /X{a209525b-3377-43f4-b886-32f6b6e7356f}
NeroBurningROM-->MsiExec.exe /X{d025a639-b9c9-417d-8531-208859000af8}
NeroExpress-->MsiExec.exe /X{595a3116-40bb-4e0f-a2e8-d7951da56270}
NeroLiveGadget-->MsiExec.exe /X{9e9fdde6-2c26-492a-85a0-05646b3f2795}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
QuickTime-->MsiExec.exe /I{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}
RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
RealPlayer-->c:\program files (x86)\real\realplayer\Update\r1puninst.exe RealNetworks|RealPlayer|15.0
RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4736E989-32D9-3B91-90D7-C68848E118CA} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F1696E2F-4803-362F-A756-65B363483FE6} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended
Shutterfly Express Uploader-->msiexec /qb /x {63688C0C-441B-B09B-97A3-B059D79A84F7}
Shutterfly Express Uploader-->MsiExec.exe /I{63688C0C-441B-B09B-97A3-B059D79A84F7}
Skype 6.0-->MsiExec.exe /X{EA17F4FC-FDBF-4CF8-A529-2D983132D053}
SoundTrax-->MsiExec.exe /X{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Update for Microsoft .NET Framework 4 Extended (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Extended
Visual Studio 2008 x64 Redistributables-->MsiExec.exe /I{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}
Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
Zoodles-->msiexec /qb /x {88E14CA9-C418-21F9-223B-5405979A03E9}
Zoodles-->MsiExec.exe /I{88E14CA9-C418-21F9-223B-5405979A03E9}

======System event log======

Computer Name: Greenehome
Event Code: 55
Message: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume3.
Record Number: 13783
Source Name: Ntfs
Time Written: 20120722210647.012100-000
Event Type: Error
User:

Computer Name: Greenehome
Event Code: 55
Message: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume3.
Record Number: 13782
Source Name: Ntfs
Time Written: 20120722210647.012100-000
Event Type: Error
User:

Computer Name: Greenehome
Event Code: 55
Message: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume3.
Record Number: 13781
Source Name: Ntfs
Time Written: 20120722210647.012100-000
Event Type: Error
User:

Computer Name: Greenehome
Event Code: 55
Message: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume3.
Record Number: 13780
Source Name: Ntfs
Time Written: 20120722210647.012100-000
Event Type: Error
User:

Computer Name: Greenehome
Event Code: 55
Message: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume3.
Record Number: 13779
Source Name: Ntfs
Time Written: 20120722210647.012100-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Greenehome
Event Code: 1130
Message: .NET Runtime Optimization Service (2.0.50727.4927) - Dependencies did not match with repository: Microsoft.MediaCenter.Sports
Record Number: 154
Source Name: .NET Runtime Optimization Service
Time Written: 20120718190236.000000-000
Event Type: Warning
User:

Computer Name: Greenehome
Event Code: 1130
Message: .NET Runtime Optimization Service (2.0.50727.4927) - Version or flavor did not match with repository: Microsoft.MediaCenter.Playback
Record Number: 152
Source Name: .NET Runtime Optimization Service
Time Written: 20120718190235.000000-000
Event Type: Warning
User:

Computer Name: Greenehome
Event Code: 1130
Message: .NET Runtime Optimization Service (2.0.50727.4927) - Version or flavor did not match with repository: mcepg
Record Number: 136
Source Name: .NET Runtime Optimization Service
Time Written: 20120718190222.000000-000
Event Type: Warning
User:

Computer Name: Greenehome
Event Code: 1130
Message: .NET Runtime Optimization Service (2.0.50727.4927) - Dependencies did not match with repository: ehRecObj
Record Number: 135
Source Name: .NET Runtime Optimization Service
Time Written: 20120718190218.000000-000
Event Type: Warning
User:

Computer Name: Greenehome
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 107
Source Name: Microsoft-Windows-Search
Time Written: 20120718190003.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120718185218.018400-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247E29-32$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x1c4
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:	
Source Network Address:	-
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi 
Authentication Package:	Negotiate
Transited Services:	-
Package Name (NTLM only):	-
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120718185218.018400-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements:	0
Policy ID:	0x2fab8
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120718185217.690800-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name:	-
Source Network Address:	-
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package:	-
Transited Services:	-
Package Name (NTLM only):	-
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120718185216.177600-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120718185216.084000-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=AMD64 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre7\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre7\lib\ext\QTJava.zip

-----------------EOF-----------------


----------



## justgreene (Jun 21, 2005)

eddie5659 said:


> That's okay, just try this one instead:
> 
> 
> Download *random's system information tool (RSIT)* by *random/random* from *here*.
> ...


I posted the 2 logs. Is there anything I can do today as I have plenty of time? Thanks for your help!


----------



## eddie5659 (Mar 19, 2001)

Sorry for the delay, weekends I tend to be busy. Having a look now, will reply in a bit


----------



## eddie5659 (Mar 19, 2001)

Okay, not much in the way of malware there. I can see some remains, which we can remove.

However, this was in the Event Log:



> Computer Name: Greenehome
> Event Code: 55
> Message: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume3.
> Record Number: 13783
> ...


So, lets try that:

Try this click *Start*>>*Run *type *cmd *click *Ok*.

In the Command Prompt type *chkdsk /f* click *Enter*

Ther is a space between k and /f

Or Click Start>>All Programs>>Accessories>>Command Prompt

You will be asked if you want a check disk to run on next startup click *Y *and then press *Enter*

Restart your PC

It will run in 5 sections please do not interrupt it let it finish.

Let me know when its complete and if it helps at all


----------



## justgreene (Jun 21, 2005)

I did the command prompt box, however, I am getting "Access Denied as you do not have sufficient privileges. You have to invoke this utility running in elevated mode." message.

Now what?


----------



## eddie5659 (Mar 19, 2001)

Okay, lets see if you can do it this way 

Open up My Computer, and right-click on the C-drive, and select Properties.

In there, click the Tools tab.

At the top will be *Error-checking*

Click on the button Check Now, and when prompted, select both options:

Automatically fix file system errors
Scan for and attempt recovery of bad sectors

And then click Start.


----------



## justgreene (Jun 21, 2005)

It is doing it right now. Let me ask this...I did an upgrade to windows 7. When I start the pc, I get the black page asking if I want to start windows 7 or an older version of windows. Should I be getting this at startup? I thought when I did my upgrade it wiped windows vista off my hard drive.


----------



## eddie5659 (Mar 19, 2001)

For the black page at startup, does it specify which version of Windows other than Windows 7?


----------



## justgreene (Jun 21, 2005)

No it just says an older version of windows.


----------



## eddie5659 (Mar 19, 2001)

Hmmmm

Okay, can you go to Start | Run and type

*MSCONFIG*

and press OK.

Click on the *Boot* tab, and in the box will be the bootup.

Can you type exactly what you have, here


----------



## justgreene (Jun 21, 2005)

Windows 7 (C:\Windows): current OS; Default OS

Also, the check disk is done with its scan.


----------



## eddie5659 (Mar 19, 2001)

Okay, can you open up the *cmd* prompt with Admin rights. To do so, go to Start | Programs | Accessories | Command Prompt.

Right-click on it and select *Run As Administrator* and select Yes on the popup.

Now, type *bcdedit* and press enter.

Does it show something like this in the list that you get:



> displayorder {ntldr}
> {current}
> toolsdisplayorder {memdiag}
> timeout 6
> ...


If so, we can remove the *Earlier Version of Windows* part with a simple tool 

--------------

Good to see the chkdsk is complete, can you see if you can run these two programs:








Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Please download *AdwCleaner* by Xplode onto your desktop.

Double click on *AdwCleaner.exe* to run the tool.
Click on *Search*.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at *C:\AdwCleaner[R1].txt* as well.

eddie


----------



## justgreene (Jun 21, 2005)

Regarding Command Prompt: Mine is almost the same as your post. Few slight differences:
Mine says: timeout 30 & under Windows Legacy OS Loader: device partition = G not C.

I downloaded both tools to my desktop and will run them and get back to you once finished.

I appreciate you taking the time to help me with this. The non-responsiveness is getting very frustrating.


----------



## justgreene (Jun 21, 2005)

Here are the 2 logs start with JRT:

Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.3 (01.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Justin on Thu 01/17/2013 at 13:36:30.27
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\browsermngr start page 
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\browsermngrdefaultscope 
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{98889811-442d-49dd-99d7-dc866be87dbc} 
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} 
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ba14329e-9550-4989-b3f2-9732e92d17cc} 
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} 
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2758387876-317494887-4176309356-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_local_machine\software\babylontoolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\browsermngr
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Failed to delete: [Registry Key] hkey_current_user\software\datamngr
Failed to delete: [Registry Key] hkey_local_machine\software\datamngr
Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Failed to delete: [Registry Key] hkey_local_machine\software\wow6432node\datamngr
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2504091
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3225826
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}

~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Justin\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Justin\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Justin\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Justin\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Users\Justin\AppData\Roaming\microsoft\windows\start menu\programs\browser manager"

~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\Justin\AppData\Roaming\mozilla\firefox\profiles\sv5ouond.default\user.js
Successfully deleted: [File] C:\Users\Justin\AppData\Roaming\mozilla\firefox\profiles\sv5ouond.default\browsermngr_extensions.sqlite
Successfully deleted: [File] C:\Users\Justin\AppData\Roaming\mozilla\firefox\profiles\sv5ouond.default\browsermngr_prefs.js
Successfully deleted: [File] C:\Users\Justin\AppData\Roaming\mozilla\firefox\profiles\sv5ouond.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Justin\AppData\Roaming\mozilla\firefox\profiles\sv5ouond.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Users\Justin\AppData\Roaming\mozilla\firefox\profiles\sv5ouond.default\searchplugins\babylonmngr.xml
Successfully deleted: [File] C:\Users\Justin\AppData\Roaming\mozilla\firefox\profiles\sv5ouond.default\searchplugins\conduit.xml
Successfully deleted: [Folder] C:\Users\Justin\AppData\Roaming\mozilla\firefox\profiles\sv5ouond.default\conduitcommon
Successfully deleted: [Folder] C:\Users\Justin\AppData\Roaming\mozilla\firefox\profiles\sv5ouond.default\smartbar
Successfully deleted the following from C:\Users\Justin\AppData\Roaming\mozilla\firefox\profiles\sv5ouond.default\prefs.js

user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2504091.FirstTime", "true");
user_pref("CT2504091.FirstTimeFF3", "true");
user_pref("CT2504091.UserID", "UN11647306339669683");
user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2504091.autoDisableScopes", -1);
user_pref("CT2504091.cbcountry_001", "US");
user_pref("CT2504091.cbfirsttime", "Tue Jul 31 2012 19:50:21 GMT-0500 (Central Daylight Time)");
user_pref("CT2504091.defaultSearch", "false");
user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT2504091.enableAlerts", "false");
user_pref("CT2504091.enableSearchFromAddressBar", "true");
user_pref("CT2504091.firstTimeDialogOpened", "true");
user_pref("CT2504091.fixPageNotFoundError", "true");
user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2504091.fixUrls", true);
user_pref("CT2504091.installId", "ConduitNSISIntegration");
user_pref("CT2504091.installType", "ConduitNSISIntegration");
user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2504091.isNewTabEnabled", true);
user_pref("CT2504091.isPerformedSmartBarTransition", "true");
user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2504091.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"http:/
user_pref("CT2504091.openThankYouPage", "false");
user_pref("CT2504091.openUninstallPage", "false");
user_pref("CT2504091.search.searchAppId", "129079840422026594");
user_pref("CT2504091.search.searchCount", "0");
user_pref("CT2504091.searchInNewTabEnabledInHidden", "true");
user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2504091\"}");
user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://VuzeRemote.OurToolbar.com//xpi\"}");
user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Vuze Remote\"}");
user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2504091.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1343782217914");
user_pref("CT2504091.serviceLayer_services_appTracking_lastUpdate", "1343782219802");
user_pref("CT2504091.serviceLayer_services_appsMetadata_lastUpdate", "1343782217919");
user_pref("CT2504091.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1343782219526");
user_pref("CT2504091.serviceLayer_services_login_10.10.20.14_lastUpdate", "1343782219867");
user_pref("CT2504091.serviceLayer_services_optimizer_lastUpdate", "1343782218708");
user_pref("CT2504091.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1343782218562");
user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1343782214414");
user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1343782212018");
user_pref("CT2504091.serviceLayer_services_toolbarContextMenu_lastUpdate", "1343782219476");
user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1343782213681");
user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1343782217902");
user_pref("CT2504091.settingsINI", true);
user_pref("CT2504091.shouldFirstTimeDialog", "false");
user_pref("CT2504091.smartbar.CTID", "CT2504091");
user_pref("CT2504091.smartbar.Uninstall", "0");
user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");
user_pref("CT2504091.startPage", "false");
user_pref("CT2504091.toolbarBornServerTime", "1-8-2012");
user_pref("CT2504091.toolbarCurrentServerTime", "1-8-2012");
user_pref("CT2504091.toolbarDisabled", "true");
user_pref("CT2504091.url_history0001", "http://isohunt.com/torrent_details/350725569/sigur+ros+inni?tab=summary:::clickhandler:::1343782518111,,,http://isohunt.com/torrent_det
user_pref("CT3225826..clientLogIsEnabled", false);
user_pref("CT3225826..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT3225826..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT3225826.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT3225826.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
user_pref("CT3225826.BrowserCompStateIsOpen_1482755286787340176", true);
user_pref("CT3225826.CTID", "CT3225826");
user_pref("CT3225826.CurrentServerDate", "30-8-2012");
user_pref("CT3225826.DSInstall", true);
user_pref("CT3225826.DialogsAlignMode", "LTR");
user_pref("CT3225826.DialogsGetterLastCheckTime", "Mon Aug 27 2012 19:09:44 GMT-0500 (Central Daylight Time)");
user_pref("CT3225826.DownloadReferralCookieData", "");
user_pref("CT3225826.FirstServerDate", "19-8-2012");
user_pref("CT3225826.FirstTime", true);
user_pref("CT3225826.FirstTimeFF3", true);
user_pref("CT3225826.FirstTimeHiddenVer", true);
user_pref("CT3225826.FixPageNotFoundErrors", true);
user_pref("CT3225826.GroupingServerCheckInterval", 1440);
user_pref("CT3225826.GroupingServiceUrl", "http://grouping.services.conduit.com/");
user_pref("CT3225826.HPInstall", true);
user_pref("CT3225826.HasUserGlobalKeys", true);
user_pref("CT3225826.HomePageProtectorEnabled", true);
user_pref("CT3225826.HomepageBeforeUnload", "http://search.conduit.com/?ctid=CT3225826&SearchSource=13");
user_pref("CT3225826.Initialize", true);
user_pref("CT3225826.InitializeCommonPrefs", true);
user_pref("CT3225826.InstallationAndCookieDataSentCount", 3);
user_pref("CT3225826.InstallationId", "fft3436.tmp.exe");
user_pref("CT3225826.InstallationType", "XPE");
user_pref("CT3225826.InstalledDate", "Sat Aug 18 2012 19:09:43 GMT-0500 (Central Daylight Time)");
user_pref("CT3225826.IsGrouping", false);
user_pref("CT3225826.IsInitSetupIni", true);
user_pref("CT3225826.IsMulticommunity", false);
user_pref("CT3225826.IsOpenThankYouPage", true);
user_pref("CT3225826.IsOpenUninstallPage", false);
user_pref("CT3225826.IsProtectorsInit", true);
user_pref("CT3225826.LanguagePackLastCheckTime", "Wed Aug 29 2012 17:00:42 GMT-0500 (Central Daylight Time)");
user_pref("CT3225826.LanguagePackReloadIntervalMM", 1440);
user_pref("CT3225826.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
user_pref("CT3225826.LastLogin_3.15.0.0", "Mon Aug 27 2012 20:51:20 GMT-0500 (Central Daylight Time)");
user_pref("CT3225826.LastLogin_3.15.1.0", "Wed Aug 29 2012 17:00:38 GMT-0500 (Central Daylight Time)");
user_pref("CT3225826.LatestVersion", "3.14.1.0");
user_pref("CT3225826.Locale", "en");
user_pref("CT3225826.MCDetectTooltipHeight", "83");
user_pref("CT3225826.MCDetectTooltipUrl", "http://@[email protected]/rank/tooltip/?version=1");
user_pref("CT3225826.MCDetectTooltipWidth", "295");
user_pref("CT3225826.MyStuffEnabledAtInstallation", true);
user_pref("CT3225826.OriginalFirstVersion", "3.15.0.0");
user_pref("CT3225826.SHRINK_TOOLBAR", 1);
user_pref("CT3225826.SavedHomepage", "http://www.yahoo.com/|http://pinterest.com/");
user_pref("CT3225826.SearchCaption", "BitTorrentControl_v12 Customized Web Search");
user_pref("CT3225826.SearchEngineBeforeUnload", "BitTorrentControl_v12 Customized Web Search");
user_pref("CT3225826.SearchFromAddressBarIsInit", true);
user_pref("CT3225826.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3225826&SearchSource=2&q=");
user_pref("CT3225826.SearchInNewTabEnabled", true);
user_pref("CT3225826.SearchInNewTabIntervalMM", 1440);
user_pref("CT3225826.SearchInNewTabLastCheckTime", "Wed Aug 29 2012 17:00:37 GMT-0500 (Central Daylight Time)");
user_pref("CT3225826.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT3225826.SearchProtectorEnabled", true);
user_pref("CT3225826.SearchProtectorToolbarDisabled", false);
user_pref("CT3225826.SendProtectorDataViaLogin", true);
user_pref("CT3225826.ServiceMapLastCheckTime", "Wed Aug 29 2012 17:00:37 GMT-0500 (Central Daylight Time)");
user_pref("CT3225826.SettingsLastCheckTime", "Wed Aug 29 2012 17:00:37 GMT-0500 (Central Daylight Time)");
user_pref("CT3225826.SettingsLastUpdate", "1346240727");
user_pref("CT3225826.TBHomePageUrl", "http://search.conduit.com/?ctid=CT3225826&SearchSource=13");
user_pref("CT3225826.ThirdPartyComponentsInterval", 504);
user_pref("CT3225826.ThirdPartyComponentsLastCheck", "Sat Aug 18 2012 19:09:37 GMT-0500 (Central Daylight Time)");
user_pref("CT3225826.ThirdPartyComponentsLastUpdate", "1331805997");
user_pref("CT3225826.ToolbarShrinkedFromSetup", false);
user_pref("CT3225826.TrusteLinkUrl", "http://trust.conduit.com/CT3225826");
user_pref("CT3225826.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT3225826.UserID", "UN30756846405704996");
user_pref("CT3225826.ValidationData_Toolbar", 0);
user_pref("CT3225826.alertChannelId", "1659193");
user_pref("CT3225826.autoDisableScopes", -1);
user_pref("CT3225826.backendstorage.bt_stats", "7B226C6173745F6C6F67223A313334353333343939302C2275756964223A3135303139393935353130393037362C227365715F6964223A312C22737362223A3
user_pref("CT3225826.backendstorage.cbcountry_001", "5553");
user_pref("CT3225826.backendstorage.cbfirsttime", "5361742041756720313820323031322031393A30393A343920474D542D30353030202843656E7472616C204461796C696768742054696D6529");
user_pref("CT3225826.backendstorage.url_history0001", "687474703A2F2F75732E6D67342E6D61696C2E7961686F6F2E636F6D2F6E656F2F6C61756E6368233A3A3A636C69636B68616E646C65723A3A3A3133
user_pref("CT3225826.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT3225826.globalFirstTimeInfoLastCheckTime", "Sat Aug 18 2012 19:09:44 GMT-0500 (Central Daylight Time)");
user_pref("CT3225826.homepageProtectorEnableByLogin", true);
user_pref("CT3225826.initDone", true);
user_pref("CT3225826.isAppTrackingManagerOn", true);
user_pref("CT3225826.myStuffEnabled", true);
user_pref("CT3225826.myStuffPublihserMinWidth", 400);
user_pref("CT3225826.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT3225826.myStuffServiceIntervalMM", 1440);
user_pref("CT3225826.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT3225826.navigateToUrlOnSearch", false);
user_pref("CT3225826.revertSettingsEnabled", false);
user_pref("CT3225826.searchProtectorDialogDelayInSec", 10);
user_pref("CT3225826.searchProtectorEnableByLogin", true);
user_pref("CT3225826.testingCtid", "");
user_pref("CT3225826.toolbarAppMetaDataLastCheckTime", "Wed Aug 29 2012 17:00:39 GMT-0500 (Central Daylight Time)");
user_pref("CT3225826.toolbarContextMenuLastCheckTime", "Sat Aug 18 2012 19:09:47 GMT-0500 (Central Daylight Time)");
user_pref("CT3225826.usagesFlag", 2);
user_pref("CommunityToolbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT3225826&SearchSource=13");
user_pref("CommunityToolbar.ConduitSearchList", "BitTorrentControl_v12 Customized Web Search");
user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT3225826/CT3225826", "\"affe4f988fe65109775bf184084448032\"");
user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT3225826", "\"1338589081\"");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "C5ZJe6gL80JBW5CuLy+wkg==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "2E1/v7EfCEDbv3VaBQMELg==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "UgzXjW7BIkfdx+x39Ruv3w==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "4BgM4MhF/sOgPsDNmIs3Yw==");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.0.0", "\"0e0a4327275cd1:0\"");
user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT3225826", "\"c912886ea3ba021d3a9ef2d6ad700899\"");
user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=en", "\"dfed7e16778403291867fc5515fa7d93\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Justin\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\sv5ouond.default\\conduitCommon\\modules\\3.15.0.0");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.0.0");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
user_pref("CommunityToolbar.ToolbarsList", "CT3225826");
user_pref("CommunityToolbar.ToolbarsList2", "CT3225826");
user_pref("CommunityToolbar.ToolbarsList4", "CT3225826");
user_pref("CommunityToolbar.globalUserId", "de10ef22-3fae-4a42-bbba-72963697a5bd");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3225826");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Aug 18 2012 19:09:45 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.notifications.alertEnabled", false);
user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Aug 18 2012 19:09:40 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "1905ba1d-c6d4-4eed-8c96-f43121e88ef4");
user_pref("CommunityToolbar.originalHomepage", "http://www.yahoo.com/|http://pinterest.com/");
user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultthis.engineName", "BitTorrentControl_v12 Customized Web Search");
user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3225826&SearchSource=3&q={searchTerms}");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.autoRvrt", "false");
user_pref("extensions.BabylonToolbar.babExt", "");
user_pref("extensions.BabylonToolbar.babTrack", "affID=110790&tt=120912_pcp_3812_4");
user_pref("extensions.BabylonToolbar.bbDpng", "19");
user_pref("extensions.BabylonToolbar.cntry", "US");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.dp_alert", "0");
user_pref("extensions.BabylonToolbar.dpk", "a239ee63432785bc9c5f6d9c56596c52");
user_pref("extensions.BabylonToolbar.envrmnt", "production");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.hdrMd5", "6485C4E5A6BD2F0BCB224E8787FD807B");
user_pref("extensions.BabylonToolbar.hmpg", false);
user_pref("extensions.BabylonToolbar.id", "dcf55bf10000000000000021976ac3d4");
user_pref("extensions.BabylonToolbar.instlDay", "15602");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.isdcmntcmplt", true);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1221:18:40");
user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
user_pref("extensions.BabylonToolbar.newTab", false);
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.sg", "azb");
user_pref("extensions.BabylonToolbar.smplGrp", "azb");
user_pref("extensions.BabylonToolbar.srcExt", "ss");
user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=dcf55bf10000000000000021976ac3d4&q=");
user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1221:18:40");
user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110790&tt=120912_pcp_3812_4");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1221:18:40");
Emptied folder: C:\Users\Justin\AppData\Roaming\mozilla\firefox\profiles\sv5ouond.default\minidumps [120 files]

# AdwCleaner v2.106 - Logfile created 01/17/2013 at 13:59:01
# Updated 17/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Justin - GREENEHOME
# Boot Mode : Normal
# Running from : C:\Users\Justin\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\END
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

***** [Registry] *****

Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\prefs.js

Found : user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT2504091.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FR[...]
Found : user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Found : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3225826.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3225826/CT3225826[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3225826", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3225826",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"dfe[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Justin\\AppData\\Roaming\\Mozilla\\[...]

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4459 octets] - [17/01/2013 13:59:01]

########## EOF - C:\AdwCleaner[R1].txt - [4519 octets] ##########


----------



## eddie5659 (Mar 19, 2001)

I've moved you to the malware forum, as you have a lot there which may be causing the problems. Also, with regards to the startup bit, we'll look at that at the end, once the malware is gone. Its easy enough to remove (the extra entry) 

Can you run the following for me:

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

----------

Please download *aswMBR* ( 4.5MB ) to your desktop.

Double click the *aswMBR.exe* icon, and click *Run*.
When asked if you'd like to "download the latest Avast! virus definitions", click *Yes*.
Click the *Scan* button to start the scan.
On completion of the scan, click the *save log* button, save it to your *desktop*, then copy and paste it in your next reply.

----------

*Delete any copies of Combofix that you have.*

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to justgreene123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

----------

Download *RogueKiller* to your desktop


Quit all running programs 
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe 
Wait until the Pre-scan has finished.
Click on Scan
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe 
Click on Report and copy/paste the contents here.

eddie


----------



## justgreene (Jun 21, 2005)

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-17 16:33:41
-----------------------------
16:33:41.511 OS Version: Windows x64 6.1.7601 Service Pack 1
16:33:41.511 Number of processors: 2 586 0x6B02
16:33:41.511 ComputerName: GREENEHOME UserName: Justin
16:33:43.508 Initialize success
16:39:11.230 AVAST engine defs: 13011701
16:40:17.015 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
16:40:17.015 Disk 0 Vendor: WDC_WD800JB-00CRA1 17.07W17 Size: 76319MB BusType: 3
16:40:17.015 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000057
16:40:17.031 Disk 1 Vendor: SAMSUNG_ WY10 Size: 38146MB BusType: 3
16:40:17.031 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\00000058
16:40:17.031 Disk 2 Vendor: Hitachi_ GM2O Size: 238475MB BusType: 3
16:40:17.047 Disk 2 MBR read successfully
16:40:17.047 Disk 2 MBR scan
16:40:17.062 Disk 2 unknown MBR code
16:40:17.062 Disk 2 Partition 1 00 07 HPFS/NTFS NTFS 226949 MB offset 63
16:40:17.109 Disk 2 Partition 2 80 (A) 07 HPFS/NTFS NTFS 11523 MB offset 464792580
16:40:17.171 Disk 2 scanning C:\Windows\system32\drivers
16:40:30.041 Service scanning
16:41:02.677 Modules scanning
16:41:02.677 Disk 2 trace - called modules:
16:41:02.692 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys 
16:41:02.692 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa800316e630]
16:41:02.692 3 CLASSPNP.SYS[fffff88001b6f43f] -> nt!IofCallDriver -> [0xfffffa8002ee8e40]
16:41:02.692 5 ACPI.sys[fffff88000f7c7a1] -> nt!IofCallDriver -> \Device\00000058[0xfffffa8002edc9c0]
16:41:03.425 AVAST engine scan C:\Windows
16:41:05.079 AVAST engine scan C:\Windows\system32
16:44:46.694 AVAST engine scan C:\Windows\system32\drivers
16:45:01.702 AVAST engine scan C:\Users\Justin
17:06:59.419 AVAST engine scan C:\ProgramData
17:10:13.593 Scan finished successfully
17:28:56.668 Disk 2 MBR has been saved successfully to "C:\Users\Justin\Desktop\MBR.dat"
17:28:56.668 The log file has been saved successfully to "C:\Users\Justin\Desktop\aswMBR.txt"

ComboFix 13-01-17.03 - Justin 01/17/2013 17:32:19.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.1708 [GMT -6:00]
Running from: c:\users\Justin\Desktop\justgreene123.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Justin\AppData\Roaming\vso_ts_preview.xml
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
I:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-12-17 to 2013-01-17 )))))))))))))))))))))))))))))))
.
.
2013-01-17 23:41 . 2013-01-17 23:41	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-17 19:36 . 2013-01-17 19:36	--------	d-----w-	c:\windows\ERUNT
2013-01-17 19:36 . 2013-01-17 19:36	--------	d-----w-	C:\JRT
2013-01-13 17:14 . 2012-12-07 11:20	43520	----a-w-	c:\windows\system32\csrr.rs
2013-01-13 17:10 . 2012-11-23 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2013-01-12 19:38 . 2013-01-12 19:38	--------	d-----w-	C:\Jillian Michaels 30 Day Shred
2013-01-12 04:32 . 2013-01-12 16:31	--------	d-----w-	c:\users\Justin\AppData\Roaming\HandBrake
2013-01-12 04:32 . 2013-01-12 04:32	--------	d-----w-	c:\program files\Handbrake
2013-01-11 23:05 . 2013-01-11 23:05	--------	d-----w-	c:\program files (x86)\trend micro
2013-01-11 23:05 . 2013-01-11 23:05	--------	d-----w-	C:\rsit
2013-01-05 22:11 . 2013-01-05 22:11	--------	d-----w-	C:\Forks Over Knives
2013-01-05 17:33 . 2013-01-05 17:33	--------	d-----w-	C:\Star Wars #5_Empire Strikes Back
2013-01-05 17:32 . 2013-01-05 17:32	--------	d-----w-	C:\New folder
2013-01-02 04:47 . 2013-01-02 04:48	--------	d-----w-	C:\Star Wars #6_Return of the Jedi
2013-01-02 03:48 . 2013-01-02 03:48	--------	d-----w-	C:\Star Wars #3_Revenge of the Sith
2012-12-29 19:24 . 2012-12-29 19:24	--------	d-----w-	c:\users\Justin\AppData\Local\Programs
2012-12-29 18:34 . 2012-12-29 18:34	--------	d-----w-	C:\Star Wars #2_Attack of the Clones
2012-12-29 18:33 . 2012-12-29 18:33	--------	d-----w-	C:\Star Wars #4_ A New Hope
2012-12-28 01:38 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-28 01:38 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-28 01:38 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-28 01:38 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-28 01:37 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-28 01:37 . 2012-11-09 04:42	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-12-28 01:37 . 2012-11-02 05:59	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-12-28 01:37 . 2012-11-02 05:11	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-12-26 22:23 . 2012-12-26 22:23	--------	d-----w-	c:\program files\iPod
2012-12-26 22:22 . 2012-12-26 22:25	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-26 22:22 . 2012-12-26 22:25	--------	d-----w-	c:\program files\iTunes
2012-12-26 22:22 . 2012-12-26 22:25	--------	d-----w-	c:\program files (x86)\iTunes
2012-12-19 21:10 . 2012-12-19 21:10	--------	d-----w-	c:\users\Justin\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-13 17:25 . 2012-07-23 20:57	67599240	----a-w-	c:\windows\system32\MRT.exe
2013-01-08 21:16 . 2012-07-18 18:24	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-08 21:16 . 2012-07-18 18:24	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-30 04:45 . 2013-01-13 17:15	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-29 03:17 . 2012-11-29 03:17	53248	----a-r-	c:\users\Justin\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-10-25 09:12 . 2012-10-25 09:12	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 09:12 . 2012-10-25 09:12	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MusicManager"="c:\users\Justin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-12-10 7416320]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-09-27 296096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-24 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 AVMNgBasM780;AVerMedia M780 Base Driver;c:\windows\system32\DRIVERS\AVerBas.sys [2009-06-11 72448]
S3 AVMNgCapM780;AVerMedia M780 Audio/Video Capture Driver;c:\windows\system32\DRIVERS\AVerCap.sys [2009-06-11 442368]
S3 AVMNgTunM780;AVerMedia M780 TVTuner Driver;c:\windows\system32\DRIVERS\AVerTun.sys [2009-06-11 240768]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech Webcam C260(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 17:11	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 21:16]
.
2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-03 15:15]
.
2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-03 15:15]
.
2013-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2758387876-317494887-4176309356-1000Core.job
- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 22:11]
.
2013-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2758387876-317494887-4176309356-1000UA.job
- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 22:11]
.
2013-01-16 c:\windows\Tasks\ReclaimerUpdateFiles_Justin.job
- c:\users\Justin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2013-01-07 02:18]
.
2013-01-17 c:\windows\Tasks\ReclaimerUpdateXML_Justin.job
- c:\users\Justin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2013-01-07 02:18]
.
2013-01-17 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Justin.job
- c:\users\Justin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2013-01-07 02:18]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/|http://pinterest.com/
FF - ExtSQL: !HIDDEN! 2012-07-18 15:43; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\03\01\003\0aë"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-17 17:55:35
ComboFix-quarantined-files.txt 2013-01-17 23:55
.
Pre-Run: 111,072,378,880 bytes free
Post-Run: 111,553,425,408 bytes free
.
- - End Of File - - 361F460D104AD075B8821AA8E16490AA

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Justin [Admin rights]
Mode : Scan -- Date : 01/17/2013 18:15:25

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] GoogleCrashHandler64.exe -- C:\Users\Justin\AppData\Local\Google\Update\1.3.21.124\GoogleCrashHandler64.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2758387876-317494887-4176309356-1000[...]\Run : MusicManager ("C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> G:\Documents and Settings\Default User\NTUSER.DAT
-> G:\Documents and Settings\Default User.WINNT\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD800JB-00CRA1 ATA Device +++++
--- User ---
[MBR] 3d5d110124dfe06eb809bab87aae75ed
[BSP] 97d9db36bfce9e4069efc8a08c969b65 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD040GJ SCSI Disk Device +++++
--- User ---
[MBR] 7f685e5ac93e2cc82c5e2327e23798b2
[BSP] 46814c9993e85faac0ede0582d5cbc18 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38138 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: Hitachi HDP725025GLA SCSI Disk Device +++++
--- User ---
[MBR] 6b2d842862a4b9155b48563ad6747740
[BSP] 309fdfd200901d3359dd1e035123a213 : HP tatooed MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 226949 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 464792580 | Size: 11523 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: WDC WD50 00AVVS-00ZWB0 USB Device +++++
--- User ---
[MBR] 07886398f5223b638cfda8b3ebd2ffd6
[BSP] 96545aae4c3a8e5d84fbb99372be0652 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_01172013_02d1815.txt >>
RKreport[1]_S_01172013_02d1815.txt


----------



## eddie5659 (Mar 19, 2001)

Thanks 

Now, I know you tried OTL before and it froze, but can you try it again, but this time just press the button for *Quick Scan*. This doesn't need the custom scan, so the box at the bottom will be blank 

See if that runs, and if so, post both logs it creates.

eddie


----------



## justgreene (Jun 21, 2005)

OTL logfile created on: 1/21/2013 11:56:42 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Justin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 44.36% Memory free
5.75 Gb Paging File | 4.09 Gb Available in Paging File | 71.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.63 Gb Total Space | 102.37 Gb Free Space | 46.19% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 14.96 Gb Free Space | 40.17% Space Free | Partition Type: NTFS
Drive E: | 11.25 Gb Total Space | 1.51 Gb Free Space | 13.38% Space Free | Partition Type: NTFS
Drive G: | 74.52 Gb Total Space | 14.28 Gb Free Space | 19.17% Space Free | Partition Type: NTFS
Drive H: | 465.64 Gb Total Space | 113.06 Gb Free Space | 24.28% Space Free | Partition Type: FAT32
Drive I: | 2794.51 Gb Total Space | 2580.27 Gb Free Space | 92.33% Space Free | Partition Type: NTFS

Computer Name: GREENEHOME | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Justin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\libaacdec.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\libid3tag.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\QtGui4.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\QtCore4.dll ()

========== Services (SafeList) ==========

SRV:*64bit:* - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:*64bit:* - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()

========== Driver Services (SafeList) ==========

DRV:*64bit:* - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:*64bit:* - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:*64bit:* - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:*64bit:* - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:*64bit:* - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:*64bit:* - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:*64bit:* - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:*64bit:* - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:*64bit:* - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:*64bit:* - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:*64bit:* - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:*64bit:* - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:*64bit:* - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:*64bit:* - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:*64bit:* - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:*64bit:* - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:*64bit:* - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:*64bit:* - (AVMNgTunM780) -- C:\Windows\SysNative\drivers\AVerTun.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:*64bit:* - (AVMNgCapM780) -- C:\Windows\SysNative\drivers\AVerCap.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:*64bit:* - (AVMNgBasM780) -- C:\Windows\SysNative\drivers\AVerBas.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:*64bit:* - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:*64bit:* - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:*64bit:* - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:*64bit:* - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:*64bit:* - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

IE - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 88 E2 41 07 65 CD 01 [binary data]
IE - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\..\SearchScopes\{1520D774-0ADA-4AA4-9F49-55B6989EADB0}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=16D6C0E9-31A8-46B3-A9E1-DBA5AD0E4BC5&apn_sauid=C4472E1E-7F67-4F2A-8E73-2FCC6F394F23
IE - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_enUS495
IE - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/|http://pinterest.com/"
FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Justin\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Justin\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/18 14:43:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/11 10:31:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/23 16:45:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/09/12 19:53:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/27 11:15:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/08 14:02:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/17 13:38:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/18 14:43:53 | 000,000,000 | ---D | M]

[2012/07/18 11:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions
[2012/10/25 15:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\extensions
[2012/10/25 15:50:51 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\extensions\[email protected]
[2012/12/08 14:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/29 02:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/24 08:43:29 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2012/09/27 11:15:35 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/11/29 02:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/29 02:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.yahoo.com/?fr=fptb-sunm
CHR - default_search_provider: swagbucks.com (Enabled)
CHR - default_search_provider: search_url = http://swagbucks.com/?sfp=h&t=w&p=1&q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.yahoo.com/?fr=fptb-sunm
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.6 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Freemake Video Converter = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: AVG Do Not Track = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/01/17 17:42:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:*64bit:* - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2758387876-317494887-4176309356-1000..\Run: [MusicManager] C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:*64bit:* - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BD735A3-23A0-4C7E-96AA-B48844B33697}: DhcpNameServer = 192.168.10.1
O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\mso-offdap - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/12 12:20:56 | 000,000,000 | -H-- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/02/09 14:59:36 | 000,000,000 | R--D | M] - H:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/18 08:09:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/17 18:14:43 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\RK_Quarantine
[2013/01/17 17:30:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/17 17:30:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/17 17:30:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/17 17:30:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/17 17:30:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/17 16:31:27 | 005,024,203 | R--- | C] (Swearware) -- C:\Users\Justin\Desktop\justgreene123.exe
[2013/01/17 16:26:47 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Justin\Desktop\aswMBR.exe
[2013/01/17 13:36:26 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/17 13:36:06 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/17 13:28:34 | 000,499,213 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Justin\Desktop\JRT.exe
[2013/01/12 13:38:19 | 000,000,000 | ---D | C] -- C:\Jillian Michaels 30 Day Shred
[2013/01/11 22:34:24 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\Movies
[2013/01/11 22:32:38 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\HandBrake
[2013/01/11 22:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013/01/11 22:32:18 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013/01/11 22:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2013/01/11 17:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2013/01/11 17:05:34 | 000,000,000 | ---D | C] -- C:\rsit
[2013/01/10 16:45:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
[2013/01/05 16:11:04 | 000,000,000 | ---D | C] -- C:\Forks Over Knives
[2013/01/05 11:33:35 | 000,000,000 | ---D | C] -- C:\Star Wars #5_Empire Strikes Back
[2013/01/05 11:32:09 | 000,000,000 | ---D | C] -- C:\New folder
[2013/01/01 22:47:49 | 000,000,000 | ---D | C] -- C:\Star Wars #6_Return of the Jedi
[2013/01/01 21:48:14 | 000,000,000 | ---D | C] -- C:\Star Wars #3_Revenge of the Sith
[2012/12/29 13:24:45 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
[2012/12/29 13:24:37 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Programs
[2012/12/29 12:34:07 | 000,000,000 | ---D | C] -- C:\Star Wars #2_Attack of the Clones
[2012/12/29 12:33:09 | 000,000,000 | ---D | C] -- C:\Star Wars #4_ A New Hope
[2012/12/26 16:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/26 16:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/26 16:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/26 16:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/12/26 16:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/12/24 11:08:05 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{B48009A8-22A0-4249-AD52-D718617041E1}
[2012/12/23 20:18:28 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{6E142167-514B-4FF7-9F8D-D95D3E5731FC}
[2012/12/22 17:23:00 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{A0D56A2D-5931-4EB0-9B83-96529D5EDAA7}
[2012/12/22 16:47:03 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\50th anniversary pics
[1 C:\Users\Justin\Desktop\*.tmp files -> C:\Users\Justin\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/21 11:58:48 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/21 11:58:48 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/21 11:56:37 | 107,037,302 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013/01/21 11:54:43 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Justin.job
[2013/01/21 11:50:58 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/21 11:50:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/21 11:50:53 | 2314,055,680 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/20 23:13:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/20 22:27:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2758387876-317494887-4176309356-1000UA.job
[2013/01/20 22:25:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/20 17:31:02 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Justin.job
[2013/01/20 17:12:23 | 000,478,280 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2013/01/20 13:27:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2758387876-317494887-4176309356-1000Core.job
[2013/01/18 23:25:01 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Justin.job
[2013/01/17 17:42:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/17 17:28:56 | 000,000,512 | ---- | M] () -- C:\Users\Justin\Desktop\MBR.dat
[2013/01/17 16:32:06 | 000,764,416 | ---- | M] () -- C:\Users\Justin\Desktop\RogueKiller.exe
[2013/01/17 16:31:27 | 005,024,203 | R--- | M] (Swearware) -- C:\Users\Justin\Desktop\justgreene123.exe
[2013/01/17 16:27:41 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Justin\Desktop\aswMBR.exe
[2013/01/17 16:25:52 | 000,881,914 | ---- | M] () -- C:\Users\Justin\Desktop\SecurityCheck.exe
[2013/01/17 13:30:27 | 000,574,677 | ---- | M] () -- C:\Users\Justin\Desktop\adwcleaner.exe
[2013/01/17 13:28:35 | 000,499,213 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Justin\Desktop\JRT.exe
[2013/01/13 12:39:42 | 000,294,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/13 11:35:57 | 000,785,842 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/13 11:35:57 | 000,668,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/13 11:35:57 | 000,125,022 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/13 11:35:48 | 000,785,842 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/11 22:32:50 | 000,000,977 | ---- | M] () -- C:\Users\Justin\Desktop\Handbrake.lnk
[2013/01/11 17:04:52 | 000,781,383 | ---- | M] () -- C:\Users\Justin\Desktop\RSIT.exe
[2013/01/10 16:45:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
[2013/01/06 21:10:09 | 062,790,379 | ---- | M] () -- C:\Users\Justin\Desktop\2012_ What Brought Us Together.wmv
[2013/01/06 20:29:58 | 054,849,949 | ---- | M] () -- C:\Users\Justin\Desktop\Zeitgeist 2012_ Year In Review.wmv
[2013/01/06 18:01:12 | 002,256,011 | ---- | M] () -- C:\Users\Justin\Desktop\img_0884fi.jpg
[2013/01/04 19:58:40 | 001,979,111 | ---- | M] () -- C:\Users\Justin\Desktop\img_0439a.jpg
[2013/01/02 15:30:38 | 001,385,097 | ---- | M] () -- C:\Users\Justin\Desktop\dsc03841f.jpg
[2013/01/01 21:05:19 | 002,006,771 | ---- | M] () -- C:\Users\Justin\Desktop\dsc03838-1.jpg
[2013/01/01 21:02:15 | 002,108,993 | ---- | M] () -- C:\Users\Justin\Desktop\dsc03839-1.jpg
[2013/01/01 17:53:59 | 000,937,786 | ---- | M] () -- C:\Users\Justin\Desktop\dsc03835f.jpg
[2013/01/01 17:21:06 | 001,182,106 | ---- | M] () -- C:\Users\Justin\Desktop\dsc03823f.jpg
[2013/01/01 17:19:12 | 040,290,697 | ---- | M] () -- C:\Users\Justin\Desktop\dsc03823f.psd
[2012/12/30 21:48:53 | 001,088,612 | ---- | M] () -- C:\Users\Justin\Desktop\dsc03825fix.jpg
[2012/12/30 18:58:04 | 001,579,690 | ---- | M] () -- C:\Users\Justin\Desktop\dsc03811-1.jpg
[2012/12/30 18:41:47 | 001,814,186 | ---- | M] () -- C:\Users\Justin\Desktop\dsc03810-1.jpg
[2012/12/26 16:25:54 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Users\Justin\Desktop\*.tmp files -> C:\Users\Justin\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/17 21:50:08 | 002,257,341 | R--- | C] () -- C:\Users\Justin\Desktop\DSC03573(rev 0).jpg
[2013/01/17 17:30:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/17 17:30:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/17 17:30:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/17 17:30:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/17 17:30:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/17 17:28:56 | 000,000,512 | ---- | C] () -- C:\Users\Justin\Desktop\MBR.dat
[2013/01/17 16:32:03 | 000,764,416 | ---- | C] () -- C:\Users\Justin\Desktop\RogueKiller.exe
[2013/01/17 16:25:52 | 000,881,914 | ---- | C] () -- C:\Users\Justin\Desktop\SecurityCheck.exe
[2013/01/17 13:30:27 | 000,574,677 | ---- | C] () -- C:\Users\Justin\Desktop\adwcleaner.exe
[2013/01/11 22:32:19 | 000,000,977 | ---- | C] () -- C:\Users\Justin\Desktop\Handbrake.lnk
[2013/01/11 17:04:52 | 000,781,383 | ---- | C] () -- C:\Users\Justin\Desktop\RSIT.exe
[2013/01/06 23:19:04 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Justin.job
[2013/01/06 23:19:02 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Justin.job
[2013/01/06 23:19:00 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Justin.job
[2013/01/06 21:02:35 | 062,790,379 | ---- | C] () -- C:\Users\Justin\Desktop\2012_ What Brought Us Together.wmv
[2013/01/06 20:23:44 | 054,849,949 | ---- | C] () -- C:\Users\Justin\Desktop\Zeitgeist 2012_ Year In Review.wmv
[2013/01/06 18:01:08 | 002,256,011 | ---- | C] () -- C:\Users\Justin\Desktop\img_0884fi.jpg
[2013/01/04 19:58:27 | 001,979,111 | ---- | C] () -- C:\Users\Justin\Desktop\img_0439a.jpg
[2013/01/02 15:30:34 | 001,385,097 | ---- | C] () -- C:\Users\Justin\Desktop\dsc03841f.jpg
[2013/01/01 21:05:18 | 002,006,771 | ---- | C] () -- C:\Users\Justin\Desktop\dsc03838-1.jpg
[2013/01/01 21:02:11 | 002,108,993 | ---- | C] () -- C:\Users\Justin\Desktop\dsc03839-1.jpg
[2013/01/01 17:53:56 | 000,937,786 | ---- | C] () -- C:\Users\Justin\Desktop\dsc03835f.jpg
[2013/01/01 17:21:03 | 001,182,106 | ---- | C] () -- C:\Users\Justin\Desktop\dsc03823f.jpg
[2013/01/01 17:19:11 | 040,290,697 | ---- | C] () -- C:\Users\Justin\Desktop\dsc03823f.psd
[2012/12/30 21:48:50 | 001,088,612 | ---- | C] () -- C:\Users\Justin\Desktop\dsc03825fix.jpg
[2012/12/30 18:57:55 | 001,579,690 | ---- | C] () -- C:\Users\Justin\Desktop\dsc03811-1.jpg
[2012/12/30 18:41:44 | 001,814,186 | ---- | C] () -- C:\Users\Justin\Desktop\dsc03810-1.jpg
[2012/12/26 16:25:54 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/08/26 17:11:23 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012/08/26 14:54:48 | 000,000,218 | ---- | C] () -- C:\Users\Justin\.recently-used.xbel
[2012/07/23 15:24:59 | 000,000,226 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\default.rss
[2012/07/18 15:44:30 | 000,000,544 | ---- | C] () -- C:\Windows\_delis32.ini
[2012/07/18 15:14:12 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2012/07/18 14:55:01 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/07/18 14:36:41 | 000,221,311 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/07/18 14:36:41 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/07/18 13:10:00 | 000,785,842 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/18 00:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 00:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 00:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/24 12:39:31 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Ashisoft
[2012/07/22 20:06:30 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\AVG2012
[2012/10/31 20:39:22 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Azureus
[2012/08/29 19:51:37 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\BitTorrent
[2012/07/18 13:43:27 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Caspedia
[2012/07/24 08:43:29 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Catalina Marketing Corp
[2012/08/04 20:51:58 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\com.Shutterfly.ExpressUploader
[2012/09/23 12:21:13 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1
[2012/08/15 15:53:46 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DT
[2013/01/12 10:31:17 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\HandBrake
[2012/11/28 21:17:35 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Leadertech
[2012/12/19 15:10:26 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2012/09/27 11:23:42 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Rovio
[2013/01/20 23:09:17 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Spotify
[2012/12/24 11:42:19 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\uTorrent
[2013/01/11 22:30:09 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Vso

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 1/21/2013 11:56:42 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Justin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 44.36% Memory free
5.75 Gb Paging File | 4.09 Gb Available in Paging File | 71.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.63 Gb Total Space | 102.37 Gb Free Space | 46.19% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 14.96 Gb Free Space | 40.17% Space Free | Partition Type: NTFS
Drive E: | 11.25 Gb Total Space | 1.51 Gb Free Space | 13.38% Space Free | Partition Type: NTFS
Drive G: | 74.52 Gb Total Space | 14.28 Gb Free Space | 19.17% Space Free | Partition Type: NTFS
Drive H: | 465.64 Gb Total Space | 113.06 Gb Free Space | 24.28% Space Free | Partition Type: FAT32
Drive I: | 2794.51 Gb Total Space | 2580.27 Gb Free Space | 92.33% Space Free | Partition Type: NTFS

Computer Name: GREENEHOME | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09CCEC13-5AA6-4180-A9AB-94F3B3F86180}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{14ADBB87-1805-4454-9E27-02F03836682F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{17EC3575-526A-4FA1-B477-9B0853C9B1BB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1A7ACD61-DDB2-48DF-9B33-561F595B92D6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2DFDA813-F85C-4828-A3B3-1BB16E225D9C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3031B0C4-7CE9-4D0B-B0BA-BFACC7275CDA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{34EEB442-02C2-41B5-8E46-0FF3201C93A7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3F9ED72C-FD28-4333-B4DB-D3F207DFD748}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{414FE622-B059-480C-B1C4-C4F0777D3881}" = rport=139 | protocol=6 | dir=out | app=system | 
"{48CAAA6C-03C2-4A84-8B10-218F8C5256D2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4A4E1275-1A9A-41E0-9083-FA6061C60531}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4DB36926-5BCA-45AF-A876-E55A14E0D8E3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4EA455FD-C97E-4CBA-AA83-9A46FAA61311}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5AC6E884-54D9-4CE2-8217-89377E149C4F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{605A6FBC-0073-436E-8500-0DB4D74B2440}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{613E1FB8-D722-4874-A3F4-A053302FC48D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{649A602F-2662-4A15-A6A3-42359E8E5921}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6618FF6E-0AEF-4F6D-8894-F1373FEE57F7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{69D2B217-CE31-479D-A6F9-A8915FF94357}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7E75E7AF-6409-4359-8675-38FB362948DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{821D2D75-608C-4292-B4F6-0288C5865409}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8A9C93DA-2892-4AC5-A2D3-5FA93F760A7A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9EE34A9B-9AF5-436B-8FB8-C3CD4652A5A8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A5F74C5D-6FDF-4A80-901D-0A3C44A6FDCF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A854ABC5-8C72-4F65-9D78-D15E16212DB6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C433C82F-84E1-4E12-897A-1D093A24FC40}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C4F9A8A1-6D46-47A0-A9A7-294B10CF23CF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{C6022E6D-92A5-44F5-BBEE-D7803C671504}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C78E1BC5-F07C-40E5-BB61-4A8E8EDB4BBC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D837B629-0047-44EF-B765-FEA7DFE060EE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DC2B3956-317C-40B1-A06C-3728756B17AB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FB1288CD-DBA3-4BC2-8E28-0620FBF8F74F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FF8DB18B-5DE3-4493-8CDE-B862D7079FDA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AA5114D-9EEC-4448-B4AF-62018C000821}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0AF89F9D-45AF-4703-8BB9-F0E5445A853E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{0B942BD4-F61F-45A2-B255-7A9C43FDBF76}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{0BFCBB60-9730-4FB3-B2A3-E241EA73CBE5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{0C4CC5F8-4A93-44DE-9C6A-F31808582C7B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{23F9D465-5969-4FC1-A78B-A41EFD22C3B4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{276BF708-7CB8-4103-B2D9-C32C74607391}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{287AB2F9-2D48-46A7-94CC-0BD64A88F380}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"{2A637560-135D-4AC0-9E82-9D4851BD08FF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{2B87B1F8-A28A-449D-9394-2AB5CDC8B8E8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{2FF8BA2B-44A2-41B2-A655-5561DB87C0F5}" = protocol=6 | dir=out | app=system | 
"{305D122A-61E5-4FE7-95BD-9E5CB8B45697}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{375AFB04-E709-4DE6-80F1-A321D833D247}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3A1173D6-9374-48CD-B4C6-BD22DE9B6849}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{3C91C4A9-01B2-4472-A075-D003582D9374}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{40077009-9F52-4148-95B0-7A8391ECB880}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 
"{4E789A7C-9B3F-4028-A1EC-0F37449C2FF2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{56AAF3A5-6E1E-47C5-871E-2AAED5753AAD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5A92FA51-15A0-4240-BFF0-B00BC49920C0}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"{5ED8D23D-92AD-4829-BDF6-37E961D7F232}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{69E71B71-8F5D-472C-A7F8-679E8F6FC601}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{6AB73F67-A22D-4AEE-9632-F70E568CCF68}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{6C980BEF-8AAB-444A-8CF5-66FC072F9541}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6EAB6304-254A-4B4D-8A30-7894A24D6C18}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{704CD2F1-7BD8-4466-A0A0-B664CC37E25E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{76AF8766-9097-40D7-9685-216C0E9B3C69}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{80074BBC-BF72-413E-B105-68865B611242}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{81582505-D847-468E-9087-61A6598FA98D}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{84BD62E4-491D-484D-92D1-FA80959EC8A1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8635F429-01C9-443B-8997-25757E6C4571}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{8A6049E3-7F63-472D-ABBF-77D423BB976A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{929777B4-79F7-4D6B-A062-61624673887E}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{92B325CD-D688-4CDD-8A82-438D36E941C6}" = protocol=1 | dir=in | [email protected],-28543 | 
"{937DA686-B92D-4BF9-85D4-AAEF32BAD2D3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{95CD26E3-2EB2-4B5D-AE1D-5A6F6A2FCCCD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{96946CF8-C7B2-4A42-BE11-8F6A0287288E}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{973ECD21-D388-4CE2-809E-4D6321CA948A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{97C6EB43-776A-4537-A482-90D349DB436A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{985E3B12-A72A-4262-A056-32E1B6653241}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9CD2F23B-9743-4B20-A3CD-0E3990B29D89}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{9F6021DD-C5EA-41C9-ABD5-766C15C785C8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{A449BEEF-8A34-4254-B677-1997F8908738}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{A6779067-02DC-4D6E-866C-2B3C502AB98C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AC7D5597-8221-4E65-B8D8-933C242A27FB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{B2352622-5F31-4E6A-A4A3-1C9D08051931}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{B8C93D84-7B77-41B1-A97C-24412AEAF37C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{C10A57EA-9063-4807-8DE3-46D17612771F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{C390AB56-6868-48ED-A49D-4ADCD04AE205}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C4FBD359-B551-4008-BDBD-19EC0E2CB2CD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C76298FF-A2EF-46CC-8801-82D67727B191}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{CBF9F6AE-4D79-4101-AA73-7B773CB34A41}" = protocol=58 | dir=in | [email protected],-28545 | 
"{CD5A1A20-C4F2-4BDE-8DA9-5AF57B611BE6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{D04FC03D-ADEB-46A5-AF6C-50F2885CDE72}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{D231546A-E3A6-4578-877A-BAAE41990AC6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D37701E0-35E6-4D5C-9290-2F119293FB69}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{D4ECA777-F191-43B3-B87B-E927E6370D18}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D8FB095F-692B-4A0F-BDF9-3016F9A814D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E0F0526C-B7A0-4771-911B-11A1C6C3737F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E1CF170A-36F5-49C9-8A09-A183027B0AAD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{E22991C0-5474-4C95-8825-63CBA3BA8923}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{E45596C0-3F2E-49F8-BC45-5FE2B7867B90}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{EB5E070B-B3FC-482F-BE7D-855F045100D1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{F0F34212-A7E7-4AEF-88AE-E8385B254C53}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{F25F4CF5-B698-40A7-B9D5-7F3CC75C7C4A}" = protocol=1 | dir=out | [email protected],-28544 | 
"{F7FDF85D-DFD9-49B5-9BA9-03F968DE5B5B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{F81480B1-5768-4F47-800D-8F4FE93E17D2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{F9C11E12-6B0E-4095-900D-C1E9596DDF4E}" = protocol=58 | dir=out | [email protected],-28546 | 
"{FCEA43AD-4FD2-4104-AA19-F3F453C4FCE7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{97378435-4949-4795-9613-B97CAD6DC05C}C:\users\justin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\justin\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{EC1D6FA6-293A-492E-B1C9-3826B9839F96}C:\users\justin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\justin\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{2CCC9425-AA73-4045-91D1-A953E6B3D4DB}C:\users\justin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\justin\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{AAA3E241-A8E7-4123-B0AE-CAC91A247ABA}C:\users\justin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\justin\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_Pro9000_II_series" = Canon Pro9000 II series Printer Driver
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{70AD2848-D236-459A-BF18-BF8E063D7BB2}" = AVG 2012
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055C7B5D-B655-495D-BC4B-787994519AAA}" = Creative Memories Memory Manager 3
"{0670E1C9-84EF-4C85-B030-CF0A5A76B212}_is1" = Duplicate Finder
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CE0711D-A5E3-4E98-B3C0-0227A5E000CA}" = Angry Birds
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{114AA498-39E6-4229-94DB-1E3777C2F486}" = Memory Manager 3 Service Update
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a307955-41b3-4253-9c56-a9f10b7c812d}" = Nero 9
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2E87F4AB-99BF-421C-AF7B-365A9C08549A}" = F300
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63688C0C-441B-B09B-97A3-B059D79A84F7}" = Shutterfly Express Uploader
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{88E14CA9-C418-21F9-223B-5405979A03E9}" = Zoodles
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B01DD1A4-F4E1-4CE7-AB6E-3168C5BD5D30}" = 3DVIA player 5.0.0.20
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DDF9EE-C67F-368B-EB42-ECB44FD7556D}" = Adobe Photoshop.com Inspiration Browser
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Canon Easy-PhotoPrint Pro - PRO-1 series Extention Data" = Canon Easy-PhotoPrint Pro - PRO-1 series Extention Data
"Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
"Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
"Canon Pro9000 Mark II series User Registration" = Canon Pro9000 Mark II series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1" = Zoodles
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro
"Freemake Video Converter_is1" = Freemake Video Converter version 3.1.1
"HandBrake" = HandBrake 0.9.8
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"RealPlayer 15.0" = RealPlayer
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Google Chrome" = Google Chrome
"MusicManager" = Music Manager
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/17/2013 3:57:13 PM | Computer Name = Greenehome | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file
"" on line . A component version required by the application conflicts with another
component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 1/17/2013 5:21:13 PM | Computer Name = Greenehome | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file
"" on line . A component version required by the application conflicts with another
component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 1/18/2013 11:33:40 AM | Computer Name = Greenehome | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file
"" on line . A component version required by the application conflicts with another
component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 1/20/2013 5:25:02 PM | Computer Name = Greenehome | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file
"" on line . A component version required by the application conflicts with another
component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]
Error - 1/17/2013 7:30:09 PM | Computer Name = Greenehome | Source = Service Control Manager | ID = 7034
Description = The hpqcxs08 service terminated unexpectedly. It has done this 1 
time(s).

Error - 1/17/2013 7:30:09 PM | Computer Name = Greenehome | Source = Service Control Manager | ID = 7034
Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/17/2013 7:35:14 PM | Computer Name = Greenehome | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 1/17/2013 7:38:43 PM | Computer Name = Greenehome | Source = Application Popup | ID = 1060
Description = \??\C:\justgreene123\catchme.sys has been blocked from loading due
to incompatibility with this system. Please contact your software vendor for a 
compatible version of the driver.

Error - 1/17/2013 7:42:13 PM | Computer Name = Greenehome | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 1/21/2013 1:51:29 PM | Computer Name = Greenehome | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Live ID Sign-in Assistant service to connect.

Error - 1/21/2013 1:51:29 PM | Computer Name = Greenehome | Source = Service Control Manager | ID = 7000
Description = The Windows Live ID Sign-in Assistant service failed to start due 
to the following error: %%1053

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Thanks 

Okay, not sure if you ran it and forgot the log, but can you run this for me:

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

Then, can you run this scan for me:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:folderfind
*Vuze*
*Conduit*
*Bittorrent*
*babylon*
*browsermngr*
*pricegong*
*smartbar*
*datamngr*
*websearch*
*ask.com*
:filefind
*Vuze*.*
*Conduit*.*
*Bittorrent*.*
*babylon*.*
*browsermngr*.*
*pricegong*.*
*smartbar*.*
*datamngr*.*
*websearch*.*
*ask.com*.*
:regfind
Vuze
Conduit
Bittorrent
babylon
browsermngr
pricegong
smartbar
datamngr
websearch
ask.com
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

eddie


----------



## justgreene (Jun 21, 2005)

SystemLook 30.07.11 by jpshortstuff
Log created at 18:02 on 28/01/2013 by Justin
Administrator - Elevation successful

========== folderfind ==========

Searching for "*Vuze*"
C:\Users\Justin\Documents\Vuze Downloads	d------	[00:57 01/08/2012]

Searching for "*Conduit*"
No folders found.

Searching for "*Bittorrent*"
C:\Users\Justin\AppData\Roaming\BitTorrent	d------	[00:06 19/08/2012]

Searching for "*babylon*"
No folders found.

Searching for "*browsermngr*"
No folders found.

Searching for "*pricegong*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*websearch*"
No folders found.

Searching for "*ask.com*"
No folders found.

========== filefind ==========

Searching for "*Vuze*.*"
C:\Users\Justin\AppData\Roaming\Azureus\subs\38B243FB0DC547409457.vuze	--a---- 2524 bytes	[22:09 01/08/2012]	[22:09 01/08/2012] 39A0143B28C559D59859928BAAE19294
C:\Users\Justin\AppData\Roaming\Azureus\subs\761B7C2ECF471C5C3602.vuze	--a---- 2572 bytes	[02:16 18/08/2012]	[02:16 18/08/2012] 2ECF0455950BC21D42610CD32A6D0D5B
C:\Users\Justin\AppData\Roaming\Azureus\subs\7BAD528868BCF5F7A39D.vuze	--a---- 2606 bytes	[02:16 18/08/2012]	[02:16 18/08/2012] 9C348E05C09E9576FAC3F3A7928DB66F
C:\Users\Justin\Downloads\Vuze_Installer.exe	--a---- 9250272 bytes	[00:48 01/08/2012]	[00:49 01/08/2012] BCD259F5F3035FC753F16F9582996C0B

Searching for "*Conduit*.*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll	--a---- 1206160 bytes	[04:32 10/08/2012]	[04:32 10/08/2012] 309B2B1B22EE841E49F62C7A6FB55E46
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT2504091\toolbarImages\http___storage_conduit_com_91_250_CT2504091_Images_633802669919925000.gif	--a---- 628 bytes	[00:50 01/08/2012]	[00:50 01/08/2012] 8EFCD7BBB062F42761BEADD37901E10E
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT2504091\toolbarImages\http___storage_conduit_com_91_250_CT2504091_Images_633820122725725000.gif	--a---- 687 bytes	[00:50 01/08/2012]	[00:50 01/08/2012] E0FB2A47746473BC7BBA5449EF7CBFB8
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT2504091\toolbarImages\http___storage_conduit_com_91_250_CT2504091_Images_633995607281715000.gif	--a---- 91 bytes	[00:50 01/08/2012]	[00:50 01/08/2012] FE6B8ECECAB3CD9DF92678AA1E818FA9
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT2504091\toolbarImages\http___storage_conduit_com_91_250_CT2504091_Images_634001364341241250.png	--a---- 1860 bytes	[00:50 01/08/2012]	[00:50 01/08/2012] 1BFD931E9D5074625A49AD8B991DDE73
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT2504091\toolbarImages\http___storage_conduit_com_91_250_CT2504091_Images_Rss_xml-4-rssIcons-633590057687175000.gif	--a---- 425 bytes	[00:50 01/08/2012]	[00:50 01/08/2012] 3BB3646E10E49B85A2BE492420E59EA1
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT2504091\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif	--a---- 322 bytes	[00:50 01/08/2012]	[00:50 01/08/2012] 948781E4B6478290050ECA4423B89B1E

Searching for "*Bittorrent*.*"
C:\Users\Justin\Downloads\BitTorrent3.exe	--a---- 6156696 bytes	[00:06 19/08/2012]	[00:06 19/08/2012] EEB79716A46F63A1E6AAC22459BDEFF2

Searching for "*babylon*.*"
No files found.

Searching for "*browsermngr*.*"
C:\JRT\browsermngr_keys.cfg	--a---- 128 bytes	[19:36 17/01/2013]	[16:27 07/12/2012] A3A4E3D63270943A96BCC3BB0805BDEB
C:\JRT\browsermngr_values.cfg	--a---- 94 bytes	[19:36 17/01/2013]	[11:32 08/12/2012] F122E40C356FD4504242D61607063949
C:\JRT\FFbrowsermngr.dat	--a---- 119 bytes	[19:36 17/01/2013]	[16:27 07/12/2012] 3B95732A1F2A804A6390BAB62B1DD1DB
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\BrowserMngr Web Data	--a---- 962560 bytes	[02:19 19/09/2012]	[02:53 20/09/2012] 580BCAC8630BA8E8014FB4900FC88809
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\browsermngrpreferences	--a---- 275915 bytes	[02:19 19/09/2012]	[01:33 20/09/2012] EA1A92F5732C0FA946CF979928BB0393

Searching for "*pricegong*.*"
No files found.

Searching for "*smartbar*.*"
No files found.

Searching for "*datamngr*.*"
No files found.

Searching for "*websearch*.*"
C:\Users\Justin\AppData\Local\Amazon\Kindle\acw\websearch.acx	--a---- 5652 bytes	[13:14 03/05/2012]	[13:14 03/05/2012] B2CAF248AF8E1BFA7758730A28A5B122

Searching for "*ask.com*.*"
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage	--a---- 3072 bytes	[21:54 12/01/2013]	[21:54 12/01/2013] F4256E8DBEFBEB15EDE8C8F34AFF418B
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal	--a---- 3608 bytes	[21:54 12/01/2013]	[21:54 12/01/2013] F0E815C1129CFCAF47BE9403301C7C24

========== regfind ==========

Searching for "Vuze"
[HKEY_CURRENT_USER\Software\Classes\.vuze]
[HKEY_CURRENT_USER\Software\Classes\.vuze]
@="Vuze"
[HKEY_CURRENT_USER\Software\Classes\.vuze]
"Content Type"="application/x-vuze"
[HKEY_CURRENT_USER\Software\Classes\Azureus]
@="Vuze Download"
[HKEY_CURRENT_USER\Software\Classes\Azureus\DefaultIcon]
@="C:\Program Files (x86)\Vuze\Azureus.exe,0"
[HKEY_CURRENT_USER\Software\Classes\Azureus\shell\open\command]
@=""C:\Program Files (x86)\Vuze\Azureus.exe" "%1""
[HKEY_CURRENT_USER\Software\Classes\BC\DefaultIcon]
@="C:\Program Files (x86)\Vuze\Azureus.exe,0"
[HKEY_CURRENT_USER\Software\Classes\BC\shell\open\command]
@=""C:\Program Files (x86)\Vuze\Azureus.exe" "%1""
[HKEY_CURRENT_USER\Software\Classes\BCTP\DefaultIcon]
@="C:\Program Files (x86)\Vuze\Azureus.exe,0"
[HKEY_CURRENT_USER\Software\Classes\BCTP\shell\open\command]
@=""C:\Program Files (x86)\Vuze\Azureus.exe" "%1""
[HKEY_CURRENT_USER\Software\Classes\DHT\DefaultIcon]
@="C:\Program Files (x86)\Vuze\Azureus.exe,0"
[HKEY_CURRENT_USER\Software\Classes\DHT\shell\open\command]
@=""C:\Program Files (x86)\Vuze\Azureus.exe" "%1""
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-vuze]
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-vuze]
"Extension"=".vuze"
[HKEY_CURRENT_USER\Software\Classes\Vuze]
[HKEY_CURRENT_USER\Software\Classes\Vuze]
@="Vuze File"
[HKEY_CURRENT_USER\Software\Classes\Vuze]
"Content Type"="application/x-vuze"
[HKEY_CURRENT_USER\Software\Classes\Vuze\DefaultIcon]
@="C:\Program Files (x86)\Vuze\Azureus.exe,0"
[HKEY_CURRENT_USER\Software\Classes\Vuze\shell\open\command]
@=""C:\Program Files (x86)\Vuze\Azureus.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vuze]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vuze]
@="Vuze"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Azureus]
@="Vuze Download"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Azureus\DefaultIcon]
@="C:\Program Files (x86)\Vuze\Azureus.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Azureus\shell\open\command]
@=""C:\Program Files (x86)\Vuze\Azureus.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BC\DefaultIcon]
@="C:\Program Files (x86)\Vuze\Azureus.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BC\shell\open\command]
@=""C:\Program Files (x86)\Vuze\Azureus.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BCTP\DefaultIcon]
@="C:\Program Files (x86)\Vuze\Azureus.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BCTP\shell\open\command]
@=""C:\Program Files (x86)\Vuze\Azureus.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DHT\DefaultIcon]
@="C:\Program Files (x86)\Vuze\Azureus.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DHT\shell\open\command]
@=""C:\Program Files (x86)\Vuze\Azureus.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vuze]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vuze]
"Extension"=".vuze"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Vuze]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Vuze]
@="Vuze File"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Vuze\DefaultIcon]
@="C:\Program Files (x86)\Vuze\Azureus.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Vuze\shell\open\command]
@=""C:\Program Files (x86)\Vuze\Azureus.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\magnet\Handlers\Azureus]
"DefaultIcon"=""C:\Program Files (x86)\Vuze\Azureus.exe,0""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\magnet\Handlers\Azureus]
"Description"="Download with Vuze (formerly Azureus)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\magnet\Handlers\Azureus]
"ShellExecute"=""C:\Program Files (x86)\Vuze\Azureus.exe" %URL"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A449BEEF-8A34-4254-B677-1997F8908738}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Vuze\Azureus.exe|Name=Azureus / Vuze|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{929777B4-79F7-4D6B-A062-61624673887E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Vuze\Azureus.exe|Name=Azureus / Vuze|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A449BEEF-8A34-4254-B677-1997F8908738}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Vuze\Azureus.exe|Name=Azureus / Vuze|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{929777B4-79F7-4D6B-A062-61624673887E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Vuze\Azureus.exe|Name=Azureus / Vuze|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A449BEEF-8A34-4254-B677-1997F8908738}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Vuze\Azureus.exe|Name=Azureus / Vuze|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{929777B4-79F7-4D6B-A062-61624673887E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Vuze\Azureus.exe|Name=Azureus / Vuze|"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\.vuze]
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\.vuze]
@="Vuze"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\.vuze]
"Content Type"="application/x-vuze"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\Azureus]
@="Vuze Download"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\Azureus\DefaultIcon]
@="C:\Program Files (x86)\Vuze\Azureus.exe,0"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\Azureus\shell\open\command]
@=""C:\Program Files (x86)\Vuze\Azureus.exe" "%1""
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\BC\DefaultIcon]
@="C:\Program Files (x86)\Vuze\Azureus.exe,0"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\BC\shell\open\command]
@=""C:\Program Files (x86)\Vuze\Azureus.exe" "%1""
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\BCTP\DefaultIcon]
@="C:\Program Files (x86)\Vuze\Azureus.exe,0"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\BCTP\shell\open\command]
@=""C:\Program Files (x86)\Vuze\Azureus.exe" "%1""
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\DHT\DefaultIcon]
@="C:\Program Files (x86)\Vuze\Azureus.exe,0"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\DHT\shell\open\command]
@=""C:\Program Files (x86)\Vuze\Azureus.exe" "%1""
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\MIME\Database\Content Type\application/x-vuze]
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\MIME\Database\Content Type\application/x-vuze]
"Extension"=".vuze"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\Vuze]
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\Vuze]
@="Vuze File"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\Vuze]
"Content Type"="application/x-vuze"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\Vuze\DefaultIcon]
@="C:\Program Files (x86)\Vuze\Azureus.exe,0"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\Vuze\shell\open\command]
@=""C:\Program Files (x86)\Vuze\Azureus.exe" "%1""
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\.vuze]
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\.vuze]
@="Vuze"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\.vuze]
"Content Type"="application/x-vuze"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\Azureus]
@="Vuze Download"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\Azureus\DefaultIcon]
@="C:\Program Files (x86)\Vuze\Azureus.exe,0"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\Azureus\shell\open\command]
@=""C:\Program Files (x86)\Vuze\Azureus.exe" "%1""
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\BC\DefaultIcon]
@="C:\Program Files (x86)\Vuze\Azureus.exe,0"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\BC\shell\open\command]
@=""C:\Program Files (x86)\Vuze\Azureus.exe" "%1""
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\BCTP\DefaultIcon]
@="C:\Program Files (x86)\Vuze\Azureus.exe,0"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\BCTP\shell\open\command]
@=""C:\Program Files (x86)\Vuze\Azureus.exe" "%1""
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\DHT\DefaultIcon]
@="C:\Program Files (x86)\Vuze\Azureus.exe,0"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\DHT\shell\open\command]
@=""C:\Program Files (x86)\Vuze\Azureus.exe" "%1""
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\MIME\Database\Content Type\application/x-vuze]
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\MIME\Database\Content Type\application/x-vuze]
"Extension"=".vuze"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\Vuze]
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\Vuze]
@="Vuze File"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\Vuze]
"Content Type"="application/x-vuze"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\Vuze\DefaultIcon]
@="C:\Program Files (x86)\Vuze\Azureus.exe,0"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\Vuze\shell\open\command]
@=""C:\Program Files (x86)\Vuze\Azureus.exe" "%1""

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"AE48807DEC2E935419BD7466CCE1F5F5"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\AE48807DEC2E935419BD7466CCE1F5F5]
"File"="iSyncConduit.dll"

Searching for "Bittorrent"
[HKEY_CURRENT_USER\Software\BitTorrent]
[HKEY_CURRENT_USER\Software\Classes\.btapp]
"Content Type"="application/x-bittorrent-app"
[HKEY_CURRENT_USER\Software\Classes\.btinstall]
"Content Type"="application/x-bittorrent-appinst"
[HKEY_CURRENT_USER\Software\Classes\.btkey]
"Content Type"="application/x-bittorrent-key"
[HKEY_CURRENT_USER\Software\Classes\.btsearch]
"Content Type"="application/x-bittorrentsearchdescription+xml"
[HKEY_CURRENT_USER\Software\Classes\.btsearch\OpenWithProgids]
"BitTorrent"=""
[HKEY_CURRENT_USER\Software\Classes\.btskin]
"Content Type"="application/x-bittorrent-skin"
[HKEY_CURRENT_USER\Software\Classes\.torrent]
"Content Type"="application/x-bittorrent"
[HKEY_CURRENT_USER\Software\Classes\.torrent\OpenWithProgids]
"BitTorrent"=""
[HKEY_CURRENT_USER\Software\Classes\Applications\BitTorrent.exe]
[HKEY_CURRENT_USER\Software\Classes\Applications\BitTorrent.exe\shell\open\command]
@=""C:\Program Files (x86)\BitTorrent\BitTorrent.exe" "%1""
[HKEY_CURRENT_USER\Software\Classes\Azureus]
"Content Type"="application/x-bittorrent"
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent]
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-app]
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst]
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-key]
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-skin]
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
[HKEY_CURRENT_USER\Software\Classes\uTorrent\Content Type]
@="application/x-bittorrent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-app]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-key]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-skin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent3_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent3_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASMANCS]
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\BitTorrent]
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\.btapp]
"Content Type"="application/x-bittorrent-app"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\.btinstall]
"Content Type"="application/x-bittorrent-appinst"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\.btkey]
"Content Type"="application/x-bittorrent-key"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\.btsearch]
"Content Type"="application/x-bittorrentsearchdescription+xml"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\.btsearch\OpenWithProgids]
"BitTorrent"=""
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\.btskin]
"Content Type"="application/x-bittorrent-skin"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\.torrent]
"Content Type"="application/x-bittorrent"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\.torrent\OpenWithProgids]
"BitTorrent"=""
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\Applications\BitTorrent.exe]
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\Applications\BitTorrent.exe\shell\open\command]
@=""C:\Program Files (x86)\BitTorrent\BitTorrent.exe" "%1""
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\Azureus]
"Content Type"="application/x-bittorrent"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent]
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-app]
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst]
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-key]
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-skin]
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Classes\uTorrent\Content Type]
@="application/x-bittorrent"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\.btapp]
"Content Type"="application/x-bittorrent-app"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\.btinstall]
"Content Type"="application/x-bittorrent-appinst"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\.btkey]
"Content Type"="application/x-bittorrent-key"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\.btsearch]
"Content Type"="application/x-bittorrentsearchdescription+xml"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\.btsearch\OpenWithProgids]
"BitTorrent"=""
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\.btskin]
"Content Type"="application/x-bittorrent-skin"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\.torrent]
"Content Type"="application/x-bittorrent"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\.torrent\OpenWithProgids]
"BitTorrent"=""
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\Applications\BitTorrent.exe]
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\Applications\BitTorrent.exe\shell\open\command]
@=""C:\Program Files (x86)\BitTorrent\BitTorrent.exe" "%1""
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\Azureus]
"Content Type"="application/x-bittorrent"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\MIME\Database\Content Type\application/x-bittorrent]
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-app]
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-appinst]
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-key]
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-skin]
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000_Classes\uTorrent\Content Type]
@="application/x-bittorrent"

Searching for "babylon"
No data found.

Searching for "browsermngr"
No data found.

Searching for "pricegong"
No data found.

Searching for "smartbar"
No data found.

Searching for "datamngr"
[HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr]
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\DataMngr_Toolbar]

Searching for "websearch"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1520D774-0ADA-4AA4-9F49-55B6989EADB0}]
"URL"="http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=16D6C0E9-31A8-46B3-A9E1-DBA5AD0E4BC5&apn_sauid=C4472E1E-7F67-4F2A-8E73-2FCC6F394F23"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1520D774-0ADA-4AA4-9F49-55B6989EADB0}]
"URL"="http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=16D6C0E9-31A8-46B3-A9E1-DBA5AD0E4BC5&apn_sauid=C4472E1E-7F67-4F2A-8E73-2FCC6F394F23"

Searching for "ask.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1520D774-0ADA-4AA4-9F49-55B6989EADB0}]
"URL"="http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=16D6C0E9-31A8-46B3-A9E1-DBA5AD0E4BC5&apn_sauid=C4472E1E-7F67-4F2A-8E73-2FCC6F394F23"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1520D774-0ADA-4AA4-9F49-55B6989EADB0}]
"FaviconURL"="http://www.ask.com/favicon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1520D774-0ADA-4AA4-9F49-55B6989EADB0}]
"URL"="http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=16D6C0E9-31A8-46B3-A9E1-DBA5AD0E4BC5&apn_sauid=C4472E1E-7F67-4F2A-8E73-2FCC6F394F23"
[HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1520D774-0ADA-4AA4-9F49-55B6989EADB0}]
"FaviconURL"="http://www.ask.com/favicon.ico"

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Thanks 

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
IE - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\..\SearchScopes\{1520D774-0ADA-4AA4-9F49-55B6989EADB0}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_ dtid=OSJ000&apn_uid=16D6C0E9-31A8-46B3-A9E1-DBA5AD0E4BC5&apn_sauid=C4472E1E-7F67-4F2A-8E73-2FCC6F394F23
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/np-cwmp.dll
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[1 C:\Users\Justin\Desktop\*.tmp files -> C:\Users\Justin\Desktop\*.tmp -> ]
:Reg
[-HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr]
[-HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\DataMngr_Toolbar]
:Files
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT2504091\toolbarImages\http___storage_conduit_com_91_250_CT2504091_Images_633802669919925000.gif
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT2504091\toolbarImages\http___storage_conduit_com_91_250_CT2504091_Images_633820122725725000.gif
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT2504091\toolbarImages\http___storage_conduit_com_91_250_CT2504091_Images_633995607281715000.gif
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT2504091\toolbarImages\http___storage_conduit_com_91_250_CT2504091_Images_634001364341241250.png
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT2504091\toolbarImages\http___storage_conduit_com_91_250_CT2504091_Images_Rss_xml-4-rssIcons-633590057687175000.gif
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT2504091\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\BrowserMngr Web Data
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\browsermngrpreferences
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal
ipconfig /flushdns /c
:Commands 
[purity] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

eddie


----------



## justgreene (Jun 21, 2005)

I did the scan and the computer did a reboot. but there is no report to post...at least I can't find it.


----------



## eddie5659 (Mar 19, 2001)

Oki doki, we'll check them later on, but I'm pretty sure its all gone. Happens now and then 

Can you do this for me:

*Delete any copies of Combofix that you have.*

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:



> RegLock::
> [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
> [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
> [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
> ...


Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

eddie


----------



## justgreene (Jun 21, 2005)

ComboFix 13-02-03.03 - Justin 02/03/2013 14:16:16.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.1910 [GMT -6:00]
Running from: c:\users\Justin\Desktop\justgreene124.exe
Command switches used :: c:\users\Justin\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected 
Restored copy from - c:\windows\erdnt\cache64\services.exe 
.
.
((((((((((((((((((((((((( Files Created from 2013-01-03 to 2013-02-03 )))))))))))))))))))))))))))))))
.
.
2013-02-03 20:24 . 2013-02-03 20:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-31 00:59 . 2013-01-31 00:59	--------	d-----w-	C:\_OTL
2013-01-30 20:12 . 2013-01-30 20:12	--------	d-----w-	c:\users\Default\AppData\Roaming\TuneUp Software
2013-01-24 20:40 . 2013-01-31 22:26	--------	d-----w-	c:\program files (x86)\Common Files\Symantec Shared
2013-01-24 04:00 . 2013-01-24 04:00	--------	d-----w-	c:\users\Justin\AppData\Local\AVG SafeGuard toolbar
2013-01-24 03:59 . 2013-01-24 03:59	--------	d-----w-	c:\programdata\AVG Security Toolbar
2013-01-24 03:59 . 2013-01-24 03:59	--------	d-----w-	c:\programdata\AVG SafeGuard toolbar
2013-01-24 03:59 . 2013-01-24 03:59	37720	----a-w-	c:\windows\system32\drivers\avgtpx64.sys
2013-01-24 03:59 . 2013-01-24 03:59	--------	d-----w-	c:\program files (x86)\Common Files\AVG Secure Search
2013-01-24 03:59 . 2013-01-24 03:59	--------	d-----w-	c:\program files (x86)\AVG SafeGuard toolbar
2013-01-23 23:44 . 2013-01-23 23:44	--------	d-----w-	c:\programdata\Symantec
2013-01-23 23:44 . 2013-01-23 23:44	--------	d-----w-	c:\windows\system32\drivers\NSSx64
2013-01-23 23:44 . 2013-01-23 23:44	--------	d-----w-	c:\program files (x86)\Norton Security Scan
2013-01-23 23:44 . 2013-01-23 23:44	--------	d-----w-	c:\programdata\Norton
2013-01-23 23:44 . 2013-01-23 23:44	--------	d-----w-	c:\program files (x86)\NortonInstaller
2013-01-23 22:49 . 2013-01-23 22:49	--------	d-----w-	c:\users\Justin\AppData\Roaming\RealNetworks
2013-01-23 22:44 . 2013-01-23 22:44	--------	d-----w-	c:\program files (x86)\RealNetworks
2013-01-23 22:44 . 2013-01-23 22:44	--------	d-----w-	c:\programdata\RealNetworks
2013-01-23 22:43 . 2013-01-23 22:43	--------	d-----w-	c:\program files (x86)\Common Files\xing shared
2013-01-23 22:43 . 2013-01-23 22:43	153296	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2013-01-23 22:43 . 2013-01-23 22:43	124056	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2013-01-23 22:43 . 2013-01-23 22:43	499712	----a-w-	c:\windows\SysWow64\msvcp71.dll
2013-01-23 22:43 . 2013-01-23 22:43	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2013-01-23 22:41 . 2013-01-23 22:41	--------	d-----w-	c:\users\Justin\AppData\Local\Real
2013-01-22 23:10 . 2013-01-22 23:12	--------	d-----w-	c:\programdata\AVG January 2013 Campaign
2013-01-17 19:36 . 2013-01-17 19:36	--------	d-----w-	c:\windows\ERUNT
2013-01-17 19:36 . 2013-01-17 19:36	--------	d-----w-	C:\JRT
2013-01-13 17:14 . 2012-12-07 11:20	43520	----a-w-	c:\windows\system32\csrr.rs
2013-01-13 17:10 . 2012-11-23 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2013-01-12 19:38 . 2013-01-12 19:38	--------	d-----w-	C:\Jillian Michaels 30 Day Shred
2013-01-12 04:32 . 2013-01-12 16:31	--------	d-----w-	c:\users\Justin\AppData\Roaming\HandBrake
2013-01-12 04:32 . 2013-01-12 04:32	--------	d-----w-	c:\program files\Handbrake
2013-01-11 23:05 . 2013-01-11 23:05	--------	d-----w-	c:\program files (x86)\trend micro
2013-01-11 23:05 . 2013-01-11 23:05	--------	d-----w-	C:\rsit
2013-01-05 22:11 . 2013-01-05 22:11	--------	d-----w-	C:\Forks Over Knives
2013-01-05 17:33 . 2013-01-05 17:33	--------	d-----w-	C:\Star Wars #5_Empire Strikes Back
2013-01-05 17:32 . 2013-01-05 17:32	--------	d-----w-	C:\New folder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-13 17:25 . 2012-07-23 20:57	67599240	----a-w-	c:\windows\system32\MRT.exe
2013-01-08 21:16 . 2012-07-18 18:24	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-08 21:16 . 2012-07-18 18:24	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-16 17:11 . 2012-12-28 01:38	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-28 01:38	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-28 01:38	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-28 01:38	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-10 09:28 . 2012-12-10 09:28	127328	----a-w-	c:\windows\system32\drivers\avgidsdrivera.sys
2012-11-30 04:45 . 2013-01-13 17:15	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-29 03:17 . 2012-11-29 03:17	53248	----a-r-	c:\users\Justin\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-11-14 07:06 . 2012-12-28 01:39	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-28 01:39	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-28 01:39	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-28 01:39	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-28 01:39	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-28 01:39	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-28 01:39	237056	----a-w-	c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-28 01:39	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-28 01:39	816640	----a-w-	c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-28 01:39	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-28 01:39	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-28 01:39	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-28 01:39	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-28 01:39	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-28 01:39	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-28 01:39	248320	----a-w-	c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-28 01:39	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-28 01:39	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-28 01:39	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-28 01:39	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-28 01:39	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-28 01:39	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-28 01:37	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-28 01:37	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-11-08 09:49 . 2012-11-08 09:49	307040	----a-w-	c:\windows\system32\drivers\avgldx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-01-24 03:59	1883824	----a-w-	c:\program files (x86)\AVG SafeGuard toolbar\14.0.0.14\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\14.0.0.14\AVG SafeGuard toolbar_toolbar.dll" [2013-01-24 1883824]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MusicManager"="c:\users\Justin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-01-14 7437824]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-01-23 295072]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-01-24 1101488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-24 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-11-08 307040]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-01-24 37720]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-11-02 5174392]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-01-24 945328]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-12-10 127328]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 AVMNgBasM780;AVerMedia M780 Base Driver;c:\windows\system32\DRIVERS\AVerBas.sys [2009-06-11 72448]
S3 AVMNgCapM780;AVerMedia M780 Audio/Video Capture Driver;c:\windows\system32\DRIVERS\AVerCap.sys [2009-06-11 442368]
S3 AVMNgTunM780;AVerMedia M780 TVTuner Driver;c:\windows\system32\DRIVERS\AVerTun.sys [2009-06-11 240768]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech Webcam C260(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 17:11	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 21:16]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-03 15:15]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-03 15:15]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2758387876-317494887-4176309356-1000Core.job
- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 22:11]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2758387876-317494887-4176309356-1000UA.job
- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 22:11]
.
2013-02-01 c:\windows\Tasks\Norton Security Scan for Justin.job
- c:\progra~2\NORTON~2\Engine\376~1.5\Nss.exe [2013-01-23 10:19]
.
2013-01-23 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-22 21:16]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={D5E1EF48-3B55-4C47-8F96-A43D4BEC3430}&mid=0ee2cac576784bef9cf54f979af83bd2-31c09cfdf0b96324640915a9f1bc07a9260dde39&lang=en&ds=AVG&pr=fr&d=2013-01-23 21:59&v=14.0.0.14&pid=safeguard&sg=1&sap=hp
FF - prefs.js: keyword.URL - hxxp://mysearch.avg.com/search?cid={D5E1EF48-3B55-4C47-8F96-A43D4BEC3430}&mid=0ee2cac576784bef9cf54f979af83bd2-31c09cfdf0b96324640915a9f1bc07a9260dde39&lang=en&ds=AVG&pr=fr&d=2013-01-23 21:59&pid=safeguard&sg=1&v=14.0.0.14&sap=ku&q=
FF - ExtSQL: 2013-01-23 21:59; [email protected]; c:\programdata\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14
FF - ExtSQL: !HIDDEN! 2012-07-18 15:43; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\03\01\003\0aë"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
.
**************************************************************************
.
Completion time: 2013-02-03 14:32:04 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-03 20:32
ComboFix2.txt 2013-01-17 23:55
.
Pre-Run: 112,980,557,824 bytes free
Post-Run: 113,161,416,704 bytes free
.
- - End Of File - - FD041836AC0B0160425C68F155C80C4A


----------



## eddie5659 (Mar 19, 2001)

Okay, as you can see at the top of the log, you had an infected system file. Now, I need to look a bit deeper, so can you do this for me:

Using OTL, can you do the following:


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Select 
*All Users*
*LOP Check*
*Purity Check*
Under the *Standard Registry* box change it to *All*

Please copy the text in the code box below and paste it in the *Custom Scans/Fixes* box in OTL:


```
netsvcs
activex
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%windir%\system32\tasks\*.* /64
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
services.exe
user32.dll
ATAPI.SYS
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
CREATERESTOREPOINT
```

Click the *Run Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open only one notepad window. *OTL.Txt*. This is saved in the same location as OTL.

Please copy *(Edit->Select All, Edit->Copy)* the contents of this file.

--------------------

Then, after that is completed, can you run this:

Please download the latest version of TDSSKiller from *here* and save it to your *Desktop*.
Doubleclick on *TDSSKiller.exe* to run the application, then click on *Change parameters.*








Put a checkmark beside *loaded modules*.








A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on *Change parameters* in TDSSKiller.
Check all boxes then click OK.








Click the *Start Scan* button.








The scan should take no longer than 2 minutes.
If a *suspicious object* is detected, the default action will be *Skip*, click on *Continue*.








 If *malicious objects* are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure *Cure* (default) is selected, then click *Continue* > *Reboot now to finish the cleaning process.*








*Note*: If *Cure* is not available, please choose *Skip* instead, do not choose *Delete* unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy and paste the contents of that file here.


----------



## justgreene (Jun 21, 2005)

Here is the TDSSKiller log:

18:29:27.0818 3312 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:29:28.0348 3312 ============================================================
18:29:28.0348 3312 Current date / time: 2013/02/04 18:29:28.0348
18:29:28.0348 3312 SystemInfo:
18:29:28.0348 3312 
18:29:28.0348 3312 OS Version: 6.1.7601 ServicePack: 1.0
18:29:28.0348 3312 Product type: Workstation
18:29:28.0348 3312 ComputerName: GREENEHOME
18:29:28.0395 3312 UserName: Justin
18:29:28.0395 3312 Windows directory: C:\Windows
18:29:28.0395 3312 System windows directory: C:\Windows
18:29:28.0395 3312 Running under WOW64
18:29:28.0395 3312 Processor architecture: Intel x64
18:29:28.0395 3312 Number of processors: 2
18:29:28.0395 3312 Page size: 0x1000
18:29:28.0395 3312 Boot type: Normal boot
18:29:28.0395 3312 ============================================================
18:29:46.0674 3312 BG loaded
18:29:47.0314 3312 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:29:47.0314 3312 Drive \Device\Harddisk1\DR1 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:29:47.0314 3312 Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:29:47.0329 3312 Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:29:47.0345 3312 Drive \Device\Harddisk4\DR4 - Size: 0x2BAA1475000 (2794.52 Gb), SectorSize: 0x1000, Cylinders: 0xB220, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:29:47.0345 3312 ============================================================
18:29:47.0345 3312 \Device\Harddisk0\DR0:
18:29:47.0345 3312 MBR partitions:
18:29:47.0345 3312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
18:29:47.0345 3312 \Device\Harddisk1\DR1:
18:29:47.0345 3312 MBR partitions:
18:29:47.0345 3312 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A7D53F
18:29:47.0345 3312 \Device\Harddisk2\DR2:
18:29:47.0345 3312 MBR partitions:
18:29:47.0345 3312 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BB42BC5
18:29:47.0345 3312 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x1BB42C04, BlocksNum 0x168197D
18:29:47.0345 3312 \Device\Harddisk3\DR3:
18:29:47.0345 3312 MBR partitions:
18:29:47.0345 3312 \Device\Harddisk3\DR3\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A380D41
18:29:47.0345 3312 \Device\Harddisk4\DR4:
18:29:47.0360 3312 MBR partitions:
18:29:47.0360 3312 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2BAA0800
18:29:47.0360 3312 ============================================================
18:29:47.0423 3312 C: <-> \Device\Harddisk2\DR2\Partition1
18:29:47.0423 3312 D: <-> \Device\Harddisk1\DR1\Partition1
18:29:47.0657 3312 E: <-> \Device\Harddisk2\DR2\Partition2
18:29:47.0657 3312 G: <-> \Device\Harddisk0\DR0\Partition1
18:29:47.0657 3312 H: <-> \Device\Harddisk3\DR3\Partition1
18:29:47.0688 3312 I: <-> \Device\Harddisk4\DR4\Partition1
18:29:47.0688 3312 ============================================================
18:29:47.0688 3312 Initialize success
18:29:47.0688 3312 ============================================================
18:30:32.0960 2724 ============================================================
18:30:32.0960 2724 Scan started
18:30:32.0960 2724 Mode: Manual; SigCheck; TDLFS; 
18:30:32.0960 2724 ============================================================
18:30:34.0224 2724 ================ Scan system memory ========================
18:30:34.0224 2724 System memory - ok
18:30:34.0224 2724 ================ Scan services =============================
18:30:34.0676 2724 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:30:34.0801 2724 1394ohci - ok
18:30:34.0848 2724 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:30:34.0863 2724 ACPI - ok
18:30:34.0895 2724 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:30:34.0973 2724 AcpiPmi - ok
18:30:35.0144 2724 [ 34400005DE52842C4D6D4EE978B4D7CE ] AdobeActiveFileMonitor8.0 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
18:30:35.0175 2724 AdobeActiveFileMonitor8.0 - ok
18:30:35.0316 2724 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:30:35.0331 2724 AdobeARMservice - ok
18:30:35.0456 2724 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:30:35.0519 2724 AdobeFlashPlayerUpdateSvc - ok
18:30:35.0597 2724 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:30:35.0643 2724 adp94xx - ok
18:30:35.0675 2724 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:30:35.0706 2724 adpahci - ok
18:30:35.0721 2724 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:30:35.0737 2724 adpu320 - ok
18:30:35.0768 2724 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:30:35.0909 2724 AeLookupSvc - ok
18:30:35.0971 2724 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:30:36.0065 2724 AFD - ok
18:30:36.0127 2724 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:30:36.0158 2724 agp440 - ok
18:30:36.0189 2724 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:30:36.0236 2724 ALG - ok
18:30:36.0283 2724 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:30:36.0299 2724 aliide - ok
18:30:36.0345 2724 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:30:36.0361 2724 amdide - ok
18:30:36.0392 2724 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:30:36.0455 2724 AmdK8 - ok
18:30:36.0470 2724 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:30:36.0533 2724 AmdPPM - ok
18:30:36.0579 2724 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:30:36.0595 2724 amdsata - ok
18:30:36.0704 2724 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:30:36.0751 2724 amdsbs - ok
18:30:36.0782 2724 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:30:36.0813 2724 amdxata - ok
18:30:36.0876 2724 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:30:37.0032 2724 AppID - ok
18:30:37.0063 2724 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:30:37.0157 2724 AppIDSvc - ok
18:30:37.0219 2724 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:30:37.0266 2724 Appinfo - ok
18:30:37.0328 2724 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:30:37.0344 2724 Apple Mobile Device - ok
18:30:37.0391 2724 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:30:37.0406 2724 arc - ok
18:30:37.0422 2724 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:30:37.0437 2724 arcsas - ok
18:30:37.0640 2724 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:30:37.0671 2724 aspnet_state - ok
18:30:37.0687 2724 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:30:37.0765 2724 AsyncMac - ok
18:30:37.0843 2724 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:30:37.0859 2724 atapi - ok
18:30:37.0968 2724 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:30:38.0046 2724 AudioEndpointBuilder - ok
18:30:38.0061 2724 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:30:38.0108 2724 AudioSrv - ok
18:30:38.0654 2724 [ 231B6AD3DB2866BC3FDB9979E6B2B61E ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
18:30:38.0748 2724 AVGIDSAgent - ok
18:30:38.0795 2724 [ 633360E94804E7BAFE642017817C9413 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
18:30:38.0810 2724 AVGIDSDriver - ok
18:30:38.0857 2724 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
18:30:38.0873 2724 AVGIDSFilter - ok
18:30:38.0919 2724 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
18:30:38.0935 2724 AVGIDSHA - ok
18:30:38.0966 2724 [ BE8BC5D10ABA05D7F6E79D8296906C86 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
18:30:38.0982 2724 Avgldx64 - ok
18:30:39.0044 2724 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
18:30:39.0060 2724 Avgmfx64 - ok
18:30:39.0122 2724 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
18:30:39.0153 2724 Avgrkx64 - ok
18:30:39.0278 2724 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
18:30:39.0309 2724 Avgtdia - ok
18:30:39.0372 2724 [ 0BC445CDCC253047E8CD2D83D725AC18 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
18:30:39.0387 2724 avgtp - ok
18:30:39.0419 2724 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
18:30:39.0434 2724 avgwd - ok
18:30:39.0481 2724 [ ED78D0351046FB53EFAEB48387018BBA ] AVMNgBasM780 C:\Windows\system32\DRIVERS\AVerBas.sys
18:30:39.0528 2724 AVMNgBasM780 - ok
18:30:39.0559 2724 [ 9ED1BAC93072B7DD2D8D02EA01A0FF14 ] AVMNgCapM780 C:\Windows\system32\DRIVERS\AVerCap.sys
18:30:39.0606 2724 AVMNgCapM780 - ok
18:30:39.0637 2724 [ 7B0D1C11BB479C915C558F9221D4E0C3 ] AVMNgTunM780 C:\Windows\system32\DRIVERS\AVerTun.sys
18:30:39.0699 2724 AVMNgTunM780 - ok
18:30:39.0746 2724 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:30:39.0793 2724 AxInstSV - ok
18:30:39.0840 2724 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:30:39.0887 2724 b06bdrv - ok
18:30:39.0933 2724 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:30:39.0980 2724 b57nd60a - ok
18:30:40.0027 2724 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:30:40.0074 2724 BDESVC - ok
18:30:40.0105 2724 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:30:40.0152 2724 Beep - ok
18:30:40.0277 2724 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:30:40.0355 2724 BFE - ok
18:30:40.0479 2724 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
18:30:40.0542 2724 BITS - ok
18:30:40.0573 2724 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:30:40.0589 2724 blbdrive - ok
18:30:40.0698 2724 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:30:40.0713 2724 Bonjour Service - ok
18:30:40.0776 2724 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:30:40.0885 2724 bowser - ok
18:30:40.0932 2724 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:30:41.0010 2724 BrFiltLo - ok
18:30:41.0010 2724 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:30:41.0041 2724 BrFiltUp - ok
18:30:41.0041 2724 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:30:41.0103 2724 BridgeMP - ok
18:30:41.0181 2724 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:30:41.0213 2724 Browser - ok
18:30:41.0228 2724 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:30:41.0259 2724 Brserid - ok
18:30:41.0275 2724 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:30:41.0291 2724 BrSerWdm - ok
18:30:41.0306 2724 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:30:41.0353 2724 BrUsbMdm - ok
18:30:41.0369 2724 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:30:41.0384 2724 BrUsbSer - ok
18:30:41.0384 2724 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:30:41.0431 2724 BTHMODEM - ok
18:30:41.0478 2724 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:30:41.0571 2724 bthserv - ok
18:30:41.0603 2724 catchme - ok
18:30:41.0618 2724 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:30:41.0696 2724 cdfs - ok
18:30:41.0743 2724 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:30:41.0790 2724 cdrom - ok
18:30:41.0837 2724 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:30:41.0946 2724 CertPropSvc - ok
18:30:41.0993 2724 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:30:42.0039 2724 circlass - ok
18:30:42.0102 2724 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:30:42.0117 2724 CLFS - ok
18:30:42.0211 2724 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:30:42.0242 2724 clr_optimization_v2.0.50727_32 - ok
18:30:42.0289 2724 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:30:42.0305 2724 clr_optimization_v2.0.50727_64 - ok
18:30:42.0429 2724 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:30:42.0461 2724 clr_optimization_v4.0.30319_32 - ok
18:30:42.0476 2724 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:30:42.0492 2724 clr_optimization_v4.0.30319_64 - ok
18:30:42.0507 2724 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:30:42.0554 2724 CmBatt - ok
18:30:42.0601 2724 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:30:42.0617 2724 cmdide - ok
18:30:42.0679 2724 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:30:42.0710 2724 CNG - ok
18:30:42.0726 2724 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:30:42.0757 2724 Compbatt - ok
18:30:42.0804 2724 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:30:42.0851 2724 CompositeBus - ok
18:30:42.0866 2724 COMSysApp - ok
18:30:42.0882 2724 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:30:42.0897 2724 crcdisk - ok
18:30:42.0944 2724 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:30:43.0007 2724 CryptSvc - ok
18:30:43.0053 2724 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:30:43.0116 2724 DcomLaunch - ok
18:30:43.0163 2724 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:30:43.0241 2724 defragsvc - ok
18:30:43.0287 2724 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:30:43.0365 2724 DfsC - ok
18:30:43.0506 2724 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:30:43.0584 2724 Dhcp - ok
18:30:43.0631 2724 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:30:43.0709 2724 discache - ok
18:30:43.0740 2724 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:30:43.0755 2724 Disk - ok
18:30:43.0818 2724 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:30:43.0865 2724 Dnscache - ok
18:30:43.0943 2724 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:30:44.0005 2724 dot3svc - ok
18:30:44.0036 2724 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
18:30:44.0067 2724 Dot4 - ok
18:30:44.0130 2724 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
18:30:44.0145 2724 Dot4Print - ok
18:30:44.0161 2724 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
18:30:44.0192 2724 dot4usb - ok
18:30:44.0239 2724 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:30:44.0333 2724 DPS - ok
18:30:44.0364 2724 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:30:44.0395 2724 drmkaud - ok
18:30:44.0504 2724 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:30:44.0535 2724 DXGKrnl - ok
18:30:44.0567 2724 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:30:44.0629 2724 EapHost - ok
18:30:44.0738 2724 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:30:44.0832 2724 ebdrv - ok
18:30:44.0863 2724 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:30:44.0910 2724 EFS - ok
18:30:45.0019 2724 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:30:45.0050 2724 ehRecvr - ok
18:30:45.0081 2724 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:30:45.0097 2724 ehSched - ok
18:30:45.0144 2724 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:30:45.0175 2724 elxstor - ok
18:30:45.0237 2724 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:30:45.0284 2724 ErrDev - ok
18:30:45.0331 2724 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:30:45.0393 2724 EventSystem - ok
18:30:45.0409 2724 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:30:45.0456 2724 exfat - ok
18:30:45.0534 2724 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:30:45.0612 2724 fastfat - ok
18:30:45.0690 2724 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:30:45.0752 2724 Fax - ok
18:30:45.0768 2724 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:30:45.0799 2724 fdc - ok
18:30:45.0815 2724 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:30:45.0877 2724 fdPHost - ok
18:30:45.0893 2724 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:30:46.0017 2724 FDResPub - ok
18:30:46.0049 2724 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:30:46.0064 2724 FileInfo - ok
18:30:46.0080 2724 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:30:46.0158 2724 Filetrace - ok
18:30:46.0236 2724 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:30:46.0267 2724 FLEXnet Licensing Service - ok
18:30:46.0298 2724 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:30:46.0329 2724 flpydisk - ok
18:30:46.0392 2724 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:30:46.0439 2724 FltMgr - ok
18:30:46.0657 2724 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:30:46.0735 2724 FontCache - ok
18:30:46.0797 2724 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:30:46.0813 2724 FontCache3.0.0.0 - ok
18:30:46.0844 2724 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:30:46.0875 2724 FsDepends - ok
18:30:46.0907 2724 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
18:30:46.0907 2724 fssfltr - ok
18:30:47.0141 2724 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:30:47.0187 2724 fsssvc - ok
18:30:47.0234 2724 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:30:47.0250 2724 Fs_Rec - ok
18:30:47.0312 2724 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:30:47.0343 2724 fvevol - ok
18:30:47.0359 2724 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:30:47.0390 2724 gagp30kx - ok
18:30:47.0437 2724 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:30:47.0453 2724 GEARAspiWDM - ok
18:30:47.0624 2724 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:30:47.0671 2724 gpsvc - ok
18:30:47.0765 2724 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:30:47.0796 2724 gupdate - ok
18:30:47.0811 2724 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:30:47.0827 2724 gupdatem - ok
18:30:47.0936 2724 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:30:47.0952 2724 gusvc - ok
18:30:47.0983 2724 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:30:48.0014 2724 hcw85cir - ok
18:30:48.0092 2724 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:30:48.0123 2724 HdAudAddService - ok
18:30:48.0139 2724 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:30:48.0186 2724 HDAudBus - ok
18:30:48.0233 2724 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:30:48.0295 2724 HidBatt - ok
18:30:48.0342 2724 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:30:48.0357 2724 HidBth - ok
18:30:48.0389 2724 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:30:48.0420 2724 HidIr - ok
18:30:48.0451 2724 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
18:30:48.0513 2724 hidserv - ok
18:30:48.0576 2724 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
18:30:48.0591 2724 HidUsb - ok
18:30:48.0638 2724 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:30:48.0732 2724 hkmsvc - ok
18:30:48.0794 2724 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:30:48.0841 2724 HomeGroupListener - ok
18:30:48.0888 2724 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:30:48.0903 2724 HomeGroupProvider - ok
18:30:48.0966 2724 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:30:49.0013 2724 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
18:30:49.0013 2724 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
18:30:49.0044 2724 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
18:30:49.0153 2724 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
18:30:49.0153 2724 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
18:30:49.0215 2724 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:30:49.0247 2724 HpSAMD - ok
18:30:49.0403 2724 [ 7F57926169C1B8ABA9274EA7D4B70F18 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
18:30:49.0434 2724 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
18:30:49.0434 2724 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
18:30:49.0512 2724 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:30:49.0590 2724 HTTP - ok
18:30:49.0621 2724 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:30:49.0637 2724 hwpolicy - ok
18:30:49.0699 2724 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:30:49.0715 2724 i8042prt - ok
18:30:49.0746 2724 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:30:49.0761 2724 iaStorV - ok
18:30:49.0855 2724 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:30:49.0902 2724 idsvc - ok
18:30:49.0917 2724 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:30:49.0933 2724 iirsp - ok
18:30:50.0089 2724 [ E5E6A7D13BBC0F80B866D021F306BF6C ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
18:30:50.0120 2724 IJPLMSVC - ok
18:30:50.0370 2724 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:30:50.0448 2724 IKEEXT - ok
18:30:50.0479 2724 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:30:50.0526 2724 intelide - ok
18:30:50.0557 2724 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:30:50.0604 2724 intelppm - ok
18:30:50.0619 2724 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:30:50.0682 2724 IPBusEnum - ok
18:30:50.0729 2724 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:30:50.0807 2724 IpFilterDriver - ok
18:30:50.0853 2724 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:30:50.0900 2724 iphlpsvc - ok
18:30:50.0978 2724 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:30:51.0025 2724 IPMIDRV - ok
18:30:51.0087 2724 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:30:51.0150 2724 IPNAT - ok
18:30:51.0306 2724 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:30:51.0337 2724 iPod Service - ok
18:30:51.0353 2724 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:30:51.0384 2724 IRENUM - ok
18:30:51.0415 2724 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:30:51.0431 2724 isapnp - ok
18:30:51.0446 2724 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:30:51.0493 2724 iScsiPrt - ok
18:30:51.0509 2724 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:30:51.0524 2724 kbdclass - ok
18:30:51.0555 2724 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:30:51.0587 2724 kbdhid - ok
18:30:51.0618 2724 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:30:51.0633 2724 KeyIso - ok
18:30:51.0696 2724 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:30:51.0711 2724 KSecDD - ok
18:30:51.0774 2724 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:30:51.0789 2724 KSecPkg - ok
18:30:51.0821 2724 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:30:51.0867 2724 ksthunk - ok
18:30:51.0899 2724 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:30:51.0977 2724 KtmRm - ok
18:30:52.0039 2724 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:30:52.0101 2724 LanmanServer - ok
18:30:52.0164 2724 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:30:52.0211 2724 LanmanWorkstation - ok
18:30:52.0273 2724 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:30:52.0289 2724 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
18:30:52.0289 2724 LightScribeService - detected UnsignedFile.Multi.Generic (1)
18:30:52.0335 2724 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:30:52.0398 2724 lltdio - ok
18:30:52.0476 2724 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:30:52.0585 2724 lltdsvc - ok
18:30:52.0632 2724 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:30:52.0663 2724 lmhosts - ok
18:30:52.0725 2724 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:30:52.0741 2724 LSI_FC - ok
18:30:52.0757 2724 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:30:52.0772 2724 LSI_SAS - ok
18:30:52.0788 2724 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:30:52.0803 2724 LSI_SAS2 - ok
18:30:52.0819 2724 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:30:52.0835 2724 LSI_SCSI - ok
18:30:52.0866 2724 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:30:52.0913 2724 luafv - ok
18:30:52.0991 2724 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
18:30:53.0037 2724 LVRS64 - ok
18:30:53.0193 2724 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
18:30:53.0303 2724 LVUVC64 - ok
18:30:53.0365 2724 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:30:53.0396 2724 Mcx2Svc - ok
18:30:53.0412 2724 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:30:53.0427 2724 megasas - ok
18:30:53.0459 2724 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:30:53.0474 2724 MegaSR - ok
18:30:53.0521 2724 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:30:53.0583 2724 MMCSS - ok
18:30:53.0599 2724 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:30:53.0661 2724 Modem - ok
18:30:53.0693 2724 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:30:53.0724 2724 monitor - ok
18:30:53.0755 2724 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
18:30:53.0771 2724 mouclass - ok
18:30:53.0802 2724 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:30:53.0817 2724 mouhid - ok
18:30:53.0864 2724 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:30:53.0880 2724 mountmgr - ok
18:30:53.0958 2724 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:30:53.0989 2724 MozillaMaintenance - ok
18:30:54.0020 2724 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:30:54.0036 2724 mpio - ok
18:30:54.0083 2724 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:30:54.0129 2724 mpsdrv - ok
18:30:54.0285 2724 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:30:54.0348 2724 MpsSvc - ok
18:30:54.0410 2724 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:30:54.0457 2724 MRxDAV - ok
18:30:54.0504 2724 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:30:54.0551 2724 mrxsmb - ok
18:30:54.0582 2724 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:30:54.0629 2724 mrxsmb10 - ok
18:30:54.0691 2724 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:30:54.0707 2724 mrxsmb20 - ok
18:30:54.0753 2724 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:30:54.0769 2724 msahci - ok
18:30:54.0785 2724 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:30:54.0800 2724 msdsm - ok
18:30:54.0831 2724 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:30:54.0878 2724 MSDTC - ok
18:30:54.0925 2724 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:30:54.0972 2724 Msfs - ok
18:30:55.0019 2724 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:30:55.0112 2724 mshidkmdf - ok
18:30:55.0159 2724 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:30:55.0190 2724 msisadrv - ok
18:30:55.0221 2724 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:30:55.0299 2724 MSiSCSI - ok
18:30:55.0299 2724 msiserver - ok
18:30:55.0331 2724 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:30:55.0393 2724 MSKSSRV - ok
18:30:55.0393 2724 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:30:55.0455 2724 MSPCLOCK - ok
18:30:55.0471 2724 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:30:55.0518 2724 MSPQM - ok
18:30:55.0565 2724 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:30:55.0596 2724 MsRPC - ok
18:30:55.0658 2724 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:30:55.0689 2724 mssmbios - ok
18:30:55.0736 2724 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:30:55.0799 2724 MSTEE - ok
18:30:55.0814 2724 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:30:55.0845 2724 MTConfig - ok
18:30:55.0861 2724 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:30:55.0877 2724 Mup - ok
18:30:55.0939 2724 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:30:56.0001 2724 napagent - ok
18:30:56.0095 2724 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:30:56.0173 2724 NativeWifiP - ok
18:30:56.0251 2724 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:30:56.0267 2724 NDIS - ok
18:30:56.0313 2724 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:30:56.0360 2724 NdisCap - ok
18:30:56.0376 2724 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:30:56.0438 2724 NdisTapi - ok
18:30:56.0501 2724 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:30:56.0563 2724 Ndisuio - ok
18:30:56.0625 2724 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:30:56.0672 2724 NdisWan - ok
18:30:56.0719 2724 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:30:56.0766 2724 NDProxy - ok
18:30:56.0891 2724 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
18:30:56.0906 2724 Nero BackItUp Scheduler 4.0 - ok
18:30:56.0953 2724 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:30:56.0969 2724 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:30:56.0969 2724 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:30:57.0000 2724 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:30:57.0078 2724 NetBIOS - ok
18:30:57.0187 2724 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:30:57.0265 2724 NetBT - ok
18:30:57.0281 2724 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:30:57.0312 2724 Netlogon - ok
18:30:57.0359 2724 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:30:57.0421 2724 Netman - ok
18:30:57.0468 2724 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:30:57.0483 2724 NetMsmqActivator - ok
18:30:57.0499 2724 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:30:57.0515 2724 NetPipeActivator - ok
18:30:57.0546 2724 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:30:57.0608 2724 netprofm - ok
18:30:57.0624 2724 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:30:57.0639 2724 NetTcpActivator - ok
18:30:57.0639 2724 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:30:57.0671 2724 NetTcpPortSharing - ok
18:30:57.0686 2724 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:30:57.0702 2724 nfrd960 - ok
18:30:57.0811 2724 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:30:57.0858 2724 NlaSvc - ok
18:30:57.0889 2724 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:30:57.0936 2724 Npfs - ok
18:30:57.0983 2724 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:30:58.0029 2724 nsi - ok
18:30:58.0061 2724 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:30:58.0123 2724 nsiproxy - ok
18:30:58.0388 2724 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:30:58.0451 2724 Ntfs - ok
18:30:58.0482 2724 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:30:58.0544 2724 Null - ok
18:30:58.0607 2724 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
18:30:58.0638 2724 NVENETFD - ok
18:30:59.0121 2724 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:30:59.0340 2724 nvlddmkm - ok
18:30:59.0402 2724 [ 909EEDCBD365BB81027D8E742E6B3416 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
18:30:59.0418 2724 NVNET - ok
18:30:59.0480 2724 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:30:59.0496 2724 nvraid - ok
18:30:59.0558 2724 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:30:59.0574 2724 nvstor - ok
18:30:59.0605 2724 [ 6BA747B1A9297A6C0271700D12FDD495 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
18:30:59.0621 2724 nvstor64 - ok
18:30:59.0652 2724 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:30:59.0667 2724 nv_agp - ok
18:30:59.0683 2724 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:30:59.0714 2724 ohci1394 - ok
18:30:59.0745 2724 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:30:59.0777 2724 p2pimsvc - ok
18:30:59.0823 2724 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:30:59.0855 2724 p2psvc - ok
18:30:59.0886 2724 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:30:59.0917 2724 Parport - ok
18:30:59.0964 2724 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:30:59.0979 2724 partmgr - ok
18:31:00.0011 2724 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:31:00.0057 2724 PcaSvc - ok
18:31:00.0120 2724 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:31:00.0135 2724 pci - ok
18:31:00.0182 2724 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:31:00.0198 2724 pciide - ok
18:31:00.0229 2724 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:31:00.0245 2724 pcmcia - ok
18:31:00.0276 2724 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:31:00.0291 2724 pcw - ok
18:31:00.0354 2724 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:31:00.0479 2724 PEAUTH - ok
18:31:00.0728 2724 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:31:00.0791 2724 PerfHost - ok
18:31:00.0931 2724 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:31:01.0009 2724 pla - ok
18:31:01.0118 2724 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:31:01.0181 2724 PlugPlay - ok
18:31:01.0259 2724 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:31:01.0290 2724 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:31:01.0290 2724 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:31:01.0321 2724 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:31:01.0383 2724 PNRPAutoReg - ok
18:31:01.0477 2724 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:31:01.0493 2724 PNRPsvc - ok
18:31:01.0586 2724 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:31:01.0649 2724 PolicyAgent - ok
18:31:01.0680 2724 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:31:01.0742 2724 Power - ok
18:31:01.0773 2724 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:31:01.0898 2724 PptpMiniport - ok
18:31:01.0929 2724 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:31:01.0961 2724 Processor - ok
18:31:02.0007 2724 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:31:02.0054 2724 ProfSvc - ok
18:31:02.0070 2724 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:31:02.0085 2724 ProtectedStorage - ok
18:31:02.0132 2724 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:31:02.0195 2724 Psched - ok
18:31:02.0241 2724 [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
18:31:02.0257 2724 PxHlpa64 - ok
18:31:02.0304 2724 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:31:02.0351 2724 ql2300 - ok
18:31:02.0382 2724 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:31:02.0413 2724 ql40xx - ok
18:31:02.0429 2724 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:31:02.0475 2724 QWAVE - ok
18:31:02.0491 2724 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:31:02.0538 2724 QWAVEdrv - ok
18:31:02.0569 2724 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:31:02.0678 2724 RasAcd - ok
18:31:02.0709 2724 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:31:02.0756 2724 RasAgileVpn - ok
18:31:02.0772 2724 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:31:02.0819 2724 RasAuto - ok
18:31:02.0865 2724 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:31:02.0912 2724 Rasl2tp - ok
18:31:02.0959 2724 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:31:03.0021 2724 RasMan - ok
18:31:03.0053 2724 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:31:03.0162 2724 RasPppoe - ok
18:31:03.0177 2724 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:31:03.0240 2724 RasSstp - ok
18:31:03.0287 2724 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:31:03.0333 2724 rdbss - ok
18:31:03.0365 2724 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:31:03.0396 2724 rdpbus - ok
18:31:03.0411 2724 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:31:03.0458 2724 RDPCDD - ok
18:31:03.0474 2724 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:31:03.0536 2724 RDPENCDD - ok
18:31:03.0583 2724 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:31:03.0630 2724 RDPREFMP - ok
18:31:03.0739 2724 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:31:03.0770 2724 RDPWD - ok
18:31:03.0817 2724 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:31:03.0848 2724 rdyboost - ok
18:31:03.0942 2724 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
18:31:03.0957 2724 RealNetworks Downloader Resolver Service - ok
18:31:03.0973 2724 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:31:04.0051 2724 RemoteAccess - ok
18:31:04.0098 2724 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:31:04.0191 2724 RemoteRegistry - ok
18:31:04.0223 2724 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:31:04.0285 2724 RpcEptMapper - ok
18:31:04.0316 2724 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:31:04.0347 2724 RpcLocator - ok
18:31:04.0457 2724 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
18:31:04.0503 2724 RpcSs - ok
18:31:04.0535 2724 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:31:04.0581 2724 rspndr - ok
18:31:04.0597 2724 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:31:04.0613 2724 SamSs - ok
18:31:04.0675 2724 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:31:04.0722 2724 sbp2port - ok
18:31:04.0800 2724 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:31:04.0862 2724 SCardSvr - ok
18:31:04.0909 2724 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:31:04.0971 2724 scfilter - ok
18:31:05.0065 2724 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:31:05.0174 2724 Schedule - ok
18:31:05.0268 2724 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:31:05.0315 2724 SCPolicySvc - ok
18:31:05.0424 2724 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:31:05.0471 2724 SDRSVC - ok
18:31:05.0517 2724 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:31:05.0564 2724 secdrv - ok
18:31:05.0627 2724 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:31:05.0720 2724 seclogon - ok
18:31:05.0829 2724 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
18:31:05.0907 2724 SENS - ok
18:31:05.0939 2724 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:31:05.0970 2724 SensrSvc - ok
18:31:06.0001 2724 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:31:06.0032 2724 Serenum - ok
18:31:06.0063 2724 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:31:06.0110 2724 Serial - ok
18:31:06.0173 2724 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:31:06.0235 2724 sermouse - ok
18:31:06.0297 2724 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:31:06.0391 2724 SessionEnv - ok
18:31:06.0422 2724 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:31:06.0453 2724 sffdisk - ok
18:31:06.0469 2724 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:31:06.0500 2724 sffp_mmc - ok
18:31:06.0516 2724 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:31:06.0547 2724 sffp_sd - ok
18:31:06.0563 2724 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:31:06.0578 2724 sfloppy - ok
18:31:06.0625 2724 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:31:06.0687 2724 SharedAccess - ok
18:31:06.0734 2724 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:31:06.0797 2724 ShellHWDetection - ok
18:31:06.0828 2724 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:31:06.0843 2724 SiSRaid2 - ok
18:31:06.0859 2724 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:31:06.0875 2724 SiSRaid4 - ok
18:31:06.0921 2724 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:31:06.0937 2724 SkypeUpdate - ok
18:31:06.0968 2724 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:31:07.0015 2724 Smb - ok
18:31:07.0062 2724 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:31:07.0077 2724 SNMPTRAP - ok
18:31:07.0093 2724 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:31:07.0109 2724 spldr - ok
18:31:07.0218 2724 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:31:07.0249 2724 Spooler - ok
18:31:07.0577 2724 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:31:07.0701 2724 sppsvc - ok
18:31:07.0748 2724 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:31:07.0811 2724 sppuinotify - ok
18:31:07.0873 2724 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:31:07.0920 2724 srv - ok
18:31:07.0951 2724 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:31:07.0998 2724 srv2 - ok
18:31:08.0029 2724 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:31:08.0060 2724 srvnet - ok
18:31:08.0107 2724 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:31:08.0185 2724 SSDPSRV - ok
18:31:08.0216 2724 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:31:08.0263 2724 SstpSvc - ok
18:31:08.0310 2724 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:31:08.0357 2724 stexstor - ok
18:31:08.0450 2724 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:31:08.0513 2724 stisvc - ok
18:31:08.0575 2724 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:31:08.0575 2724 swenum - ok
18:31:08.0622 2724 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:31:08.0669 2724 swprv - ok
18:31:08.0762 2724 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:31:08.0809 2724 SysMain - ok
18:31:08.0856 2724 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:31:08.0871 2724 TabletInputService - ok
18:31:08.0903 2724 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:31:08.0949 2724 TapiSrv - ok
18:31:08.0981 2724 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:31:09.0027 2724 TBS - ok
18:31:09.0105 2724 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:31:09.0152 2724 Tcpip - ok
18:31:09.0183 2724 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:31:09.0277 2724 TCPIP6 - ok
18:31:09.0324 2724 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:31:09.0339 2724 tcpipreg - ok
18:31:09.0371 2724 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:31:09.0402 2724 TDPIPE - ok
18:31:09.0417 2724 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:31:09.0433 2724 TDTCP - ok
18:31:09.0495 2724 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:31:09.0589 2724 tdx - ok
18:31:09.0605 2724 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:31:09.0620 2724 TermDD - ok
18:31:09.0745 2724 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:31:09.0823 2724 TermService - ok
18:31:09.0854 2724 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:31:09.0901 2724 Themes - ok
18:31:09.0932 2724 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:31:09.0963 2724 THREADORDER - ok
18:31:10.0010 2724 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:31:10.0073 2724 TrkWks - ok
18:31:10.0182 2724 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:31:10.0260 2724 TrustedInstaller - ok
18:31:10.0322 2724 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:31:10.0369 2724 tssecsrv - ok
18:31:10.0416 2724 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:31:10.0447 2724 TsUsbFlt - ok
18:31:10.0509 2724 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:31:10.0572 2724 tunnel - ok
18:31:10.0603 2724 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:31:10.0619 2724 uagp35 - ok
18:31:10.0681 2724 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:31:10.0728 2724 udfs - ok
18:31:10.0759 2724 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:31:10.0775 2724 UI0Detect - ok
18:31:10.0806 2724 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:31:10.0821 2724 uliagpkx - ok
18:31:10.0868 2724 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:31:10.0915 2724 umbus - ok
18:31:10.0962 2724 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:31:10.0977 2724 UmPass - ok
18:31:11.0102 2724 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
18:31:11.0118 2724 UMVPFSrv - ok
18:31:11.0196 2724 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:31:11.0274 2724 upnphost - ok
18:31:11.0336 2724 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:31:11.0367 2724 USBAAPL64 - ok
18:31:11.0430 2724 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:31:11.0461 2724 usbaudio - ok
18:31:11.0523 2724 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:31:11.0539 2724 usbccgp - ok
18:31:11.0570 2724 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:31:11.0601 2724 usbcir - ok
18:31:11.0617 2724 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:31:11.0664 2724 usbehci - ok
18:31:11.0711 2724 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:31:11.0757 2724 usbhub - ok
18:31:11.0804 2724 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:31:11.0835 2724 usbohci - ok
18:31:11.0882 2724 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:31:11.0913 2724 usbprint - ok
18:31:11.0929 2724 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:31:11.0976 2724 usbscan - ok
18:31:11.0991 2724 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:31:12.0007 2724 USBSTOR - ok
18:31:12.0054 2724 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:31:12.0101 2724 usbuhci - ok
18:31:12.0163 2724 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:31:12.0194 2724 usbvideo - ok
18:31:12.0225 2724 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:31:12.0288 2724 UxSms - ok
18:31:12.0319 2724 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:31:12.0319 2724 VaultSvc - ok
18:31:12.0381 2724 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:31:12.0397 2724 vdrvroot - ok
18:31:12.0491 2724 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:31:12.0553 2724 vds - ok
18:31:12.0569 2724 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:31:12.0584 2724 vga - ok
18:31:12.0600 2724 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:31:12.0662 2724 VgaSave - ok
18:31:12.0725 2724 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:31:12.0787 2724 vhdmp - ok
18:31:12.0849 2724 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:31:12.0881 2724 viaide - ok
18:31:12.0896 2724 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:31:12.0912 2724 volmgr - ok
18:31:12.0974 2724 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:31:12.0990 2724 volmgrx - ok
18:31:13.0115 2724 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:31:13.0146 2724 volsnap - ok
18:31:13.0255 2724 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:31:13.0317 2724 vsmraid - ok
18:31:13.0380 2724 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:31:13.0489 2724 VSS - ok
18:31:13.0723 2724 [ 6AE0A4978225CC6656D45504D6D78D0A ] vToolbarUpdater14.0.1 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
18:31:13.0770 2724 vToolbarUpdater14.0.1 - ok
18:31:13.0801 2724 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:31:13.0848 2724 vwifibus - ok
18:31:13.0879 2724 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:31:13.0926 2724 W32Time - ok
18:31:13.0957 2724 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:31:14.0004 2724 WacomPen - ok
18:31:14.0066 2724 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:31:14.0113 2724 WANARP - ok
18:31:14.0129 2724 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:31:14.0160 2724 Wanarpv6 - ok
18:31:14.0285 2724 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:31:14.0347 2724 WatAdminSvc - ok
18:31:14.0737 2724 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:31:14.0768 2724 wbengine - ok
18:31:14.0862 2724 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:31:14.0909 2724 WbioSrvc - ok
18:31:15.0002 2724 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:31:15.0111 2724 wcncsvc - ok
18:31:15.0158 2724 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:31:15.0189 2724 WcsPlugInService - ok
18:31:15.0221 2724 [ 72889E16FF12BA0F235467D6091B17DC ] Wd  C:\Windows\system32\DRIVERS\wd.sys
18:31:15.0236 2724 Wd - ok
18:31:15.0299 2724 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:31:15.0330 2724 Wdf01000 - ok
18:31:15.0345 2724 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:31:15.0392 2724 WdiServiceHost - ok
18:31:15.0408 2724 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:31:15.0423 2724 WdiSystemHost - ok
18:31:15.0517 2724 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:31:15.0595 2724 WebClient - ok
18:31:15.0611 2724 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:31:15.0689 2724 Wecsvc - ok
18:31:15.0720 2724 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:31:15.0782 2724 wercplsupport - ok
18:31:15.0813 2724 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:31:15.0860 2724 WerSvc - ok
18:31:15.0907 2724 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:31:15.0954 2724 WfpLwf - ok
18:31:15.0985 2724 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:31:16.0001 2724 WIMMount - ok
18:31:16.0016 2724 WinDefend - ok
18:31:16.0032 2724 WinHttpAutoProxySvc - ok
18:31:16.0313 2724 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:31:16.0391 2724 Winmgmt - ok
18:31:16.0734 2724 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:31:16.0843 2724 WinRM - ok
18:31:16.0921 2724 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:31:16.0937 2724 WinUsb - ok
18:31:17.0015 2724 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:31:17.0046 2724 Wlansvc - ok
18:31:17.0124 2724 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:31:17.0171 2724 wlcrasvc - ok
18:31:17.0826 2724 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:31:17.0888 2724 wlidsvc - ok
18:31:17.0935 2724 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:31:17.0982 2724 WmiAcpi - ok
18:31:18.0029 2724 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:31:18.0060 2724 wmiApSrv - ok
18:31:18.0091 2724 WMPNetworkSvc - ok
18:31:18.0107 2724 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:31:18.0138 2724 WPCSvc - ok
18:31:18.0169 2724 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:31:18.0185 2724 WPDBusEnum - ok
18:31:18.0231 2724 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:31:18.0278 2724 ws2ifsl - ok
18:31:18.0309 2724 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
18:31:18.0341 2724 wscsvc - ok
18:31:18.0356 2724 WSearch - ok
18:31:18.0653 2724 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:31:18.0715 2724 wuauserv - ok
18:31:18.0762 2724 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:31:18.0809 2724 WudfPf - ok
18:31:18.0824 2724 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:31:18.0855 2724 WUDFRd - ok
18:31:18.0887 2724 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:31:18.0933 2724 wudfsvc - ok
18:31:18.0965 2724 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:31:18.0980 2724 WwanSvc - ok
18:31:19.0011 2724 ================ Scan global ===============================
18:31:19.0058 2724 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:31:19.0152 2724 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
18:31:19.0183 2724 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
18:31:19.0230 2724 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:31:19.0323 2724 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:31:19.0339 2724 [Global] - ok
18:31:19.0339 2724 ================ Scan MBR ==================================
18:31:19.0339 2724 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:31:19.0745 2724 \Device\Harddisk0\DR0 - ok
18:31:19.0760 2724 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
18:31:20.0057 2724 \Device\Harddisk1\DR1 - ok
18:31:20.0088 2724 [ 03BA8F890B47C0BE359A4D5A636D214D ] \Device\Harddisk2\DR2
18:31:24.0877 2724 \Device\Harddisk2\DR2 - ok
18:31:24.0893 2724 [ 988D3C46CBD13EC7F482B833C55264C8 ] \Device\Harddisk3\DR3
18:31:25.0033 2724 \Device\Harddisk3\DR3 - ok
18:31:25.0298 2724 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk4\DR4
18:31:25.0439 2724 \Device\Harddisk4\DR4 - ok
18:31:25.0439 2724 ================ Scan VBR ==================================
18:31:25.0454 2724 [ F36926575538E69478AFCB7B723540C3 ] \Device\Harddisk0\DR0\Partition1
18:31:25.0454 2724 \Device\Harddisk0\DR0\Partition1 - ok
18:31:25.0454 2724 [ A810D7F56A1CD4238B7035EA0DFC2436 ] \Device\Harddisk1\DR1\Partition1
18:31:25.0454 2724 \Device\Harddisk1\DR1\Partition1 - ok
18:31:25.0485 2724 [ F9E3CA5A8311081ABEEEBBFDF4B19E12 ] \Device\Harddisk2\DR2\Partition1
18:31:25.0501 2724 \Device\Harddisk2\DR2\Partition1 - ok
18:31:25.0563 2724 [ D43CCAF72370BCBE4B2A438FD63B8EC9 ] \Device\Harddisk2\DR2\Partition2
18:31:25.0595 2724 \Device\Harddisk2\DR2\Partition2 - ok
18:31:25.0610 2724 [ 05E0B10804D7A0C6C88C3AFA28B9D5DD ] \Device\Harddisk3\DR3\Partition1
18:31:25.0610 2724 \Device\Harddisk3\DR3\Partition1 - ok
18:31:25.0610 2724 [ A14C49E533625031860563974A9A7512 ] \Device\Harddisk4\DR4\Partition1
18:31:25.0610 2724 \Device\Harddisk4\DR4\Partition1 - ok
18:31:25.0610 2724 ================ Scan active images ========================
18:31:25.0626 2724 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
18:31:25.0626 2724 C:\Windows\System32\drivers\crashdmp.sys - ok
18:31:25.0626 2724 [ 9BBD8B5855BC6578957F82341F9CDE5A ] C:\Windows\System32\drivers\Diskdump.sys
18:31:25.0626 2724 C:\Windows\System32\drivers\Diskdump.sys - ok
18:31:25.0641 2724 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
18:31:25.0641 2724 C:\Windows\System32\drivers\dumpfve.sys - ok
18:31:25.0641 2724 [ 6BA747B1A9297A6C0271700D12FDD495 ] C:\Windows\System32\drivers\nvstor64.sys
18:31:25.0641 2724 C:\Windows\System32\drivers\nvstor64.sys - ok
18:31:25.0657 2724 [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
18:31:25.0657 2724 C:\Windows\System32\drivers\cdrom.sys - ok
18:31:25.0657 2724 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] C:\Windows\System32\drivers\avgmfx64.sys
18:31:25.0657 2724 C:\Windows\System32\drivers\avgmfx64.sys - ok
18:31:25.0673 2724 [ 0BC445CDCC253047E8CD2D83D725AC18 ] C:\Windows\System32\drivers\avgtpx64.sys
18:31:25.0673 2724 C:\Windows\System32\drivers\avgtpx64.sys - ok
18:31:25.0673 2724 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
18:31:25.0673 2724 C:\Windows\System32\drivers\beep.sys - ok
18:31:25.0688 2724 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
18:31:25.0688 2724 C:\Windows\System32\drivers\null.sys - ok
18:31:25.0688 2724 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
18:31:25.0688 2724 C:\Windows\System32\drivers\videoprt.sys - ok
18:31:25.0704 2724 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
18:31:25.0704 2724 C:\Windows\System32\drivers\watchdog.sys - ok
18:31:25.0704 2724 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
18:31:25.0704 2724 C:\Windows\System32\drivers\msfs.sys - ok
18:31:25.0719 2724 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
18:31:25.0719 2724 C:\Windows\System32\drivers\npfs.sys - ok
18:31:25.0719 2724 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
18:31:25.0719 2724 C:\Windows\System32\drivers\RDPCDD.sys - ok
18:31:25.0735 2724 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
18:31:25.0735 2724 C:\Windows\System32\drivers\RDPENCDD.sys - ok
18:31:25.0751 2724 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
18:31:25.0751 2724 C:\Windows\System32\drivers\RDPREFMP.sys - ok
18:31:25.0751 2724 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
18:31:25.0751 2724 C:\Windows\System32\drivers\vga.sys - ok
18:31:25.0766 2724 [ F8C3C7ED612A41B05C66358FC9786BFD ] C:\Windows\System32\drivers\avgtdia.sys
18:31:25.0766 2724 C:\Windows\System32\drivers\avgtdia.sys - ok
18:31:25.0766 2724 [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
18:31:25.0766 2724 C:\Windows\System32\drivers\tdi.sys - ok
18:31:25.0782 2724 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
18:31:25.0782 2724 C:\Windows\System32\drivers\tdx.sys - ok
18:31:25.0782 2724 [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
18:31:25.0782 2724 C:\Windows\System32\drivers\afd.sys - ok
18:31:25.0797 2724 [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
18:31:25.0797 2724 C:\Windows\System32\drivers\netbt.sys - ok
18:31:25.0797 2724 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
18:31:25.0797 2724 C:\Windows\System32\drivers\wfplwf.sys - ok
18:31:25.0813 2724 [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys
18:31:25.0813 2724 C:\Windows\System32\drivers\ws2ifsl.sys - ok
18:31:25.0813 2724 [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
18:31:25.0813 2724 C:\Windows\System32\drivers\pacer.sys - ok
18:31:25.0829 2724 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
18:31:25.0829 2724 C:\Windows\System32\drivers\netbios.sys - ok
18:31:25.0829 2724 [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
18:31:25.0829 2724 C:\Windows\System32\drivers\rdbss.sys - ok
18:31:25.0844 2724 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
18:31:25.0844 2724 C:\Windows\System32\drivers\termdd.sys - ok
18:31:25.0844 2724 [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
18:31:25.0844 2724 C:\Windows\System32\drivers\wanarp.sys - ok
18:31:25.0860 2724 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
18:31:25.0860 2724 C:\Windows\System32\drivers\blbdrive.sys - ok
18:31:25.0875 2724 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
18:31:25.0875 2724 C:\Windows\System32\drivers\dfsc.sys - ok
18:31:25.0875 2724 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
18:31:25.0875 2724 C:\Windows\System32\drivers\discache.sys - ok
18:31:25.0891 2724 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
18:31:25.0891 2724 C:\Windows\System32\drivers\mssmbios.sys - ok
18:31:25.0891 2724 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
18:31:25.0891 2724 C:\Windows\System32\drivers\nsiproxy.sys - ok
18:31:25.0907 2724 [ BE8BC5D10ABA05D7F6E79D8296906C86 ] C:\Windows\System32\drivers\avgldx64.sys
18:31:25.0907 2724 C:\Windows\System32\drivers\avgldx64.sys - ok
18:31:25.0907 2724 [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
18:31:25.0907 2724 C:\Windows\System32\drivers\tunnel.sys - ok
18:31:25.0922 2724 [ 7024F087CFF1833A806193EF9D22CDA9 ] C:\Windows\System32\drivers\amdk8.sys
18:31:25.0922 2724 C:\Windows\System32\drivers\amdk8.sys - ok
18:31:25.0922 2724 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
18:31:25.0922 2724 C:\Windows\System32\drivers\i8042prt.sys - ok
18:31:25.0938 2724 [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
18:31:25.0938 2724 C:\Windows\System32\ntdll.dll - ok
18:31:25.0938 2724 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
18:31:25.0938 2724 C:\Windows\System32\smss.exe - ok
18:31:25.0953 2724 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
18:31:25.0953 2724 C:\Windows\System32\drivers\mouclass.sys - ok
18:31:25.0953 2724 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
18:31:25.0953 2724 C:\Windows\System32\drivers\kbdclass.sys - ok
18:31:25.0969 2724 [ 9840FC418B4CBD632D3D0A667A725C31 ] C:\Windows\System32\drivers\usbohci.sys
18:31:25.0969 2724 C:\Windows\System32\drivers\usbohci.sys - ok
18:31:25.0969 2724 [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
18:31:25.0969 2724 C:\Windows\System32\drivers\usbport.sys - ok
18:31:25.0985 2724 [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
18:31:25.0985 2724 C:\Windows\System32\drivers\usbehci.sys - ok
18:31:26.0000 2724 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
18:31:26.0000 2724 C:\Windows\System32\drivers\hdaudbus.sys - ok
18:31:26.0000 2724 [ 8E98D21EE06192492A5671A6144D092F ] C:\Windows\System32\drivers\GEARAspiWDM.sys
18:31:26.0000 2724 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
18:31:26.0016 2724 [ ED78D0351046FB53EFAEB48387018BBA ] C:\Windows\System32\drivers\AVerBas.sys
18:31:26.0016 2724 C:\Windows\System32\drivers\AVerBas.sys - ok
18:31:26.0016 2724 [ 909EEDCBD365BB81027D8E742E6B3416 ] C:\Windows\System32\drivers\nvmf6264.sys
18:31:26.0016 2724 C:\Windows\System32\drivers\nvmf6264.sys - ok
18:31:26.0031 2724 [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
18:31:26.0031 2724 C:\Windows\System32\drivers\ks.sys - ok
18:31:26.0031 2724 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
18:31:26.0031 2724 C:\Windows\System32\drivers\ksthunk.sys - ok
18:31:26.0047 2724 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] C:\Windows\System32\drivers\nvlddmkm.sys
18:31:26.0047 2724 C:\Windows\System32\drivers\nvlddmkm.sys - ok
18:31:26.0047 2724 [ F5BEE30450E18E6B83A5012C100616FD ] C:\Windows\System32\drivers\dxgkrnl.sys
18:31:26.0047 2724 C:\Windows\System32\drivers\dxgkrnl.sys - ok
18:31:26.0063 2724 [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
18:31:26.0063 2724 C:\Windows\System32\drivers\CompositeBus.sys - ok
18:31:26.0063 2724 [ 9CD68BDDF322535C02ADC8331013D13D ] C:\Windows\System32\drivers\dxgmms1.sys
18:31:26.0063 2724 C:\Windows\System32\drivers\dxgmms1.sys - ok
18:31:26.0078 2724 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
18:31:26.0078 2724 C:\Windows\System32\drivers\agilevpn.sys - ok
18:31:26.0078 2724 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
18:31:26.0078 2724 C:\Windows\System32\drivers\ndistapi.sys - ok
18:31:26.0094 2724 [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
18:31:26.0094 2724 C:\Windows\System32\drivers\rasl2tp.sys - ok
18:31:26.0094 2724 [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
18:31:26.0094 2724 C:\Windows\System32\drivers\ndiswan.sys - ok
18:31:26.0109 2724 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
18:31:26.0109 2724 C:\Windows\System32\drivers\raspppoe.sys - ok
18:31:26.0109 2724 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
18:31:26.0109 2724 C:\Windows\System32\drivers\raspptp.sys - ok
18:31:26.0125 2724 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
18:31:26.0125 2724 C:\Windows\System32\drivers\rassstp.sys - ok
18:31:26.0125 2724 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
18:31:26.0125 2724 C:\Windows\System32\drivers\swenum.sys - ok
18:31:26.0141 2724 [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
18:31:26.0141 2724 C:\Windows\System32\drivers\umbus.sys - ok
18:31:26.0156 2724 [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
18:31:26.0156 2724 C:\Windows\System32\drivers\usbhub.sys - ok
18:31:26.0156 2724 [ 9ED1BAC93072B7DD2D8D02EA01A0FF14 ] C:\Windows\System32\drivers\AVerCap.sys
18:31:26.0156 2724 C:\Windows\System32\drivers\AVerCap.sys - ok
18:31:26.0172 2724 [ 7B0D1C11BB479C915C558F9221D4E0C3 ] C:\Windows\System32\drivers\AVerTun.sys
18:31:26.0172 2724 C:\Windows\System32\drivers\AVerTun.sys - ok
18:31:26.0172 2724 [ D1CA0BE94F247D05F30F5F98AE29D4E4 ] C:\Windows\System32\drivers\BdaSup.sys
18:31:26.0172 2724 C:\Windows\System32\drivers\BdaSup.sys - ok
18:31:26.0187 2724 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
18:31:26.0187 2724 C:\Windows\System32\drivers\ndproxy.sys - ok
18:31:26.0187 2724 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
18:31:26.0187 2724 C:\Windows\System32\drivers\drmk.sys - ok
18:31:26.0203 2724 [ 975761C778E33CD22498059B91E7373A ] C:\Windows\System32\drivers\HdAudio.sys
18:31:26.0203 2724 C:\Windows\System32\drivers\HdAudio.sys - ok
18:31:26.0203 2724 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
18:31:26.0203 2724 C:\Windows\System32\drivers\portcls.sys - ok
18:31:26.0219 2724 [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
18:31:26.0219 2724 C:\Windows\System32\autochk.exe - ok
18:31:26.0219 2724 [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
18:31:26.0219 2724 C:\Windows\System32\drivers\usbd.sys - ok
18:31:26.0234 2724 [ FED648B01349A3C8395A5169DB5FB7D6 ] C:\Windows\System32\drivers\USBSTOR.SYS
18:31:26.0234 2724 C:\Windows\System32\drivers\USBSTOR.SYS - ok
18:31:26.0234 2724 [ 6F1A3157A1C89435352CEB543CDB359C ] C:\Windows\System32\drivers\usbccgp.sys
18:31:26.0234 2724 C:\Windows\System32\drivers\usbccgp.sys - ok
18:31:26.0250 2724 [ C6316A424C10A25B580D86C098BB0634 ] C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
18:31:26.0250 2724 C:\PROGRA~2\AVG\AVG2012\avgrsa.exe - ok
18:31:26.0265 2724 [ F108BD69365EFC749C7E5F8BBEB51E3B ] C:\Program Files (x86)\AVG\AVG2012\avgsysa.dll
18:31:26.0265 2724 C:\Program Files (x86)\AVG\AVG2012\avgsysa.dll - ok
18:31:26.0265 2724 [ 863D56F63D254EBE27589893688CA8B3 ] C:\Program Files (x86)\AVG\AVG2012\avgntopenssla.dll
18:31:26.0265 2724 C:\Program Files (x86)\AVG\AVG2012\avgntopenssla.dll - ok
18:31:26.0281 2724 [ 67165D5818A872A7F01047771AA81FC9 ] C:\Program Files (x86)\AVG\AVG2012\avgloga.dll
18:31:26.0281 2724 C:\Program Files (x86)\AVG\AVG2012\avgloga.dll - ok
18:31:26.0281 2724 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] C:\Windows\System32\drivers\lvuvc64.sys
18:31:26.0281 2724 C:\Windows\System32\drivers\lvuvc64.sys - ok
18:31:26.0281 2724 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] C:\Windows\System32\drivers\USBAUDIO.sys
18:31:26.0281 2724 C:\Windows\System32\drivers\USBAUDIO.sys - ok
18:31:26.0297 2724 [ 0C85B2B6FB74B36A251792D45E0EF860 ] C:\Windows\System32\drivers\lvrs64.sys
18:31:26.0297 2724 C:\Windows\System32\drivers\lvrs64.sys - ok
18:31:26.0297 2724 [ 0ADC83218B66A6DB380C330836F3E36D ] C:\Windows\System32\drivers\fastfat.sys
18:31:26.0297 2724 C:\Windows\System32\drivers\fastfat.sys - ok
18:31:26.0312 2724 [ 73188F58FB384E75C4063D29413CEE3D ] C:\Windows\System32\drivers\usbprint.sys
18:31:26.0312 2724 C:\Windows\System32\drivers\usbprint.sys - ok
18:31:26.0312 2724 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] C:\Windows\System32\drivers\usbscan.sys
18:31:26.0312 2724 C:\Windows\System32\drivers\usbscan.sys - ok
18:31:26.0328 2724 [ FD05A02B0370BC3000F402E543CA5814 ] C:\Windows\System32\drivers\Dot4usb.sys
18:31:26.0328 2724 C:\Windows\System32\drivers\Dot4usb.sys - ok
18:31:26.0343 2724 [ B42ED0320C6E41102FDE0005154849BB ] C:\Windows\System32\drivers\Dot4.sys
18:31:26.0343 2724 C:\Windows\System32\drivers\Dot4.sys - ok
18:31:26.0343 2724 [ E9F5969233C5D89F3C35E3A66A52A361 ] C:\Windows\System32\drivers\Dot4Prt.sys
18:31:26.0343 2724 C:\Windows\System32\drivers\Dot4Prt.sys - ok
18:31:26.0359 2724 [ 0C9456994D087498B4B12DB6DE02779C ] C:\PROGRA~2\AVG\AVG2012\avgchjwa.dll
18:31:26.0359 2724 C:\PROGRA~2\AVG\AVG2012\avgchjwa.dll - ok
18:31:26.0359 2724 [ 171975CD6BDE8CB4085D999F2EBDECFB ] C:\PROGRA~2\AVG\AVG2012\avgclita.dll
18:31:26.0359 2724 C:\PROGRA~2\AVG\AVG2012\avgclita.dll - ok
18:31:26.0375 2724 [ 80DDC9151BFDF260AC4441A2F3943A04 ] C:\PROGRA~2\AVG\AVG2012\avgcclia.dll
18:31:26.0375 2724 C:\PROGRA~2\AVG\AVG2012\avgcclia.dll - ok
18:31:26.0375 2724 [ B96E3E543675039FC93D14EDF627231A ] C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
18:31:26.0375 2724 C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe - ok
18:31:26.0390 2724 [ 0A292388BCE0877C3F8A5545951E2633 ] C:\Program Files (x86)\AVG\AVG2012\avgcorea.dll
18:31:26.0390 2724 C:\Program Files (x86)\AVG\AVG2012\avgcorea.dll - ok
18:31:26.0390 2724 [ 747601D47721AD1DE22CFFB4F912203D ] C:\Program Files (x86)\AVG\AVG2012\avgcerta.dll
18:31:26.0390 2724 C:\Program Files (x86)\AVG\AVG2012\avgcerta.dll - ok
18:31:26.0406 2724 [ D64B112ECC7230808829A7BE86DCE8E3 ] C:\Program Files (x86)\AVG\AVG2012\avgchcla.dll
18:31:26.0406 2724 C:\Program Files (x86)\AVG\AVG2012\avgchcla.dll - ok
18:31:26.0406 2724 [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
18:31:26.0406 2724 C:\Windows\System32\shell32.dll - ok
18:31:26.0421 2724 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
18:31:26.0421 2724 C:\Windows\System32\imm32.dll - ok
18:31:26.0421 2724 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
18:31:26.0421 2724 C:\Windows\System32\lpk.dll - ok
18:31:26.0437 2724 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
18:31:26.0437 2724 C:\Windows\System32\psapi.dll - ok
18:31:26.0437 2724 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
18:31:26.0437 2724 C:\Windows\System32\difxapi.dll - ok
18:31:26.0453 2724 [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
18:31:26.0453 2724 C:\Windows\System32\rpcrt4.dll - ok
18:31:26.0453 2724 [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
18:31:26.0453 2724 C:\Windows\System32\shlwapi.dll - ok
18:31:26.0468 2724 [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
18:31:26.0468 2724 C:\Windows\System32\Wldap32.dll - ok
18:31:26.0484 2724 [ A0F52880DDD164F968BE903C1FECD27E ] C:\Windows\System32\iertutil.dll
18:31:26.0484 2724 C:\Windows\System32\iertutil.dll - ok
18:31:26.0484 2724 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
18:31:26.0484 2724 C:\Windows\System32\nsi.dll - ok
18:31:26.0499 2724 [ 1DBA462CF92D890D8F8E6472E7E8B4B4 ] C:\Windows\System32\urlmon.dll
18:31:26.0499 2724 C:\Windows\System32\urlmon.dll - ok
18:31:26.0499 2724 [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
18:31:26.0499 2724 C:\Windows\System32\imagehlp.dll - ok
18:31:26.0515 2724 [ DBF99FD9CAF75CA66D042BD8D050FF71 ] C:\Windows\System32\usp10.dll
18:31:26.0515 2724 C:\Windows\System32\usp10.dll - ok
18:31:26.0515 2724 [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
18:31:26.0515 2724 C:\Windows\System32\ws2_32.dll - ok
18:31:26.0531 2724 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
18:31:26.0531 2724 C:\Windows\System32\advapi32.dll - ok
18:31:26.0546 2724 [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
18:31:26.0546 2724 C:\Windows\System32\msvcrt.dll - ok
18:31:26.0546 2724 [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
18:31:26.0546 2724 C:\Windows\System32\oleaut32.dll - ok
18:31:26.0546 2724 [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
18:31:26.0546 2724 C:\Windows\System32\user32.dll - ok
18:31:26.0562 2724 [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
18:31:26.0562 2724 C:\Windows\System32\ole32.dll - ok
18:31:26.0562 2724 [ 5121DB613E10A46A3C5085B479026AA7 ] C:\Windows\System32\wininet.dll
18:31:26.0562 2724 C:\Windows\System32\wininet.dll - ok
18:31:26.0577 2724 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
18:31:26.0577 2724 C:\Windows\System32\clbcatq.dll - ok
18:31:26.0593 2724 [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
18:31:26.0593 2724 C:\Windows\System32\setupapi.dll - ok
18:31:26.0593 2724 [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
18:31:26.0593 2724 C:\Windows\System32\gdi32.dll - ok
18:31:26.0609 2724 [ 65C113214F7B05820F6D8A65B1485196 ] C:\Windows\System32\kernel32.dll
18:31:26.0609 2724 C:\Windows\System32\kernel32.dll - ok
18:31:26.0609 2724 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
18:31:26.0609 2724 C:\Windows\System32\msctf.dll - ok
18:31:26.0624 2724 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
18:31:26.0624 2724 C:\Windows\System32\sechost.dll - ok
18:31:26.0624 2724 [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
18:31:26.0624 2724 C:\Windows\System32\comdlg32.dll - ok
18:31:26.0640 2724 [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll
18:31:26.0640 2724 C:\Windows\System32\crypt32.dll - ok
18:31:26.0640 2724 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
18:31:26.0640 2724 C:\Windows\System32\devobj.dll - ok
18:31:26.0655 2724 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
18:31:26.0655 2724 C:\Windows\System32\normaliz.dll - ok
18:31:26.0655 2724 [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
18:31:26.0655 2724 C:\Windows\System32\cfgmgr32.dll - ok
18:31:26.0671 2724 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
18:31:26.0671 2724 C:\Windows\System32\comctl32.dll - ok
18:31:26.0671 2724 [ 1F56F209585F350A5666E3CC7931FD67 ] C:\Windows\System32\KernelBase.dll
18:31:26.0671 2724 C:\Windows\System32\KernelBase.dll - ok
18:31:26.0687 2724 [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
18:31:26.0687 2724 C:\Windows\System32\msasn1.dll - ok
18:31:26.0687 2724 [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
18:31:26.0687 2724 C:\Windows\System32\wintrust.dll - ok
18:31:26.0702 2724 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
18:31:26.0702 2724 C:\Windows\SysWOW64\normaliz.dll - ok
18:31:26.0718 2724 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
18:31:26.0718 2724 C:\Windows\System32\drivers\dxapi.sys - ok
18:31:26.0718 2724 [ 523B9B64F2B6C630A2E0A87116C05F12 ] C:\Windows\System32\win32k.sys
18:31:26.0718 2724 C:\Windows\System32\win32k.sys - ok
18:31:26.0733 2724 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
18:31:26.0733 2724 C:\Windows\System32\basesrv.dll - ok
18:31:26.0733 2724 [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll
18:31:26.0733 2724 C:\Windows\System32\csrsrv.dll - ok
18:31:26.0749 2724 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
18:31:26.0749 2724 C:\Windows\System32\csrss.exe - ok
18:31:26.0749 2724 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\System32\winsrv.dll
18:31:26.0749 2724 C:\Windows\System32\winsrv.dll - ok
18:31:26.0765 2724 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
18:31:26.0765 2724 C:\Windows\System32\drivers\monitor.sys - ok
18:31:26.0765 2724 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
18:31:26.0765 2724 C:\Windows\System32\tsddd.dll - ok
18:31:26.0780 2724 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
18:31:26.0780 2724 C:\Windows\System32\sxssrv.dll - ok
18:31:26.0780 2724 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
18:31:26.0780 2724 C:\Windows\System32\wininit.exe - ok
18:31:26.0796 2724 [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
18:31:26.0796 2724 C:\Windows\System32\KBDUS.DLL - ok
18:31:26.0796 2724 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
18:31:26.0796 2724 C:\Windows\System32\profapi.dll - ok
18:31:26.0811 2724 [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
18:31:26.0811 2724 C:\Windows\System32\RpcRtRemote.dll - ok
18:31:26.0811 2724 [ 05569A79BF4693670B709144382D02D4 ] C:\Windows\System32\cdd.dll
18:31:26.0811 2724 C:\Windows\System32\cdd.dll - ok
18:31:26.0827 2724 [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
18:31:26.0827 2724 C:\Windows\System32\sxs.dll - ok
18:31:26.0827 2724 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
18:31:26.0827 2724 C:\Windows\System32\WlS0WndH.dll - ok
18:31:26.0843 2724 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
18:31:26.0843 2724 C:\Windows\System32\cryptbase.dll - ok
18:31:26.0843 2724 [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
18:31:26.0843 2724 C:\Windows\System32\apphelp.dll - ok
18:31:26.0858 2724 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
18:31:26.0858 2724 C:\Windows\System32\services.exe - ok
18:31:26.0858 2724 [ 66A6063D0BAAD3F7B2B9868859E0743B ] C:\Windows\System32\lsasrv.dll
18:31:26.0858 2724 C:\Windows\System32\lsasrv.dll - ok
18:31:26.0874 2724 [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
18:31:26.0874 2724 C:\Windows\System32\lsass.exe - ok
18:31:26.0874 2724 [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
18:31:26.0874 2724 C:\Windows\System32\lsm.exe - ok
18:31:26.0889 2724 [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
18:31:26.0889 2724 C:\Windows\System32\sspicli.dll - ok
18:31:26.0905 2724 [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
18:31:26.0905 2724 C:\Windows\System32\sspisrv.dll - ok
18:31:26.0905 2724 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
18:31:26.0905 2724 C:\Windows\System32\sysntfy.dll - ok
18:31:26.0921 2724 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
18:31:26.0921 2724 C:\Windows\System32\cryptdll.dll - ok
18:31:26.0921 2724 [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
18:31:26.0921 2724 C:\Windows\System32\samsrv.dll - ok
18:31:26.0936 2724 [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
18:31:26.0936 2724 C:\Windows\System32\scesrv.dll - ok
18:31:26.0952 2724 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
18:31:26.0952 2724 C:\Windows\System32\scext.dll - ok
18:31:26.0952 2724 [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
18:31:26.0952 2724 C:\Windows\System32\secur32.dll - ok
18:31:26.0967 2724 [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
18:31:26.0967 2724 C:\Windows\System32\srvcli.dll - ok
18:31:26.0967 2724 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
18:31:26.0967 2724 C:\Windows\System32\wevtapi.dll - ok
18:31:26.0983 2724 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
18:31:26.0983 2724 C:\Windows\System32\wmsgapi.dll - ok
18:31:26.0983 2724 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
18:31:26.0983 2724 C:\Windows\System32\authz.dll - ok
18:31:26.0999 2724 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
18:31:26.0999 2724 C:\Windows\System32\bcrypt.dll - ok
18:31:26.0999 2724 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
18:31:26.0999 2724 C:\Windows\System32\cngaudit.dll - ok
18:31:27.0014 2724 [ 5F3307352216618221A17CFEF273EEE2 ] C:\Windows\System32\ncrypt.dll
18:31:27.0014 2724 C:\Windows\System32\ncrypt.dll - ok
18:31:27.0014 2724 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
18:31:27.0014 2724 C:\Windows\System32\msprivs.dll - ok
18:31:27.0030 2724 [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
18:31:27.0030 2724 C:\Windows\System32\kerberos.dll - ok
18:31:27.0045 2724 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
18:31:27.0045 2724 C:\Windows\System32\negoexts.dll - ok
18:31:27.0045 2724 [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
18:31:27.0045 2724 C:\Windows\System32\netjoin.dll - ok
18:31:27.0061 2724 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
18:31:27.0061 2724 C:\Windows\System32\cryptsp.dll - ok
18:31:27.0061 2724 [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
18:31:27.0061 2724 C:\Windows\System32\mswsock.dll - ok
18:31:27.0077 2724 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
18:31:27.0077 2724 C:\Windows\System32\wship6.dll - ok
18:31:27.0077 2724 [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
18:31:27.0077 2724 C:\Windows\System32\dnsapi.dll - ok
18:31:27.0092 2724 [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
18:31:27.0092 2724 C:\Windows\System32\logoncli.dll - ok
18:31:27.0092 2724 [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
18:31:27.0092 2724 C:\Windows\System32\msv1_0.dll - ok
18:31:27.0108 2724 [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
18:31:27.0108 2724 C:\Windows\System32\netlogon.dll - ok
18:31:27.0108 2724 [ 1573C45E65DE32B1BC3572634F8F1E8E ] C:\Windows\System32\schannel.dll
18:31:27.0108 2724 C:\Windows\System32\schannel.dll - ok
18:31:27.0123 2724 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
18:31:27.0123 2724 C:\Windows\System32\wdigest.dll - ok
18:31:27.0123 2724 [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
18:31:27.0123 2724 C:\Windows\System32\winlogon.exe - ok
18:31:27.0139 2724 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
18:31:27.0139 2724 C:\Windows\System32\pku2u.dll - ok
18:31:27.0139 2724 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
18:31:27.0139 2724 C:\Windows\System32\rsaenh.dll - ok
18:31:27.0155 2724 [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
18:31:27.0155 2724 C:\Windows\System32\TSpkg.dll - ok
18:31:27.0155 2724 [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
18:31:27.0155 2724 C:\Windows\System32\winsta.dll - ok
18:31:27.0170 2724 [ 7DBA64AD70C2E2481C68D9E0F7CD7840 ] C:\Windows\System32\LIVESSP.DLL
18:31:27.0170 2724 C:\Windows\System32\LIVESSP.DLL - ok
18:31:27.0186 2724 [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
18:31:27.0186 2724 C:\Windows\System32\bcryptprimitives.dll - ok
18:31:27.0186 2724 [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
18:31:27.0186 2724 C:\Windows\System32\credssp.dll - ok
18:31:27.0201 2724 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
18:31:27.0201 2724 C:\Windows\System32\efslsaext.dll - ok
18:31:27.0201 2724 [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
18:31:27.0201 2724 C:\Windows\System32\scecli.dll - ok
18:31:27.0217 2724 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
18:31:27.0217 2724 C:\Windows\System32\ubpm.dll - ok
18:31:27.0233 2724 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
18:31:27.0233 2724 C:\Windows\System32\svchost.exe - ok
18:31:27.0233 2724 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
18:31:27.0233 2724 C:\Windows\System32\devrtl.dll - ok
18:31:27.0248 2724 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
18:31:27.0248 2724 C:\Windows\System32\gpapi.dll - ok
18:31:27.0248 2724 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
18:31:27.0248 2724 C:\Windows\System32\SPInf.dll - ok
18:31:27.0264 2724 [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
18:31:27.0264 2724 C:\Windows\System32\umpnpmgr.dll - ok
18:31:27.0279 2724 [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
18:31:27.0279 2724 C:\Windows\System32\userenv.dll - ok
18:31:27.0279 2724 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
18:31:27.0279 2724 C:\Windows\System32\pcwum.dll - ok
18:31:27.0295 2724 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
18:31:27.0295 2724 C:\Windows\System32\umpo.dll - ok
18:31:27.0295 2724 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
18:31:27.0295 2724 C:\Windows\System32\powrprof.dll - ok
18:31:27.0311 2724 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
18:31:27.0311 2724 C:\Windows\System32\drivers\luafv.sys - ok
18:31:27.0311 2724 [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
18:31:27.0311 2724 C:\Windows\System32\rpcss.dll - ok
18:31:27.0326 2724 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
18:31:27.0326 2724 C:\Windows\System32\RpcEpMap.dll - ok
18:31:27.0326 2724 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
18:31:27.0326 2724 C:\Windows\System32\wshqos.dll - ok
18:31:27.0342 2724 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
18:31:27.0342 2724 C:\Windows\System32\WSHTCPIP.DLL - ok
18:31:27.0342 2724 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
18:31:27.0342 2724 C:\Windows\System32\FirewallAPI.dll - ok
18:31:27.0342 2724 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
18:31:27.0342 2724 C:\Windows\System32\version.dll - ok
18:31:27.0357 2724 [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
18:31:27.0357 2724 C:\Windows\System32\LogonUI.exe - ok
18:31:27.0357 2724 [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
18:31:27.0357 2724 C:\Windows\System32\wevtsvc.dll - ok
18:31:27.0373 2724 [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
18:31:27.0373 2724 C:\Windows\System32\authui.dll - ok
18:31:27.0389 2724 [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
18:31:27.0389 2724 C:\Windows\System32\cryptui.dll - ok
18:31:27.0389 2724 [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
18:31:27.0389 2724 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
18:31:27.0404 2724 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
18:31:27.0404 2724 C:\Windows\System32\samlib.dll - ok
18:31:27.0404 2724 [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
18:31:27.0404 2724 C:\Windows\System32\shacct.dll - ok
18:31:27.0420 2724 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
18:31:27.0420 2724 C:\Windows\System32\adtschema.dll - ok
18:31:27.0420 2724 [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
18:31:27.0420 2724 C:\Windows\System32\propsys.dll - ok
18:31:27.0435 2724 [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll
18:31:27.0435 2724 C:\Windows\System32\audiosrv.dll - ok
18:31:27.0435 2724 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
18:31:27.0435 2724 C:\Windows\System32\uxtheme.dll - ok
18:31:27.0451 2724 [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll
18:31:27.0451 2724 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok
18:31:27.0451 2724 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
18:31:27.0451 2724 C:\Windows\System32\dui70.dll - ok
18:31:27.0467 2724 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
18:31:27.0467 2724 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
18:31:27.0467 2724 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
18:31:27.0467 2724 C:\Windows\System32\MMDevAPI.dll - ok
18:31:27.0482 2724 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
18:31:27.0482 2724 C:\Windows\System32\avrt.dll - ok
18:31:27.0498 2724 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
18:31:27.0498 2724 C:\Windows\System32\duser.dll - ok
18:31:27.0498 2724 [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
18:31:27.0498 2724 C:\Windows\System32\SndVolSSO.dll - ok
18:31:27.0513 2724 [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
18:31:27.0513 2724 C:\Windows\System32\drivers\fltMgr.sys - ok
18:31:27.0513 2724 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
18:31:27.0513 2724 C:\Windows\System32\dwmapi.dll - ok
18:31:27.0529 2724 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
18:31:27.0529 2724 C:\Windows\System32\hid.dll - ok
18:31:27.0529 2724 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
18:31:27.0529 2724 C:\Windows\System32\PSHED.DLL - ok
18:31:27.0545 2724 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
18:31:27.0545 2724 C:\Windows\System32\mmcss.dll - ok
18:31:27.0545 2724 [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
18:31:27.0545 2724 C:\Windows\System32\xmllite.dll - ok
18:31:27.0560 2724 [ 67A95B9D129ED5399E7965CD09CF30E7 ] C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
18:31:27.0560 2724 C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe - ok
18:31:27.0560 2724 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
18:31:27.0560 2724 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
18:31:27.0576 2724 [ 26B73A85855681500BCC25C7CD9FF5B1 ] C:\Windows\System32\WindowsCodecs.dll
18:31:27.0576 2724 C:\Windows\System32\WindowsCodecs.dll - ok
18:31:27.0576 2724 [ 259EB5F7D95A29842B476C5B3EB6E186 ] C:\Windows\System32\wow64.dll
18:31:27.0576 2724 C:\Windows\System32\wow64.dll - ok
18:31:27.0591 2724 [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
18:31:27.0591 2724 C:\Windows\SysWOW64\ntdll.dll - ok
18:31:27.0591 2724 [ 3EE3AA76D8AB6D5644C4C8F34471CEB3 ] C:\Windows\System32\wow64cpu.dll
18:31:27.0591 2724 C:\Windows\System32\wow64cpu.dll - ok
18:31:27.0607 2724 [ 5674E21E82CFBEA36DDAD5DB285D6DBC ] C:\Windows\System32\wow64win.dll
18:31:27.0607 2724 C:\Windows\System32\wow64win.dll - ok
18:31:27.0607 2724 [ AC0B6F41882FC6ED186962D770EBF1D2 ] C:\Windows\SysWOW64\kernel32.dll
18:31:27.0607 2724 C:\Windows\SysWOW64\kernel32.dll - ok
18:31:27.0623 2724 [ E954A79D6A754A5475582CACED1565E6 ] C:\Windows\SysWOW64\KernelBase.dll
18:31:27.0623 2724 C:\Windows\SysWOW64\KernelBase.dll - ok
18:31:27.0623 2724 [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
18:31:27.0623 2724 C:\Windows\SysWOW64\cfgmgr32.dll - ok
18:31:27.0638 2724 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
18:31:27.0638 2724 C:\Windows\SysWOW64\msvcrt.dll - ok
18:31:27.0638 2724 [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
18:31:27.0638 2724 C:\Windows\SysWOW64\rpcrt4.dll - ok
18:31:27.0654 2724 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
18:31:27.0654 2724 C:\Windows\SysWOW64\setupapi.dll - ok
18:31:27.0654 2724 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
18:31:27.0654 2724 C:\Windows\SysWOW64\advapi32.dll - ok
18:31:27.0669 2724 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
18:31:27.0669 2724 C:\Windows\SysWOW64\cryptbase.dll - ok
18:31:27.0669 2724 [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
18:31:27.0669 2724 C:\Windows\SysWOW64\gdi32.dll - ok
18:31:27.0685 2724 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
18:31:27.0685 2724 C:\Windows\SysWOW64\sechost.dll - ok
18:31:27.0685 2724 [ EDA7AD21DF8945528F01F0A86D69E524 ] C:\Windows\SysWOW64\sspicli.dll
18:31:27.0685 2724 C:\Windows\SysWOW64\sspicli.dll - ok
18:31:27.0701 2724 [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
18:31:27.0701 2724 C:\Windows\SysWOW64\user32.dll - ok
18:31:27.0701 2724 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
18:31:27.0701 2724 C:\Windows\SysWOW64\lpk.dll - ok
18:31:27.0716 2724 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
18:31:27.0716 2724 C:\Windows\SysWOW64\ole32.dll - ok
18:31:27.0716 2724 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
18:31:27.0716 2724 C:\Windows\SysWOW64\oleaut32.dll - ok
18:31:27.0732 2724 [ B7230010D97787AF3D25E4C82F2B06B9 ] C:\Windows\SysWOW64\usp10.dll
18:31:27.0732 2724 C:\Windows\SysWOW64\usp10.dll - ok
18:31:27.0732 2724 [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
18:31:27.0732 2724 C:\Windows\SysWOW64\devobj.dll - ok
18:31:27.0747 2724 [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
18:31:27.0747 2724 C:\Windows\SysWOW64\imm32.dll - ok
18:31:27.0747 2724 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
18:31:27.0747 2724 C:\Windows\SysWOW64\msctf.dll - ok
18:31:27.0763 2724 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
18:31:27.0763 2724 C:\Windows\SysWOW64\version.dll - ok
18:31:27.0763 2724 [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\SysWOW64\crypt32.dll
18:31:27.0779 2724 C:\Windows\SysWOW64\crypt32.dll - ok
18:31:27.0779 2724 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
18:31:27.0779 2724 C:\Windows\SysWOW64\msasn1.dll - ok
18:31:27.0794 2724 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll
18:31:27.0794 2724 C:\Windows\SysWOW64\wintrust.dll - ok
18:31:27.0794 2724 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
18:31:27.0794 2724 C:\Windows\System32\winbrand.dll - ok
18:31:27.0810 2724 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
18:31:27.0810 2724 C:\Windows\System32\wtsapi32.dll - ok
18:31:27.0810 2724 [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
18:31:27.0810 2724 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
18:31:27.0825 2724 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
18:31:27.0825 2724 C:\Windows\System32\VaultCredProvider.dll - ok
18:31:27.0825 2724 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
18:31:27.0825 2724 C:\Windows\System32\BioCredProv.dll - ok
18:31:27.0841 2724 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
18:31:27.0841 2724 C:\Windows\System32\winbio.dll - ok
18:31:27.0841 2724 [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe
18:31:27.0841 2724 C:\Windows\System32\audiodg.exe - ok
18:31:27.0857 2724 [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll
18:31:27.0857 2724 C:\Windows\System32\credui.dll - ok
18:31:27.0857 2724 [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
18:31:27.0857 2724 C:\Windows\System32\netapi32.dll - ok
18:31:27.0872 2724 [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
18:31:27.0872 2724 C:\Windows\System32\netutils.dll - ok
18:31:27.0872 2724 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
18:31:27.0872 2724 C:\Windows\System32\vaultcli.dll - ok
18:31:27.0888 2724 [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
18:31:27.0888 2724 C:\Windows\System32\samcli.dll - ok
18:31:27.0888 2724 [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
18:31:27.0888 2724 C:\Windows\System32\wkscli.dll - ok
18:31:27.0903 2724 [ 032229246107C5C7211E6D1498B52D3D ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
18:31:27.0903 2724 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL - ok
18:31:27.0903 2724 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
18:31:27.0903 2724 C:\Windows\System32\certCredProvider.dll - ok
18:31:27.0919 2724 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
18:31:27.0919 2724 C:\Windows\System32\rasplap.dll - ok
18:31:27.0935 2724 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
18:31:27.0935 2724 C:\Windows\System32\rasapi32.dll - ok
18:31:27.0935 2724 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
18:31:27.0935 2724 C:\Windows\System32\rasman.dll - ok
18:31:27.0950 2724 [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
18:31:27.0950 2724 C:\Windows\System32\rtutils.dll - ok
18:31:27.0950 2724 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
18:31:27.0950 2724 C:\Windows\System32\ntmarta.dll - ok
18:31:27.0966 2724 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll
18:31:27.0966 2724 C:\Windows\System32\gpsvc.dll - ok
18:31:27.0966 2724 [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll
18:31:27.0966 2724 C:\Windows\System32\nlaapi.dll - ok
18:31:27.0981 2724 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
18:31:27.0981 2724 C:\Windows\System32\atl.dll - ok
18:31:27.0981 2724 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll
18:31:27.0981 2724 C:\Windows\System32\profsvc.dll - ok
18:31:27.0997 2724 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
18:31:27.0997 2724 C:\Windows\System32\themeservice.dll - ok
18:31:27.0997 2724 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
18:31:27.0997 2724 C:\Windows\System32\dsrole.dll - ok
18:31:28.0013 2724 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
18:31:28.0013 2724 C:\Windows\System32\slc.dll - ok
18:31:28.0013 2724 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
18:31:28.0013 2724 C:\Windows\System32\es.dll - ok
18:31:28.0028 2724 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
18:31:28.0028 2724 C:\Windows\System32\comres.dll - ok
18:31:28.0028 2724 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
18:31:28.0028 2724 C:\Windows\System32\Sens.dll - ok
18:31:28.0044 2724 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
18:31:28.0044 2724 C:\Windows\System32\uxsms.dll - ok
18:31:28.0044 2724 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
18:31:28.0044 2724 C:\Windows\System32\drivers\lltdio.sys - ok
18:31:28.0059 2724 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
18:31:28.0059 2724 C:\Windows\System32\drivers\rspndr.sys - ok
18:31:28.0059 2724 [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
18:31:28.0059 2724 C:\Windows\System32\IPHLPAPI.DLL - ok
18:31:28.0075 2724 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
18:31:28.0075 2724 C:\Windows\System32\lmhsvc.dll - ok
18:31:28.0075 2724 [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
18:31:28.0075 2724 C:\Windows\System32\nrpsrv.dll - ok
18:31:28.0091 2724 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
18:31:28.0091 2724 C:\Windows\System32\nsisvc.dll - ok
18:31:28.0091 2724 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
18:31:28.0091 2724 C:\Windows\System32\winnsi.dll - ok
18:31:28.0106 2724 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
18:31:28.0106 2724 C:\Windows\System32\dhcpcore.dll - ok
18:31:28.0106 2724 [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll
18:31:28.0106 2724 C:\Windows\System32\dhcpcore6.dll - ok
18:31:28.0122 2724 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
18:31:28.0122 2724 C:\Windows\System32\UXInit.dll - ok
18:31:28.0122 2724 [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll
18:31:28.0122 2724 C:\Windows\System32\dhcpcsvc6.dll - ok
18:31:28.0137 2724 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
18:31:28.0137 2724 C:\Windows\System32\dnsrslvr.dll - ok
18:31:28.0137 2724 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
18:31:28.0137 2724 C:\Windows\System32\dhcpcsvc.dll - ok
18:31:28.0153 2724 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
18:31:28.0153 2724 C:\Windows\System32\FWPUCLNT.DLL - ok
18:31:28.0153 2724 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
18:31:28.0153 2724 C:\Windows\System32\dnsext.dll - ok
18:31:28.0169 2724 [ AAF932B4011D14052955D4B212A4DA8D ] C:\Windows\System32\shsvcs.dll
18:31:28.0169 2724 C:\Windows\System32\shsvcs.dll - ok
18:31:28.0169 2724 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
18:31:28.0169 2724 C:\Windows\System32\ktmw32.dll - ok
18:31:28.0184 2724 [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll
18:31:28.0184 2724 C:\Windows\System32\schedsvc.dll - ok
18:31:28.0184 2724 [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll
18:31:28.0184 2724 C:\Windows\System32\fveapi.dll - ok
18:31:28.0200 2724 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
18:31:28.0200 2724 C:\Windows\System32\fvecerts.dll - ok
18:31:28.0200 2724 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
18:31:28.0200 2724 C:\Windows\System32\tbs.dll - ok
18:31:28.0215 2724 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
18:31:28.0215 2724 C:\Windows\System32\imageres.dll - ok
18:31:28.0215 2724 [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll
18:31:28.0215 2724 C:\Windows\System32\taskcomp.dll - ok
18:31:28.0231 2724 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
18:31:28.0231 2724 C:\Windows\System32\wiarpc.dll - ok
18:31:28.0231 2724 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys
18:31:28.0231 2724 C:\Windows\System32\drivers\http.sys - ok
18:31:28.0247 2724 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] C:\Windows\System32\spoolsv.exe
18:31:28.0247 2724 C:\Windows\System32\spoolsv.exe - ok
18:31:28.0262 2724 [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
18:31:28.0262 2724 C:\Windows\System32\BFE.DLL - ok
18:31:28.0262 2724 [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
18:31:28.0262 2724 C:\Windows\System32\drivers\bowser.sys - ok
18:31:28.0278 2724 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
18:31:28.0278 2724 C:\Windows\System32\drivers\mpsdrv.sys - ok
18:31:28.0278 2724 [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
18:31:28.0278 2724 C:\Windows\System32\drivers\mrxsmb.sys - ok
18:31:28.0293 2724 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
18:31:28.0293 2724 C:\Windows\System32\MPSSVC.dll - ok
18:31:28.0293 2724 [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
18:31:28.0293 2724 C:\Windows\System32\drivers\mrxsmb10.sys - ok
18:31:28.0309 2724 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
18:31:28.0309 2724 C:\Windows\System32\drivers\mrxsmb20.sys - ok
18:31:28.0309 2724 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
18:31:28.0309 2724 C:\Windows\System32\dllhost.exe - ok
18:31:28.0325 2724 [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
18:31:28.0325 2724 C:\Windows\System32\wkssvc.dll - ok
18:31:28.0325 2724 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
18:31:28.0325 2724 C:\Windows\System32\wfapigp.dll - ok
18:31:28.0340 2724 [ 34400005DE52842C4D6D4EE978B4D7CE ] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
18:31:28.0340 2724 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe - ok
18:31:28.0340 2724 [ 707DC793BC599ACA525DE0AB1EC85E17 ] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\platform.DLL
18:31:28.0340 2724 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\platform.DLL - ok
18:31:28.0356 2724 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
18:31:28.0356 2724 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
18:31:28.0356 2724 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
18:31:28.0356 2724 C:\Windows\SysWOW64\mswsock.dll - ok
18:31:28.0371 2724 [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
18:31:28.0371 2724 C:\Windows\System32\mscms.dll - ok
18:31:28.0387 2724 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
18:31:28.0387 2724 C:\Windows\System32\pcasvc.dll - ok
18:31:28.0387 2724 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
18:31:28.0387 2724 C:\Windows\SysWOW64\nsi.dll - ok
18:31:28.0403 2724 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
18:31:28.0403 2724 C:\Windows\SysWOW64\ws2_32.dll - ok
18:31:28.0403 2724 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
18:31:28.0403 2724 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
18:31:28.0403 2724 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
18:31:28.0403 2724 C:\Windows\System32\IDStore.dll - ok
18:31:28.0418 2724 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
18:31:28.0418 2724 C:\Windows\System32\snmptrap.exe - ok
18:31:28.0418 2724 [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\SysWOW64\shell32.dll
18:31:28.0418 2724 C:\Windows\SysWOW64\shell32.dll - ok
18:31:28.0434 2724 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
18:31:28.0434 2724 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
18:31:28.0434 2724 [ 10EAB90C1AE8271B5FE5A8930987EE5C ] C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll
18:31:28.0434 2724 C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll - ok
18:31:28.0449 2724 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
18:31:28.0449 2724 C:\Windows\SysWOW64\shlwapi.dll - ok
18:31:28.0465 2724 [ 7C00C608FE4C8EDE9E30940837B9AC8B ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
18:31:28.0465 2724 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll - ok
18:31:28.0465 2724 [ 1BCDB508143B517F21BBDAC10F5777BF ] C:\Windows\System32\conhost.exe
18:31:28.0465 2724 C:\Windows\System32\conhost.exe - ok
18:31:28.0481 2724 [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
18:31:28.0481 2724 C:\Windows\System32\provsvc.dll - ok
18:31:28.0481 2724 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
18:31:28.0481 2724 C:\Windows\System32\sstpsvc.dll - ok
18:31:28.0496 2724 [ 639774C9ACD063F028F6084ABF5593AD ] C:\Windows\System32\taskhost.exe
18:31:28.0496 2724 C:\Windows\System32\taskhost.exe - ok
18:31:28.0496 2724 [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
18:31:28.0496 2724 C:\Windows\System32\AtBroker.exe - ok
18:31:28.0512 2724 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
18:31:28.0512 2724 C:\Windows\System32\mpr.dll - ok
18:31:28.0512 2724 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
18:31:28.0512 2724 C:\Windows\SysWOW64\profapi.dll - ok
18:31:28.0527 2724 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
18:31:28.0527 2724 C:\Windows\SysWOW64\ntmarta.dll - ok
18:31:28.0527 2724 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
18:31:28.0527 2724 C:\Windows\SysWOW64\Wldap32.dll - ok
18:31:28.0543 2724 [ 3927397AC60D943DAF8808AFFED582B7 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:31:28.0543 2724 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
18:31:28.0543 2724 [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
18:31:28.0543 2724 C:\Windows\System32\userinit.exe - ok
18:31:28.0559 2724 [ 65EA57712340C09B1B0C427B4848AE05 ] C:\Windows\System32\taskeng.exe
18:31:28.0559 2724 C:\Windows\System32\taskeng.exe - ok
18:31:28.0559 2724 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
18:31:28.0559 2724 C:\Windows\System32\dwm.exe - ok
18:31:28.0574 2724 [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
18:31:28.0574 2724 C:\Windows\System32\dwmredir.dll - ok
18:31:28.0574 2724 [ E1374D37477322D4956604711008C69D ] C:\Windows\System32\d3d10_1.dll
18:31:28.0574 2724 C:\Windows\System32\d3d10_1.dll - ok
18:31:28.0590 2724 [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
18:31:28.0590 2724 C:\Windows\System32\dwmcore.dll - ok
18:31:28.0590 2724 [ 426BA4E737A7988FD1202AF2F2B2F4A6 ] C:\Windows\System32\d3d10_1core.dll
18:31:28.0590 2724 C:\Windows\System32\d3d10_1core.dll - ok
18:31:28.0605 2724 [ F404E59DB6A0F122AB26BF4F3E2FD0FA ] C:\Windows\System32\dxgi.dll
18:31:28.0605 2724 C:\Windows\System32\dxgi.dll - ok
18:31:28.0621 2724 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
18:31:28.0621 2724 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
18:31:28.0621 2724 [ F9D908DE6B166DAC9B89BF62FA291CE8 ] C:\Program Files\Bonjour\mdnsNSP.dll
18:31:28.0621 2724 C:\Program Files\Bonjour\mdnsNSP.dll - ok
18:31:28.0637 2724 [ AFB5B500AD69E24ED1BC15D1161641EF ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
18:31:28.0637 2724 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
18:31:28.0652 2724 [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
18:31:28.0652 2724 C:\Windows\explorer.exe - ok
18:31:28.0652 2724 [ A5299D04ED225D64CF07A568A3E1BF8C ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:31:28.0652 2724 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
18:31:28.0668 2724 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
18:31:28.0668 2724 C:\Windows\System32\rasadhlp.dll - ok
18:31:28.0668 2724 [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
18:31:28.0668 2724 C:\Windows\System32\umb.dll - ok
18:31:28.0683 2724 [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051 ] C:\Windows\System32\localspl.dll
18:31:28.0683 2724 C:\Windows\System32\localspl.dll - ok
18:31:28.0683 2724 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
18:31:28.0683 2724 C:\Windows\System32\spoolss.dll - ok
18:31:28.0699 2724 [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
18:31:28.0699 2724 C:\Windows\System32\winspool.drv - ok
18:31:28.0699 2724 [ D7016846DBD0D73E6FBF5E68E0EA370E ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll
18:31:28.0699 2724 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
18:31:28.0699 2724 [ 0B1534374BF9E51162683A63A2BAB9FE ] C:\Windows\System32\CNMLM9T.DLL
18:31:28.0699 2724 C:\Windows\System32\CNMLM9T.DLL - ok
18:31:28.0715 2724 [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll
18:31:28.0715 2724 C:\Windows\System32\PrintIsolationProxy.dll - ok
18:31:28.0730 2724 [ 64894527838C86454E2F378FF39FA336 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll
18:31:28.0730 2724 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
18:31:28.0730 2724 [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
18:31:28.0730 2724 C:\Windows\System32\ExplorerFrame.dll - ok
18:31:28.0746 2724 [ EF8CD3C64EE9C08980D6D06CCCE46C68 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
18:31:28.0746 2724 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
18:31:28.0746 2724 [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll
18:31:28.0746 2724 C:\Windows\System32\FXSMON.dll - ok
18:31:28.0761 2724 [ E2B08D19F5F3BDD73A6F046E2B371A41 ] C:\Windows\System32\HPZLLWN7.DLL
18:31:28.0761 2724 C:\Windows\System32\HPZLLWN7.DLL - ok
18:31:28.0761 2724 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
18:31:28.0761 2724 C:\Windows\System32\snmpapi.dll - ok
18:31:28.0777 2724 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
18:31:28.0777 2724 C:\Windows\System32\tcpmon.dll - ok
18:31:28.0777 2724 [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll
18:31:28.0777 2724 C:\Windows\System32\wsnmp32.dll - ok
18:31:28.0793 2724 [ 99B91C5D2FCEF218CAD3600ECB62A799 ] C:\Windows\System32\msxml6.dll
18:31:28.0793 2724 C:\Windows\System32\msxml6.dll - ok
18:31:28.0793 2724 [ 78865ABC5F5D13190F8B35BD9044714A ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
18:31:28.0793 2724 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll - ok
18:31:28.0808 2724 [ 62169BDD927A67C360A35F4526429B01 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
18:31:28.0808 2724 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
18:31:28.0808 2724 [ 5D11EBF91F2C7D87B9B1B49688965C13 ] C:\Windows\System32\nvwgf2umx.dll
18:31:28.0808 2724 C:\Windows\System32\nvwgf2umx.dll - ok
18:31:28.0824 2724 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
18:31:28.0824 2724 C:\Windows\System32\usbmon.dll - ok
18:31:28.0839 2724 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
18:31:28.0839 2724 C:\Windows\SysWOW64\wsock32.dll - ok
18:31:28.0839 2724 [ FF9831030678C7B6D70BAC00F68F8976 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
18:31:28.0839 2724 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
18:31:28.0855 2724 [ 9ABB7CDAC0914579C86990048771B1B4 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
18:31:28.0855 2724 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll - ok
18:31:28.0855 2724 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll
18:31:28.0855 2724 C:\Windows\SysWOW64\winmm.dll - ok
18:31:28.0871 2724 [ D47913F993A0E3A0C9F1E88FD02E98C6 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
18:31:28.0871 2724 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
18:31:28.0871 2724 [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll
18:31:28.0871 2724 C:\Windows\System32\webservices.dll - ok
18:31:28.0886 2724 [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll
18:31:28.0886 2724 C:\Windows\System32\WSDApi.dll - ok
18:31:28.0886 2724 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
18:31:28.0886 2724 C:\Windows\System32\WSDMon.dll - ok
18:31:28.0902 2724 [ 43A0A24CD12B110DC93462D6B035C961 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
18:31:28.0902 2724 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll - ok
18:31:28.0917 2724 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
18:31:28.0917 2724 C:\Windows\System32\fdPnp.dll - ok
18:31:28.0917 2724 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
18:31:28.0917 2724 C:\Windows\System32\fundisc.dll - ok
18:31:28.0933 2724 [ AD976778C4B92F9EC4842295974E9BD9 ] C:\Windows\System32\d3d10level9.dll
18:31:28.0933 2724 C:\Windows\System32\d3d10level9.dll - ok
18:31:28.0933 2724 [ F6FD367C9EAAEDF90CD7A7952AE0B336 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
18:31:28.0933 2724 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll - ok
18:31:28.0933 2724 [ FF98798DC102EC4C1FC3E9C066D60C62 ] C:\Windows\System32\nvd3dumx.dll
18:31:28.0933 2724 C:\Windows\System32\nvd3dumx.dll - ok
18:31:28.0949 2724 [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
18:31:28.0949 2724 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
18:31:28.0964 2724 [ 57A1593073409B907D4F78D669227346 ] C:\Windows\System32\spool\prtprocs\x64\CNMPD9T.DLL
18:31:28.0964 2724 C:\Windows\System32\spool\prtprocs\x64\CNMPD9T.DLL - ok
18:31:28.0964 2724 [ 8F1C949FD695C83C4E30C3BFC004C81F ] C:\Windows\System32\spool\prtprocs\x64\HPZPPWN7.DLL
18:31:28.0964 2724 C:\Windows\System32\spool\prtprocs\x64\HPZPPWN7.DLL - ok
18:31:28.0980 2724 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
18:31:28.0980 2724 C:\Windows\System32\PlaySndSrv.dll - ok
18:31:28.0980 2724 [ 4E4EDF9CA82E95BAB2977DD9F21B00F6 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
18:31:28.0980 2724 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
18:31:28.0995 2724 [ 0353B239C28B0E9EBC7FA3D1F6181661 ] C:\Windows\System32\win32spl.dll
18:31:28.0995 2724 C:\Windows\System32\win32spl.dll - ok
18:31:28.0995 2724 [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\Windows\SysWOW64\dnssd.dll
18:31:28.0995 2724 C:\Windows\SysWOW64\dnssd.dll - ok
18:31:29.0011 2724 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
18:31:29.0011 2724 C:\Windows\SysWOW64\userenv.dll - ok
18:31:29.0011 2724 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll
18:31:29.0011 2724 C:\Windows\SysWOW64\wtsapi32.dll - ok
18:31:29.0027 2724 [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll
18:31:29.0027 2724 C:\Windows\System32\inetpp.dll - ok
18:31:29.0042 2724 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] C:\Windows\System32\drivers\avgidsfiltera.sys
18:31:29.0042 2724 C:\Windows\System32\drivers\avgidsfiltera.sys - ok
18:31:29.0042 2724 [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
18:31:29.0042 2724 C:\Windows\System32\uDWM.dll - ok
18:31:29.0058 2724 [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll
18:31:29.0058 2724 C:\Windows\System32\HotStartUserAgent.dll - ok
18:31:29.0058 2724 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
18:31:29.0058 2724 C:\Windows\System32\EhStorShell.dll - ok
18:31:29.0073 2724 [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
18:31:29.0073 2724 C:\Windows\System32\ntshrui.dll - ok
18:31:29.0073 2724 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
18:31:29.0073 2724 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
18:31:29.0089 2724 [ EA1145DEBCD508FD25BD1E95C4346929 ] C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
18:31:29.0089 2724 C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe - ok
18:31:29.0089 2724 [ 0E1B02C9CC352A1F61703B7D1A8A2C45 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll
18:31:29.0089 2724 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
18:31:29.0105 2724 [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
18:31:29.0105 2724 C:\Windows\System32\cscapi.dll - ok
18:31:29.0105 2724 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
18:31:29.0105 2724 C:\Windows\System32\MsCtfMonitor.dll - ok
18:31:29.0120 2724 [ 7FA3A810F383588D46220967DE8B64FF ] C:\Windows\SysWOW64\wininet.dll
18:31:29.0120 2724 C:\Windows\SysWOW64\wininet.dll - ok
18:31:29.0136 2724 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
18:31:29.0136 2724 C:\Windows\System32\IconCodecService.dll - ok
18:31:29.0136 2724 [ 22F020C76E339EB2B2187BA73A7E4173 ] C:\Windows\System32\PrintIsolationHost.exe
18:31:29.0136 2724 C:\Windows\System32\PrintIsolationHost.exe - ok
18:31:29.0151 2724 [ 780E80E5502015EDAEC91DC0A0C96A79 ] C:\Windows\SysWOW64\iertutil.dll
18:31:29.0151 2724 C:\Windows\SysWOW64\iertutil.dll - ok
18:31:29.0151 2724 [ 4266A3230981DD4434C55957F6DD497D ] C:\Windows\SysWOW64\urlmon.dll
18:31:29.0151 2724 C:\Windows\SysWOW64\urlmon.dll - ok
18:31:29.0167 2724 [ 93312F83FD4D5C38CEE8AA1265C061EE ] C:\Program Files (x86)\AVG\AVG2012\avgsysx.dll
18:31:29.0167 2724 C:\Program Files (x86)\AVG\AVG2012\avgsysx.dll - ok
18:31:29.0167 2724 [ 58B61578D5704E9FC8B8A9861A85069D ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
18:31:29.0167 2724 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll - ok
18:31:29.0183 2724 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
18:31:29.0183 2724 C:\Windows\System32\msutb.dll - ok
18:31:29.0183 2724 [ AF54247F97CCF3539DE7505C09972FF9 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
18:31:29.0183 2724 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
18:31:29.0198 2724 [ 25CD97F030AE70AF458FF6AB0B7E9B2E ] C:\Program Files (x86)\AVG\AVG2012\avglogx.dll
18:31:29.0198 2724 C:\Program Files (x86)\AVG\AVG2012\avglogx.dll - ok
18:31:29.0198 2724 [ 91DC97F9DA3E2B59049D410870935C78 ] C:\Program Files (x86)\AVG\AVG2012\avgntopensslx.dll
18:31:29.0198 2724 C:\Program Files (x86)\AVG\AVG2012\avgntopensslx.dll - ok
18:31:29.0214 2724 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
18:31:29.0214 2724 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
18:31:29.0214 2724 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
18:31:29.0214 2724 C:\Windows\SysWOW64\winnsi.dll - ok
18:31:29.0229 2724 [ 25F0095BA5A30A31CA538698D6FE234C ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
18:31:29.0229 2724 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll - ok
18:31:29.0245 2724 [ 8A1CBAE63FC06EDAEDCCE1B23E9C9267 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
18:31:29.0245 2724 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
18:31:29.0245 2724 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] C:\Program Files\Bonjour\mDNSResponder.exe
18:31:29.0245 2724 C:\Program Files\Bonjour\mDNSResponder.exe - ok
18:31:29.0261 2724 [ 8792BAB371B4B1589E015B6FD1ED3B15 ] C:\Windows\System32\cryptnet.dll
18:31:29.0261 2724 C:\Windows\System32\cryptnet.dll - ok
18:31:29.0261 2724 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] C:\Windows\System32\cryptsvc.dll
18:31:29.0261 2724 C:\Windows\System32\cryptsvc.dll - ok
18:31:29.0276 2724 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll
18:31:29.0276 2724 C:\Windows\System32\dps.dll - ok
18:31:29.0276 2724 [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
18:31:29.0276 2724 C:\Windows\System32\taskschd.dll - ok
18:31:29.0292 2724 [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
18:31:29.0292 2724 C:\Windows\System32\vssapi.dll - ok
18:31:29.0292 2724 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
18:31:29.0292 2724 C:\Windows\System32\vsstrace.dll - ok
18:31:29.0307 2724 [ 54A47F6B5E09A77E61649109C6A08866 ] C:\Windows\SysWOW64\svchost.exe
18:31:29.0307 2724 C:\Windows\SysWOW64\svchost.exe - ok
18:31:29.0307 2724 [ 802496CB59A30349F9A6DD22D6947644 ] C:\Windows\System32\FDResPub.dll
18:31:29.0307 2724 C:\Windows\System32\FDResPub.dll - ok
18:31:29.0323 2724 [ E5E6A7D13BBC0F80B866D021F306BF6C ] C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
18:31:29.0323 2724 C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe - ok
18:31:29.0323 2724 [ 4909501F53DA2EB6603848944C45F524 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddcmn.dll
18:31:29.0323 2724 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddcmn.dll - ok
18:31:29.0339 2724 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
18:31:29.0339 2724 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll - ok
18:31:29.0354 2724 [ 805A52C5AE26C28E88FDD9BCCFE6F312 ] C:\Windows\System32\TSChannel.dll
18:31:29.0354 2724 C:\Windows\System32\TSChannel.dll - ok
18:31:29.0354 2724 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\SysWOW64\winspool.drv
18:31:29.0354 2724 C:\Windows\SysWOW64\winspool.drv - ok
18:31:29.0370 2724 [ 506708142BC63DABA64F2D3AD1DCD5BF ] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:31:29.0370 2724 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - ok
18:31:29.0370 2724 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
18:31:29.0370 2724 C:\Windows\SysWOW64\psapi.dll - ok
18:31:29.0385 2724 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
18:31:29.0385 2724 C:\Windows\System32\winmm.dll - ok
18:31:29.0385 2724 [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
18:31:29.0385 2724 C:\Windows\System32\webio.dll - ok
18:31:29.0401 2724 [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
18:31:29.0401 2724 C:\Windows\System32\winhttp.dll - ok
18:31:29.0401 2724 [ BCEA9AB347E53BC03B2E36BE0B8BA0EF ] C:\Windows\System32\httpapi.dll
18:31:29.0401 2724 C:\Windows\System32\httpapi.dll - ok
18:31:29.0417 2724 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
18:31:29.0417 2724 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
18:31:29.0417 2724 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
18:31:29.0417 2724 C:\Windows\SysWOW64\clbcatq.dll - ok
18:31:29.0432 2724 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:31:29.0432 2724 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe - ok
18:31:29.0432 2724 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll
18:31:29.0448 2724 C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll - ok
18:31:29.0448 2724 [ 9A7F1691F76E019C11481B6355125072 ] C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
18:31:29.0448 2724 C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe - ok
18:31:29.0463 2724 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
18:31:29.0463 2724 C:\Windows\SysWOW64\cryptsp.dll - ok
18:31:29.0463 2724 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll
18:31:29.0463 2724 C:\Windows\SysWOW64\netapi32.dll - ok
18:31:29.0463 2724 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll
18:31:29.0463 2724 C:\Windows\SysWOW64\netutils.dll - ok
18:31:29.0479 2724 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll
18:31:29.0479 2724 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
18:31:29.0495 2724 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
18:31:29.0495 2724 C:\Windows\SysWOW64\rsaenh.dll - ok
18:31:29.0495 2724 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll
18:31:29.0495 2724 C:\Windows\SysWOW64\srvcli.dll - ok
18:31:29.0510 2724 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll
18:31:29.0510 2724 C:\Windows\SysWOW64\wkscli.dll - ok
18:31:29.0510 2724 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
18:31:29.0510 2724 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
18:31:29.0526 2724 [ 6C57BA95C820865BCFB96C53CE7C2C68 ] C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll
18:31:29.0526 2724 C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll - ok
18:31:29.0526 2724 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
18:31:29.0526 2724 C:\Windows\SysWOW64\imagehlp.dll - ok
18:31:29.0541 2724 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll
18:31:29.0541 2724 C:\Windows\SysWOW64\msi.dll - ok
18:31:29.0541 2724 [ 8B7997B0C843AE353C7AD4FC520DBE47 ] C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll
18:31:29.0541 2724 C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll - ok
18:31:29.0557 2724 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll
18:31:29.0557 2724 C:\Windows\SysWOW64\cscapi.dll - ok
18:31:29.0557 2724 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\SysWOW64\dbghelp.dll
18:31:29.0557 2724 C:\Windows\SysWOW64\dbghelp.dll - ok
18:31:29.0573 2724 [ B90E093E7A7250906F1054418B5339C0 ] C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
18:31:29.0573 2724 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe - ok
18:31:29.0588 2724 [ BC83108B18756547013ED443B8CDB31B ] C:\Windows\SysWOW64\msvcp100.dll
18:31:29.0588 2724 C:\Windows\SysWOW64\msvcp100.dll - ok
18:31:29.0588 2724 [ 0E37FBFA79D349D672456923EC5FBBE3 ] C:\Windows\SysWOW64\msvcr100.dll
18:31:29.0588 2724 C:\Windows\SysWOW64\msvcr100.dll - ok
18:31:29.0604 2724 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
18:31:29.0604 2724 C:\Windows\SysWOW64\uxtheme.dll - ok
18:31:29.0604 2724 [ 8F9D6B4AB86A39319078814ABBDD40BC ] C:\Program Files (x86)\Real\RealUpgrade\Common\hxmedpltfm.dll
18:31:29.0604 2724 C:\Program Files (x86)\Real\RealUpgrade\Common\hxmedpltfm.dll - ok
18:31:29.0619 2724 [ ADE2BCD1FDE5C9669FCE1F4541AB46DD ] C:\Windows\System32\spool\drivers\x64\3\UNIDRV.DLL
18:31:29.0619 2724 C:\Windows\System32\spool\drivers\x64\3\UNIDRV.DLL - ok
18:31:29.0635 2724 [ D167CA427516B8C416B746117F69B870 ] C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NB.dll
18:31:29.0635 2724 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NB.dll - ok
18:31:29.0635 2724 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
18:31:29.0635 2724 C:\Windows\SysWOW64\winhttp.dll - ok
18:31:29.0651 2724 [ 5AC3CB53406CB9AABB25D46B3385528F ] C:\Windows\System32\spool\drivers\x64\3\unidrvui.dll
18:31:29.0651 2724 C:\Windows\System32\spool\drivers\x64\3\unidrvui.dll - ok
18:31:29.0651 2724 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
18:31:29.0651 2724 C:\Windows\SysWOW64\webio.dll - ok
18:31:29.0666 2724 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
18:31:29.0666 2724 C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok
18:31:29.0666 2724 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
18:31:29.0666 2724 C:\Windows\SysWOW64\apphelp.dll - ok
18:31:29.0682 2724 [ 1E8D06AAE74FED674C1156B3FEA911C2 ] C:\Windows\SysWOW64\Faultrep.dll
18:31:29.0682 2724 C:\Windows\SysWOW64\Faultrep.dll - ok
18:31:29.0682 2724 [ 5F5360825D2B829121E78E84D4CB8785 ] C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\LBFC.dll
18:31:29.0682 2724 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\LBFC.dll - ok
18:31:29.0697 2724 [ 41938F2C1642459CBBA691B5DBD6395A ] C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
18:31:29.0697 2724 C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe - ok
18:31:29.0713 2724 [ 47188B0092466FD476E23DEA70CC1D4F ] C:\Program Files (x86)\Real\RealUpgrade\Plugins\upgrade.dll
18:31:29.0713 2724 C:\Program Files (x86)\Real\RealUpgrade\Plugins\upgrade.dll - ok
18:31:29.0713 2724 [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\SysWOW64\mstask.dll
18:31:29.0713 2724 C:\Windows\SysWOW64\mstask.dll - ok
18:31:29.0729 2724 [ F93674263F6B07C77956E966953242D9 ] C:\Windows\SysWOW64\secur32.dll
18:31:29.0729 2724 C:\Windows\SysWOW64\secur32.dll - ok
18:31:29.0729 2724 [ 81DA72712DF46480E6248AEB35E15FCC ] C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBBurn.dll
18:31:29.0729 2724 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBBurn.dll - ok
18:31:29.0744 2724 [ 6797CEB7D07B09A0D79612657BCC6CCA ] C:\Windows\System32\spool\drivers\x64\3\HPZUIWN7.DLL
18:31:29.0744 2724 C:\Windows\System32\spool\drivers\x64\3\HPZUIWN7.DLL - ok
18:31:29.0744 2724 [ 8E2D68A36FCB58A8DA57DE3E064F39CC ] C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NeroAPIGlueLayerUnicode.dll
18:31:29.0744 2724 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NeroAPIGlueLayerUnicode.dll - ok
18:31:29.0760 2724 [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll
18:31:29.0760 2724 C:\Windows\System32\dbghelp.dll - ok
18:31:29.0760 2724 [ FDC385A0F7D7DD880C4622D1DF08ABE9 ] C:\Windows\System32\ntprint.dll
18:31:29.0760 2724 C:\Windows\System32\ntprint.dll - ok
18:31:29.0775 2724 [ D5AC41AE382738483FAFFBD7E373D49A ] C:\Windows\System32\HPZinw12.dll
18:31:29.0775 2724 C:\Windows\System32\HPZinw12.dll - ok
18:31:29.0791 2724 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
18:31:29.0791 2724 C:\Windows\System32\netman.dll - ok
18:31:29.0791 2724 [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll
18:31:29.0791 2724 C:\Windows\System32\nlasvc.dll - ok
18:31:29.0807 2724 [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll
18:31:29.0807 2724 C:\Windows\System32\ncsi.dll - ok
18:31:29.0807 2724 [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
18:31:29.0807 2724 C:\Windows\System32\wsock32.dll - ok
18:31:29.0822 2724 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
18:31:29.0822 2724 C:\Windows\System32\aepic.dll - ok
18:31:29.0822 2724 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
18:31:29.0822 2724 C:\Windows\System32\drivers\PEAuth.sys - ok
18:31:29.0838 2724 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
18:31:29.0838 2724 C:\Windows\System32\sfc.dll - ok
18:31:29.0838 2724 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
18:31:29.0838 2724 C:\Windows\System32\sfc_os.dll - ok
18:31:29.0853 2724 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
18:31:29.0853 2724 C:\Windows\System32\ssdpapi.dll - ok
18:31:29.0853 2724 [ 37F6046CDC630442D7DC087501FF6FC6 ] C:\Windows\System32\HPZipm12.dll
18:31:29.0853 2724 C:\Windows\System32\HPZipm12.dll - ok
18:31:29.0869 2724 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
18:31:29.0869 2724 C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe - ok
18:31:29.0869 2724 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
18:31:29.0869 2724 C:\Windows\System32\drivers\secdrv.sys - ok
18:31:29.0885 2724 [ BC617A4E1B4FA8DF523A061739A0BD87 ] C:\Windows\System32\seclogon.dll
18:31:29.0885 2724 C:\Windows\System32\seclogon.dll - ok
18:31:29.0885 2724 [ 07F649CD36F266BBE33B814FA678AA43 ] C:\Windows\SysWOW64\mshtml.dll
18:31:29.0885 2724 C:\Windows\SysWOW64\mshtml.dll - ok
18:31:29.0900 2724 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] C:\Program Files (x86)\Skype\Updater\Updater.exe
18:31:29.0900 2724 C:\Program Files (x86)\Skype\Updater\Updater.exe - ok
18:31:29.0916 2724 [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys
18:31:29.0916 2724 C:\Windows\System32\drivers\srvnet.sys - ok
18:31:29.0916 2724 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] C:\Windows\System32\drivers\tcpipreg.sys
18:31:29.0916 2724 C:\Windows\System32\drivers\tcpipreg.sys - ok
18:31:29.0931 2724 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] C:\Windows\System32\wiaservc.dll
18:31:29.0931 2724 C:\Windows\System32\wiaservc.dll - ok
18:31:29.0931 2724 [ 6AE0A4978225CC6656D45504D6D78D0A ] C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
18:31:29.0931 2724 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe - ok
18:31:29.0947 2724 [ CDA59C183B3DB8CF35380836ADD74AAD ] C:\Windows\System32\compstui.dll
18:31:29.0947 2724 C:\Windows\System32\compstui.dll - ok
18:31:29.0947 2724 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] C:\Windows\System32\sysmain.dll
18:31:29.0947 2724 C:\Windows\System32\sysmain.dll - ok
18:31:29.0963 2724 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] C:\Windows\System32\tapisrv.dll
18:31:29.0963 2724 C:\Windows\System32\tapisrv.dll - ok
18:31:29.0963 2724 [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
18:31:29.0963 2724 C:\Windows\System32\wiatrace.dll - ok
18:31:29.0978 2724 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
18:31:29.0978 2724 C:\Windows\System32\msimg32.dll - ok
18:31:29.0978 2724 [ 4C1244FEF74C60A4B1B151C76609CBE2 ] C:\Windows\System32\wsdchngr.dll
18:31:29.0978 2724 C:\Windows\System32\wsdchngr.dll - ok
18:31:29.0994 2724 [ 0EE822C7DE88C86FE8B9ED3E3AC0727C ] C:\Windows\System32\spool\drivers\x64\3\HPZ3Rwn7.DLL
18:31:29.0994 2724 C:\Windows\System32\spool\drivers\x64\3\HPZ3Rwn7.DLL - ok
18:31:29.0994 2724 [ C964590AE89867A55D77B847E6B00613 ] C:\Windows\System32\hpowiav1.dll
18:31:29.0994 2724 C:\Windows\System32\hpowiav1.dll - ok
18:31:30.0009 2724 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
18:31:30.0009 2724 C:\Windows\System32\aeevts.dll - ok
18:31:30.0009 2724 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
18:31:30.0009 2724 C:\Windows\System32\trkwks.dll - ok
18:31:30.0025 2724 [ 1658E808E4D4889C66DE47EC87F1DED1 ] C:\Windows\System32\msvcp60.dll
18:31:30.0025 2724 C:\Windows\System32\msvcp60.dll - ok
18:31:30.0025 2724 [ EECE25862A3D2793DA0159657D512B33 ] C:\Windows\System32\spool\drivers\x64\3\HPZLEwn7.DLL
18:31:30.0025 2724 C:\Windows\System32\spool\drivers\x64\3\HPZLEwn7.DLL - ok
18:31:30.0041 2724 [ 2BAA1007384E46A979657D1D7A022E16 ] C:\Windows\System32\spool\drivers\x64\3\HPFIME50.DLL
18:31:30.0041 2724 C:\Windows\System32\spool\drivers\x64\3\HPFIME50.DLL - ok
18:31:30.0056 2724 [ 371948BC5911ABA06168FAC91ED25F06 ] C:\Windows\System32\msxml3.dll
18:31:30.0056 2724 C:\Windows\System32\msxml3.dll - ok
18:31:30.0056 2724 [ A0FCD672FA485A09FACAD58356221B17 ] C:\Windows\System32\spool\drivers\x64\3\HPZSTWN7.DLL
18:31:30.0056 2724 C:\Windows\System32\spool\drivers\x64\3\HPZSTWN7.DLL - ok
18:31:30.0072 2724 [ 64FD8E9BD93F465A04FB0C6169130826 ] C:\Program Files (x86)\AVG\AVG2012\avgwd.dll
18:31:30.0072 2724 C:\Program Files (x86)\AVG\AVG2012\avgwd.dll - ok
18:31:30.0072 2724 [ C6311800DDC987F3788548E0470CF447 ] C:\Program Files (x86)\AVG\AVG2012\avgcfgx.dll
18:31:30.0072 2724 C:\Program Files (x86)\AVG\AVG2012\avgcfgx.dll - ok
18:31:30.0087 2724 [ 6868006E4560838285235546EDED2A8B ] C:\Program Files (x86)\AVG\AVG2012\avgclitx.dll
18:31:30.0087 2724 C:\Program Files (x86)\AVG\AVG2012\avgclitx.dll - ok
18:31:30.0103 2724 [ 5B8D71AC2074550D78BC188A8888054F ] C:\Program Files (x86)\AVG\AVG2012\avgidpsdkx.dll
18:31:30.0103 2724 C:\Program Files (x86)\AVG\AVG2012\avgidpsdkx.dll - ok
18:31:30.0103 2724 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
18:31:30.0103 2724 C:\Windows\SysWOW64\dnsapi.dll - ok
18:31:30.0119 2724 [ 9EC06CA9F3D6ED3B1D0AB2F2BAC338D3 ] C:\Program Files (x86)\AVG\AVG2012\avgwdwsc.dll
18:31:30.0119 2724 C:\Program Files (x86)\AVG\AVG2012\avgwdwsc.dll - ok
18:31:30.0119 2724 [ A8CDF3768604FF95B54669E20053D569 ] C:\Windows\SysWOW64\wscapi.dll
18:31:30.0119 2724 C:\Windows\SysWOW64\wscapi.dll - ok
18:31:30.0134 2724 [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\SysWOW64\wbemcomn.dll
18:31:30.0134 2724 C:\Windows\SysWOW64\wbemcomn.dll - ok
18:31:30.0134 2724 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
18:31:30.0134 2724 C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
18:31:30.0150 2724 [ 43B6BD4F2702A4704DCB02172E7B6C30 ] C:\Program Files (x86)\AVG\AVG2012\avgcorex.dll
18:31:30.0150 2724 C:\Program Files (x86)\AVG\AVG2012\avgcorex.dll - ok
18:31:30.0150 2724 [ 938928B014F2ABA4C1293EA4D8714020 ] C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
18:31:30.0150 2724 C:\Program Files (x86)\AVG\AVG2012\avgemca.exe - ok
18:31:30.0165 2724 [ A0161CB6D14D931CCE74C25A70E5CE9D ] C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
18:31:30.0165 2724 C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe - ok
18:31:30.0165 2724 [ 51CE80B3C7E720A71C780C50452B3A36 ] C:\Windows\System32\spool\drivers\x64\3\HPFIGLHN.DLL
18:31:30.0165 2724 C:\Windows\System32\spool\drivers\x64\3\HPFIGLHN.DLL - ok
18:31:30.0181 2724 [ 0D7BE936A44E6B70F822D272A5CEBC22 ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcr90.dll
18:31:30.0181 2724 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcr90.dll - ok
18:31:30.0197 2724 [ 09B4AE489AE41A4B1CB8460AE9F32FBE ] C:\Program Files (x86)\AVG\AVG2012\avgcfga.dll
18:31:30.0197 2724 C:\Program Files (x86)\AVG\AVG2012\avgcfga.dll - ok
18:31:30.0197 2724 [ 544EFF88AC6C85DF5A4D6F18DFE08CFC ] C:\Windows\SysWOW64\taskschd.dll
18:31:30.0197 2724 C:\Windows\SysWOW64\taskschd.dll - ok
18:31:30.0212 2724 [ A5675206B80C4127BC687DCCA9A57212 ] C:\Program Files (x86)\AVG\AVG2012\avgntsqlitex.dll
18:31:30.0212 2724 C:\Program Files (x86)\AVG\AVG2012\avgntsqlitex.dll - ok
18:31:30.0212 2724 [ EE9E286E203D1B87F0696332B6B42B8D ] C:\Program Files (x86)\AVG\AVG2012\avgsched.dll
18:31:30.0212 2724 C:\Program Files (x86)\AVG\AVG2012\avgsched.dll - ok
18:31:30.0228 2724 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
18:31:30.0228 2724 C:\Windows\SysWOW64\SensApi.dll - ok
18:31:30.0228 2724 [ EDF2A5E96BEC469DA3F64E9BDD386111 ] C:\Windows\SysWOW64\xmllite.dll
18:31:30.0228 2724 C:\Windows\SysWOW64\xmllite.dll - ok
18:31:30.0243 2724 [ 2BACD71123F42CEA603F4E205E1AE337 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:31:30.0243 2724 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
18:31:30.0243 2724 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
18:31:30.0243 2724 C:\Windows\System32\wbem\WMIsvc.dll - ok
18:31:30.0259 2724 [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
18:31:30.0259 2724 C:\Windows\System32\wbemcomn.dll - ok
18:31:30.0259 2724 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
18:31:30.0259 2724 C:\Windows\System32\wbem\WinMgmtR.dll - ok
18:31:30.0275 2724 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
18:31:30.0275 2724 C:\Windows\System32\wbem\fastprox.dll - ok
18:31:30.0275 2724 [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
18:31:30.0275 2724 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
18:31:30.0290 2724 [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
18:31:30.0290 2724 C:\Windows\System32\wbem\wbemcore.dll - ok
18:31:30.0290 2724 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
18:31:30.0290 2724 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
18:31:30.0306 2724 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
18:31:30.0306 2724 C:\Windows\System32\SensApi.dll - ok
18:31:30.0306 2724 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
18:31:30.0306 2724 C:\Windows\System32\wer.dll - ok
18:31:30.0321 2724 [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
18:31:30.0321 2724 C:\Windows\System32\WinSCard.dll - ok
18:31:30.0321 2724 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
18:31:30.0321 2724 C:\Windows\System32\ntdsapi.dll - ok
18:31:30.0337 2724 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
18:31:30.0337 2724 C:\Windows\System32\wbem\wbemprox.dll - ok
18:31:30.0353 2724 [ 633360E94804E7BAFE642017817C9413 ] C:\Windows\System32\drivers\avgidsdrivera.sys
18:31:30.0353 2724 C:\Windows\System32\drivers\avgidsdrivera.sys - ok
18:31:30.0353 2724 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
18:31:30.0353 2724 C:\Windows\System32\wbem\esscli.dll - ok
18:31:30.0368 2724 [ E2102B5AC1303C2E045B926B9C745F6F ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
18:31:30.0368 2724 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
18:31:30.0368 2724 [ EE867A0870FC9E4972BA9EAAD35651E2 ] C:\Windows\System32\rasmans.dll
18:31:30.0368 2724 C:\Windows\System32\rasmans.dll - ok
18:31:30.0384 2724 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
18:31:30.0384 2724 C:\Windows\System32\wbem\wbemsvc.dll - ok
18:31:30.0384 2724 [ 2A46FFE841EC43001D5A293A54DB34DE ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
18:31:30.0384 2724 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
18:31:30.0399 2724 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys
18:31:30.0399 2724 C:\Windows\System32\drivers\srv2.sys - ok
18:31:30.0415 2724 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
18:31:30.0415 2724 C:\Windows\System32\eappprxy.dll - ok
18:31:30.0415 2724 [ 231B6AD3DB2866BC3FDB9979E6B2B61E ] C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
18:31:30.0415 2724 C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe - ok
18:31:30.0431 2724 [ 08C2957BB30058E663720C5606885653 ] C:\Windows\System32\iphlpsvc.dll
18:31:30.0431 2724 C:\Windows\System32\iphlpsvc.dll - ok
18:31:30.0431 2724 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
18:31:30.0431 2724 C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
18:31:30.0446 2724 [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\SysWOW64\wbem\fastprox.dll
18:31:30.0446 2724 C:\Windows\SysWOW64\wbem\fastprox.dll - ok
18:31:30.0446 2724 [ AFF2E23E4E867140F07ABADC9E29ACDC ] C:\Program Files (x86)\AVG\AVG2012\avgopensslx.dll
18:31:30.0446 2724 C:\Program Files (x86)\AVG\AVG2012\avgopensslx.dll - ok
18:31:30.0462 2724 [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll
18:31:30.0462 2724 C:\Windows\System32\sqmapi.dll - ok
18:31:30.0462 2724 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
18:31:30.0462 2724 C:\Windows\System32\dssenh.dll - ok
18:31:30.0477 2724 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys
18:31:30.0477 2724 C:\Windows\System32\drivers\srv.sys - ok
18:31:30.0477 2724 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
18:31:30.0477 2724 C:\Windows\SysWOW64\ntdsapi.dll - ok
18:31:30.0493 2724 [ 583D2AB70DA4BDC7DCB5EC5C7B87A57C ] C:\Program Files (x86)\AVG\AVG2012\avgcertx.dll
18:31:30.0493 2724 C:\Program Files (x86)\AVG\AVG2012\avgcertx.dll - ok
18:31:30.0493 2724 [ 3466855DE825F86C484A3454AD090967 ] C:\Program Files (x86)\AVG\AVG2012\avgchclx.dll
18:31:30.0493 2724 C:\Program Files (x86)\AVG\AVG2012\avgchclx.dll - ok
18:31:30.0509 2724 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
18:31:30.0509 2724 C:\Windows\System32\wdscore.dll - ok
18:31:30.0524 2724 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
18:31:30.0524 2724 C:\Windows\SysWOW64\sfc.dll - ok
18:31:30.0524 2724 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
18:31:30.0524 2724 C:\Windows\SysWOW64\sfc_os.dll - ok
18:31:30.0540 2724 [ 44C96B48112EB24AE7764EBF1C527000 ] C:\Windows\System32\rastapi.dll
18:31:30.0540 2724 C:\Windows\System32\rastapi.dll - ok
18:31:30.0540 2724 [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll
18:31:30.0540 2724 C:\Windows\System32\tapi32.dll - ok
18:31:30.0555 2724 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
18:31:30.0555 2724 C:\Windows\System32\wbem\wmiutils.dll - ok
18:31:30.0555 2724 [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll
18:31:30.0555 2724 C:\Windows\System32\srvsvc.dll - ok
18:31:30.0571 2724 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll
18:31:30.0571 2724 C:\Windows\System32\browser.dll - ok
18:31:30.0571 2724 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
18:31:30.0571 2724 C:\Windows\System32\netmsg.dll - ok
18:31:30.0587 2724 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
18:31:30.0587 2724 C:\Windows\System32\wbem\repdrvfs.dll - ok
18:31:30.0587 2724 [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
18:31:30.0587 2724 C:\Windows\System32\netcfgx.dll - ok
18:31:30.0602 2724 [ D2A0FFA75AB181B19B5EB93BB29C7686 ] C:\Windows\System32\unimdm.tsp
18:31:30.0602 2724 C:\Windows\System32\unimdm.tsp - ok
18:31:30.0602 2724 [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll
18:31:30.0602 2724 C:\Windows\System32\clusapi.dll - ok
18:31:30.0618 2724 [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll
18:31:30.0618 2724 C:\Windows\System32\sscore.dll - ok
18:31:30.0618 2724 [ 94B7DF336815B47236724019FAB24B7C ] C:\Windows\System32\uniplat.dll
18:31:30.0618 2724 C:\Windows\System32\uniplat.dll - ok
18:31:30.0633 2724 [ 7C1BAE7D23D4874FEE256A2B9C00E019 ] C:\Windows\System32\hidphone.tsp
18:31:30.0633 2724 C:\Windows\System32\hidphone.tsp - ok
18:31:30.0633 2724 [ 41326DD08ACC0CDC5F8177AF96C066E8 ] C:\Windows\System32\kmddsp.tsp
18:31:30.0633 2724 C:\Windows\System32\kmddsp.tsp - ok
18:31:30.0649 2724 [ 1D6BC2769DA66C1145F4DA5A65F52E61 ] C:\Windows\System32\ndptsp.tsp
18:31:30.0649 2724 C:\Windows\System32\ndptsp.tsp - ok
18:31:30.0665 2724 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
18:31:30.0665 2724 C:\Windows\System32\resutils.dll - ok
18:31:30.0665 2724 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
18:31:30.0665 2724 C:\Windows\System32\netprofm.dll - ok
18:31:30.0680 2724 [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
18:31:30.0680 2724 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
18:31:30.0680 2724 [ 21D3A18769EC2C4E56756D04E989A221 ] C:\Windows\SysWOW64\msxml3.dll
18:31:30.0680 2724 C:\Windows\SysWOW64\msxml3.dll - ok
18:31:30.0696 2724 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
18:31:30.0696 2724 C:\Windows\System32\hnetcfg.dll - ok
18:31:30.0696 2724 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
18:31:30.0696 2724 C:\Windows\System32\ncobjapi.dll - ok
18:31:30.0711 2724 [ A717A35120DBAB5AB707AB40662AF9DD ] C:\Windows\System32\rasppp.dll
18:31:30.0711 2724 C:\Windows\System32\rasppp.dll - ok
18:31:30.0711 2724 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
18:31:30.0711 2724 C:\Windows\System32\eappcfg.dll - ok
18:31:30.0727 2724 [ 0FE5CD5F9C9248F42D1EF56E495B182E ] C:\Windows\System32\vpnike.dll
18:31:30.0727 2724 C:\Windows\System32\vpnike.dll - ok
18:31:30.0727 2724 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
18:31:30.0727 2724 C:\Windows\System32\wbem\wbemess.dll - ok
18:31:30.0743 2724 [ 6A84E68B538B8B04608BF2F0D426CE6F ] C:\Windows\System32\raschap.dll
18:31:30.0743 2724 C:\Windows\System32\raschap.dll - ok
18:31:30.0743 2724 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
18:31:30.0743 2724 C:\Windows\SysWOW64\rasapi32.dll - ok
18:31:30.0758 2724 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
18:31:30.0758 2724 C:\Windows\SysWOW64\rasman.dll - ok
18:31:30.0758 2724 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\SysWOW64\rtutils.dll
18:31:30.0758 2724 C:\Windows\SysWOW64\rtutils.dll - ok
18:31:30.0774 2724 [ FEB91B4DA0D540865260A33838654FA3 ] C:\Windows\System32\nci.dll
18:31:30.0774 2724 C:\Windows\System32\nci.dll - ok
18:31:30.0774 2724 [ B95F6501A2F8B2E78C697FEC401970CE ] C:\Windows\System32\ipnathlp.dll
18:31:30.0774 2724 C:\Windows\System32\ipnathlp.dll - ok
18:31:30.0789 2724 [ 0BA65122FFA7E37564EE86422DBF7AE8 ] C:\Windows\SysWOW64\nlaapi.dll
18:31:30.0789 2724 C:\Windows\SysWOW64\nlaapi.dll - ok
18:31:30.0789 2724 [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
18:31:30.0789 2724 C:\Windows\System32\mprapi.dll - ok
18:31:30.0805 2724 [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
18:31:30.0805 2724 C:\Windows\System32\netshell.dll - ok
18:31:30.0805 2724 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
18:31:30.0805 2724 C:\Windows\SysWOW64\rasadhlp.dll - ok
18:31:30.0821 2724 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\SysWOW64\netprofm.dll
18:31:30.0821 2724 C:\Windows\SysWOW64\netprofm.dll - ok
18:31:30.0821 2724 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
18:31:30.0821 2724 C:\Windows\SysWOW64\wship6.dll - ok
18:31:30.0836 2724 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
18:31:30.0836 2724 C:\Windows\System32\npmproxy.dll - ok
18:31:30.0836 2724 [ 7F57926169C1B8ABA9274EA7D4B70F18 ] C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
18:31:30.0836 2724 C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL - ok
18:31:30.0852 2724 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\SysWOW64\npmproxy.dll
18:31:30.0852 2724 C:\Windows\SysWOW64\npmproxy.dll - ok
18:31:30.0867 2724 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
18:31:30.0867 2724 C:\Windows\System32\NapiNSP.dll - ok
18:31:30.0867 2724 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:31:30.0867 2724 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll - ok
18:31:30.0883 2724 [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll
18:31:30.0883 2724 C:\Windows\System32\oleacc.dll - ok
18:31:30.0883 2724 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\SysWOW64\shfolder.dll
18:31:30.0883 2724 C:\Windows\SysWOW64\shfolder.dll - ok
18:31:30.0899 2724 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] C:\Windows\System32\appinfo.dll
18:31:30.0899 2724 C:\Windows\System32\appinfo.dll - ok
18:31:30.0899 2724 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
18:31:30.0899 2724 C:\Windows\System32\wdi.dll - ok
18:31:30.0914 2724 [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
18:31:30.0914 2724 C:\Windows\System32\wpdbusenum.dll - ok
18:31:30.0914 2724 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
18:31:30.0914 2724 C:\Windows\System32\pnrpnsp.dll - ok
18:31:30.0930 2724 [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
18:31:30.0930 2724 C:\Windows\System32\diagperf.dll - ok
18:31:30.0930 2724 [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
18:31:30.0930 2724 C:\Windows\System32\PortableDeviceApi.dll - ok
18:31:30.0945 2724 [ F1278B3514EA6FA9BC39B20D26139AAC ] C:\Windows\SysWOW64\msiltcfg.dll
18:31:30.0945 2724 C:\Windows\SysWOW64\msiltcfg.dll - ok
18:31:30.0945 2724 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] C:\Windows\System32\IPSECSVC.DLL
18:31:30.0945 2724 C:\Windows\System32\IPSECSVC.DLL - ok
18:31:30.0961 2724 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
18:31:30.0961 2724 C:\Windows\System32\perftrack.dll - ok
18:31:30.0961 2724 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\SysWOW64\sxs.dll
18:31:30.0961 2724 C:\Windows\SysWOW64\sxs.dll - ok
18:31:30.0977 2724 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
18:31:30.0977 2724 C:\Windows\System32\winrnr.dll - ok
18:31:30.0992 2724 [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll
18:31:30.0992 2724 C:\Windows\System32\FwRemoteSvr.dll - ok
18:31:30.0992 2724 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
18:31:30.0992 2724 C:\Windows\System32\pnpts.dll - ok
18:31:31.0008 2724 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
18:31:31.0008 2724 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
18:31:31.0008 2724 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
18:31:31.0008 2724 C:\Windows\System32\Apphlpdm.dll - ok
18:31:31.0023 2724 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
18:31:31.0023 2724 C:\Windows\System32\FXSRESM.dll - ok
18:31:31.0039 2724 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
18:31:31.0039 2724 C:\Windows\System32\radardt.dll - ok
18:31:31.0039 2724 [ 81F6C1AE23B1C493D9E996C3103915D7 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
18:31:31.0039 2724 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
18:31:31.0055 2724 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
18:31:31.0055 2724 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
18:31:31.0055 2724 [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
18:31:31.0055 2724 C:\Windows\System32\wdiasqmmodule.dll - ok
18:31:31.0055 2724 [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files (x86)\Bonjour\mdnsNSP.dll
18:31:31.0055 2724 C:\Program Files (x86)\Bonjour\mdnsNSP.dll - ok
18:31:31.0070 2724 [ 12B79422A23814429CDA9E734C58F78F ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
18:31:31.0070 2724 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
18:31:31.0086 2724 [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
18:31:31.0086 2724 C:\Windows\System32\runonce.exe - ok
18:31:31.0086 2724 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
18:31:31.0086 2724 C:\Windows\SysWOW64\runonce.exe - ok
18:31:31.0101 2724 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
18:31:31.0101 2724 C:\Windows\System32\dimsjob.dll - ok
18:31:31.0101 2724 [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
18:31:31.0101 2724 C:\Windows\System32\pautoenr.dll - ok
18:31:31.0117 2724 [ 94DFBB481BF51158B216E23C5C1C9D6E ] C:\Windows\System32\certcli.dll
18:31:31.0117 2724 C:\Windows\System32\certcli.dll - ok
18:31:31.0117 2724 [ 263B26106606A010CF877472B535E4BB ] C:\Windows\System32\CertEnroll.dll
18:31:31.0117 2724 C:\Windows\System32\CertEnroll.dll - ok
18:31:31.0133 2724 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
18:31:31.0133 2724 C:\Windows\SysWOW64\propsys.dll - ok
18:31:31.0133 2724 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe
18:31:31.0133 2724 C:\Windows\SysWOW64\cmd.exe - ok
18:31:31.0148 2724 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
18:31:31.0148 2724 C:\Windows\SysWOW64\winbrand.dll - ok
18:31:31.0148 2724 [ 5466DCAEF5A648E04D1B6580F2C901B5 ] C:\Windows\SysWOW64\ieframe.dll
18:31:31.0148 2724 C:\Windows\SysWOW64\ieframe.dll - ok
18:31:31.0164 2724 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll
18:31:31.0164 2724 C:\Windows\SysWOW64\oleacc.dll - ok
18:31:31.0164 2724 [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\SysWOW64\shdocvw.dll
18:31:31.0164 2724 C:\Windows\SysWOW64\shdocvw.dll - ok
18:31:31.0179 2724 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
18:31:31.0179 2724 C:\Windows\System32\aelupsvc.dll - ok
18:31:31.0179 2724 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Justin\AppData\Local\Temp\72E8C0CE-22D0-43EF-AD5A-C65BB2F2DC57.exe
18:31:31.0179 2724 C:\Users\Justin\AppData\Local\Temp\72E8C0CE-22D0-43EF-AD5A-C65BB2F2DC57.exe - ok
18:31:31.0195 2724 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
18:31:31.0195 2724 C:\Windows\SysWOW64\bcrypt.dll - ok
18:31:31.0195 2724 [ BF6D6ED5FADCEEE885BD0144ECF1BA27 ] C:\Windows\SysWOW64\ncrypt.dll
18:31:31.0195 2724 C:\Windows\SysWOW64\ncrypt.dll - ok
18:31:31.0211 2724 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
18:31:31.0211 2724 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
18:31:31.0211 2724 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
18:31:31.0211 2724 C:\Windows\SysWOW64\gpapi.dll - ok
18:31:31.0226 2724 [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\SysWOW64\cryptnet.dll
18:31:31.0226 2724 C:\Windows\SysWOW64\cryptnet.dll - ok
18:31:31.0242 2724 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
18:31:31.0242 2724 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
18:31:31.0242 2724 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
18:31:31.0242 2724 C:\Windows\SysWOW64\dwmapi.dll - ok
18:31:31.0257 2724 [ 24E48B4BB6565B089B1F467BDF586CF7 ] C:\Program Files (x86)\AVG\AVG2012\avgxpla.dll
18:31:31.0257 2724 C:\Program Files (x86)\AVG\AVG2012\avgxpla.dll - ok
18:31:31.0257 2724 [ 1DB71A41DAEE6B3F8CD0DDA8209FA2D5 ] C:\Windows\SysWOW64\WindowsCodecs.dll
18:31:31.0257 2724 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
18:31:31.0273 2724 [ BE165318E0052A91F7EA36F515B5F2B1 ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcp90.dll
18:31:31.0273 2724 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcp90.dll - ok
18:31:31.0273 2724 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
18:31:31.0273 2724 C:\Windows\SysWOW64\EhStorShell.dll - ok
18:31:31.0289 2724 [ 6F83C67F5339C2235996174BFB05041E ] C:\Program Files (x86)\AVG\AVG2012\avgopenssla.dll
18:31:31.0289 2724 C:\Program Files (x86)\AVG\AVG2012\avgopenssla.dll - ok
18:31:31.0289 2724 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\SysWOW64\ntshrui.dll
18:31:31.0289 2724 C:\Windows\SysWOW64\ntshrui.dll - ok
18:31:31.0304 2724 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
18:31:31.0304 2724 C:\Windows\SysWOW64\slc.dll - ok
18:31:31.0304 2724 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
18:31:31.0304 2724 C:\Windows\SysWOW64\imageres.dll - ok
18:31:31.0320 2724 [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll
18:31:31.0320 2724 C:\Windows\System32\esent.dll - ok
18:31:31.0320 2724 [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
18:31:31.0320 2724 C:\Windows\System32\wbem\NCProv.dll - ok
18:31:31.0335 2724 [ E4024CCF225A936207294DE50925D4F6 ] C:\Program Files (x86)\Google\Update\1.3.21.123\goopdateres_en.dll
18:31:31.0335 2724 C:\Program Files (x86)\Google\Update\1.3.21.123\goopdateres_en.dll - ok
18:31:31.0335 2724 [ 7425C32BA15AFD9ECE75029B00843F64 ] C:\Program Files (x86)\Google\Update\1.3.21.123\psmachine.dll
18:31:31.0335 2724 C:\Program Files (x86)\Google\Update\1.3.21.123\psmachine.dll - ok
18:31:31.0351 2724 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll
18:31:31.0351 2724 C:\Windows\SysWOW64\winsta.dll - ok
18:31:31.0351 2724 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
18:31:31.0351 2724 C:\Windows\SysWOW64\credssp.dll - ok
18:31:31.0367 2724 [ 1EA7969E3271CBC59E1730697DC74682 ] C:\Windows\System32\qmgr.dll
18:31:31.0367 2724 C:\Windows\System32\qmgr.dll - ok
18:31:31.0367 2724 [ 29409ED7400CA5BCCC30C0EE5147A60D ] C:\Windows\System32\bitsperf.dll
18:31:31.0367 2724 C:\Windows\System32\bitsperf.dll - ok
18:31:31.0382 2724 [ D9431DCF90B0253773F51FDEFE7FD42F ] C:\Windows\System32\bitsigd.dll
18:31:31.0382 2724 C:\Windows\System32\bitsigd.dll - ok
18:31:31.0382 2724 [ 96DB78C9C50CEED9DA5050EFFEE272A2 ] C:\Windows\System32\upnp.dll
18:31:31.0382 2724 C:\Windows\System32\upnp.dll - ok
18:31:31.0398 2724 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
18:31:31.0398 2724 C:\Windows\System32\ssdpsrv.dll - ok
18:31:31.0413 2724 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:31:31.0413 2724 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
18:31:31.0413 2724 [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\SysWOW64\mscoree.dll
18:31:31.0413 2724 C:\Windows\SysWOW64\mscoree.dll - ok
18:31:31.0429 2724 [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\SysWOW64\msvcr100_clr0400.dll
18:31:31.0429 2724 C:\Windows\SysWOW64\msvcr100_clr0400.dll - ok
18:31:31.0429 2724 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:31:31.0429 2724 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe - ok
18:31:31.0445 2724 [ CB21CD39637AC13F3455454B2F648257 ] C:\Windows\System32\msvcr100_clr0400.dll
18:31:31.0445 2724 C:\Windows\System32\msvcr100_clr0400.dll - ok
18:31:31.0445 2724 [ A08C010D859F8EB42BDD7E1D55B8CA27 ] C:\Windows\System32\mscoree.dll
18:31:31.0445 2724 C:\Windows\System32\mscoree.dll - ok
18:31:31.0460 2724 [ 5C4CB4086FB83115B153E47ADD961A0C ] C:\Windows\System32\FntCache.dll
18:31:31.0460 2724 C:\Windows\System32\FntCache.dll - ok
18:31:31.0460 2724 [ E17E0188BB90FAE42D83E98707EFA59C ] C:\Windows\System32\sppsvc.exe
18:31:31.0460 2724 C:\Windows\System32\sppsvc.exe - ok
18:31:31.0476 2724 [ FFF95479C7AB1550F0750A5D01744211 ] C:\Windows\System32\drivers\spsys.sys
18:31:31.0476 2724 C:\Windows\System32\drivers\spsys.sys - ok
18:31:31.0476 2724 [ A9F3BFC9345F49614D5859EC95B9E994 ] C:\Program Files\Windows Media Player\wmpnetwk.exe
18:31:31.0476 2724 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
18:31:31.0491 2724 [ F6F22291024906E43D135A4B1705FEAC ] C:\Windows\System32\sppwinob.dll
18:31:31.0491 2724 C:\Windows\System32\sppwinob.dll - ok
18:31:31.0507 2724 [ 423982DD851406A52B6399DDB196C606 ] C:\Windows\System32\wmdrmdev.dll
18:31:31.0507 2724 C:\Windows\System32\wmdrmdev.dll - ok
18:31:31.0507 2724 [ 2C1055E2C6D42753241FB2A129136994 ] C:\Windows\System32\drmv2clt.dll
18:31:31.0507 2724 C:\Windows\System32\drmv2clt.dll - ok
18:31:31.0523 2724 [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
18:31:31.0523 2724 C:\Windows\System32\mfplat.dll - ok
18:31:31.0523 2724 [ 9C24628CA56B724DC3FB1F65D7A9DE5F ] C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key
18:31:31.0523 2724 C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key - ok
18:31:31.0538 2724 [ E8B1FE6669397D1772D8196DF0E57A9E ] C:\Windows\System32\wscsvc.dll
18:31:31.0538 2724 C:\Windows\System32\wscsvc.dll - ok
18:31:31.0538 2724 [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll
18:31:31.0538 2724 C:\Windows\System32\p2pcollab.dll - ok
18:31:31.0554 2724 [ E0B340996A41C9A75DFA3B99BBA9C500 ] C:\Windows\System32\SearchIndexer.exe
18:31:31.0554 2724 C:\Windows\System32\SearchIndexer.exe - ok
18:31:31.0554 2724 [ 1EB82516F21F27EED1833B4F9FD9614E ] C:\Windows\System32\wmp.dll
18:31:31.0554 2724 C:\Windows\System32\wmp.dll - ok
18:31:31.0569 2724 [ 582AC6D9873E31DFA28A4547270862DD ] C:\Windows\System32\QAGENTRT.DLL
18:31:31.0569 2724 C:\Windows\System32\QAGENTRT.DLL - ok
18:31:31.0569 2724 [ 589DF683A6C81424A6CECE52ABF98A50 ] C:\Windows\System32\tquery.dll
18:31:31.0585 2724 C:\Windows\System32\tquery.dll - ok
18:31:31.0585 2724 [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll
18:31:31.0585 2724 C:\Windows\System32\fveui.dll - ok
18:31:31.0601 2724 [ C47F35CC6FA4F1BDBEF8F87AC1A46537 ] C:\Windows\System32\wuapi.dll
18:31:31.0601 2724 C:\Windows\System32\wuapi.dll - ok
18:31:31.0601 2724 [ 7568CC720ACE4D03B84AF97817E745EF ] C:\Windows\System32\mssrch.dll
18:31:31.0601 2724 C:\Windows\System32\mssrch.dll - ok
18:31:31.0616 2724 [ FA43D418BC945D27D0625B697B8442B5 ] C:\Windows\System32\cabinet.dll
18:31:31.0616 2724 C:\Windows\System32\cabinet.dll - ok
18:31:31.0616 2724 [ E746ED90132C6B6313CE9179F56BD31D ] C:\Windows\System32\wups.dll
18:31:31.0616 2724 C:\Windows\System32\wups.dll - ok
18:31:31.0632 2724 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
18:31:31.0632 2724 C:\Windows\System32\msidle.dll - ok
18:31:31.0632 2724 [ E19AD0D49BFF5938B3E374873AC174DE ] C:\Windows\System32\wmploc.DLL
18:31:31.0632 2724 C:\Windows\System32\wmploc.DLL - ok
18:31:31.0647 2724 [ C1D0691BE5DDB0C230D8370BD96BBE8B ] C:\Program Files\Internet Explorer\ieproxy.dll
18:31:31.0647 2724 C:\Program Files\Internet Explorer\ieproxy.dll - ok
18:31:31.0663 2724 [ 355A138ABDFD43FBABCAE3A1B06AB93D ] C:\Windows\System32\wmpps.dll
18:31:31.0663 2724 C:\Windows\System32\wmpps.dll - ok
18:31:31.0663 2724 [ 2B373B5F7E36B5ED5DA176D4400EF091 ] C:\Windows\System32\sppobjs.dll
18:31:31.0663 2724 C:\Windows\System32\sppobjs.dll - ok
18:31:31.0679 2724 [ F149E8CAE538DBF7059B00326673F602 ] C:\Windows\System32\wmpmde.dll
18:31:31.0679 2724 C:\Windows\System32\wmpmde.dll - ok
18:31:31.0679 2724 [ 021287C2050FD5DB4A8B084E2C38139C ] C:\Windows\System32\WinSATAPI.dll
18:31:31.0679 2724 C:\Windows\System32\WinSATAPI.dll - ok
18:31:31.0694 2724 [ 28A7D7C7E2FDD1D55F12F750CD6331EC ] C:\Windows\System32\MSMPEG2ENC.DLL
18:31:31.0694 2724 C:\Windows\System32\MSMPEG2ENC.DLL - ok
18:31:31.0694 2724 [ 46767946E7B559D981C1DC04EC0AB36F ] C:\Windows\System32\devenum.dll
18:31:31.0694 2724 C:\Windows\System32\devenum.dll - ok
18:31:31.0710 2724 [ 558C42D165DB5799B4072DC0A9C27C0B ] C:\Windows\System32\msdmo.dll
18:31:31.0710 2724 C:\Windows\System32\msdmo.dll - ok
18:31:31.0710 2724 [ D47EC6A8E81633DD18D2436B19BAF6DE ] C:\Windows\System32\upnphost.dll
18:31:31.0710 2724 C:\Windows\System32\upnphost.dll - ok
18:31:31.0725 2724 [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe
18:31:31.0725 2724 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
18:31:31.0725 2724 [ 07AD88DF9EF73215458867EFC1BFFE9E ] C:\Windows\System32\wbem\wmiprov.dll
18:31:31.0725 2724 C:\Windows\System32\wbem\wmiprov.dll - ok
18:31:31.0741 2724 [ 8258362DDB18B644A82D8B5061AD9426 ] C:\Windows\SysWOW64\wscisvif.dll
18:31:31.0741 2724 C:\Windows\SysWOW64\wscisvif.dll - ok
18:31:31.0741 2724 [ 20308CF0675AD7CE5AAA6712DB823216 ] C:\Program Files (x86)\Windows Defender\MpClient.dll
18:31:31.0741 2724 C:\Program Files (x86)\Windows Defender\MpClient.dll - ok
18:31:31.0757 2724 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
18:31:31.0757 2724 C:\Windows\System32\en-US\tquery.dll.mui - ok
18:31:31.0772 2724 [ 71E68F2443A80BD4DA89181889C457EA ] C:\Windows\System32\udhisapi.dll
18:31:31.0772 2724 C:\Windows\System32\udhisapi.dll - ok
18:31:31.0772 2724 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
18:31:31.0772 2724 C:\Windows\System32\linkinfo.dll - ok
18:31:31.0788 2724 [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
18:31:31.0788 2724 C:\Windows\System32\networkexplorer.dll - ok
18:31:31.0788 2724 [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
18:31:31.0788 2724 C:\Windows\System32\drprov.dll - ok
18:31:31.0803 2724 [ BC566D17914B07ABAAB3A5A385CC3300 ] C:\Windows\System32\ntlanman.dll
18:31:31.0803 2724 C:\Windows\System32\ntlanman.dll - ok
18:31:31.0803 2724 [ B3A33600DCDFB84D7FBE09ADEB1C9B8A ] C:\Windows\System32\davclnt.dll
18:31:31.0803 2724 C:\Windows\System32\davclnt.dll - ok
18:31:31.0819 2724 [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
18:31:31.0819 2724 C:\Windows\System32\davhlpr.dll - ok
18:31:31.0819 2724 [ D9E21CBF9E6A87847AFFD39EA3FA28EE ] C:\Windows\System32\SearchProtocolHost.exe
18:31:31.0819 2724 C:\Windows\System32\SearchProtocolHost.exe - ok
18:31:31.0835 2724 [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
18:31:31.0835 2724 C:\Windows\System32\msshooks.dll - ok
18:31:31.0835 2724 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] C:\Windows\System32\wuaueng.dll
18:31:31.0835 2724 C:\Windows\System32\wuaueng.dll - ok
18:31:31.0850 2724 [ 49A3AD5CE578CD77F445F3D244AEAB2D ] C:\Windows\System32\SearchFilterHost.exe
18:31:31.0850 2724 C:\Windows\System32\SearchFilterHost.exe - ok
18:31:31.0850 2724 [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
18:31:31.0850 2724 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
18:31:31.0866 2724 [ 617F6EC0AC677C685479C1D0D1E76C6F ] C:\Windows\System32\mspatcha.dll
18:31:31.0866 2724 C:\Windows\System32\mspatcha.dll - ok
18:31:31.0881 2724 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
18:31:31.0881 2724 C:\Windows\System32\mssprxy.dll - ok
18:31:31.0881 2724 [ 48041BAEB60CE5F34F13CC2A1361E49C ] C:\Windows\System32\mssph.dll
18:31:31.0881 2724 C:\Windows\System32\mssph.dll - ok
18:31:31.0897 2724 [ 8F4BB0CFECED925D440ABC2481278360 ] C:\Windows\System32\mapi32.dll
18:31:31.0897 2724 C:\Windows\System32\mapi32.dll - ok
18:31:31.0897 2724 [ 01E2855FB06C422E721D890AF201C2D7 ] C:\Windows\System32\NaturalLanguage6.dll
18:31:31.0897 2724 C:\Windows\System32\NaturalLanguage6.dll - ok
18:31:31.0913 2724 [ 701D9F5F3F21580936638D5C5F86B460 ] C:\Windows\System32\NlsData0009.dll
18:31:31.0913 2724 C:\Windows\System32\NlsData0009.dll - ok
18:31:31.0913 2724 [ 148A733B93A2AC104280495DA09D3CC2 ] C:\Windows\System32\NlsLexicons0009.dll
18:31:31.0913 2724 C:\Windows\System32\NlsLexicons0009.dll - ok
18:31:31.0928 2724 [ 76D86E65FF7D10292886A1F2DB93A911 ] C:\Windows\System32\ELSCore.dll
18:31:31.0928 2724 C:\Windows\System32\ELSCore.dll - ok
18:31:31.0928 2724 [ 12929BDE96189F4E968AD035573424F0 ] C:\Windows\System32\elsTrans.dll
18:31:31.0928 2724 C:\Windows\System32\elsTrans.dll - ok
18:31:31.0944 2724 [ AEE087CF7423BA44CC2DE03CC565E399 ] C:\Windows\System32\elslad.dll
18:31:31.0944 2724 C:\Windows\System32\elslad.dll - ok
18:31:31.0944 2724 [ 7FE0D0C8F53735EA17C9AE93EFE7AD5A ] C:\Windows\System32\wups2.dll
18:31:31.0944 2724 C:\Windows\System32\wups2.dll - ok
18:31:31.0959 2724 [ 11542EC1F1C53EDB3CCF5AADF4C9972F ] C:\Windows\System32\NlsData0000.dll
18:31:31.0959 2724 C:\Windows\System32\NlsData0000.dll - ok
18:31:31.0975 2724 [ 506708142BC63DABA64F2D3AD1DCD5BF ] C:\Users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe
18:31:31.0975 2724 C:\Users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe - ok
18:31:31.0975 2724 [ 07F7AE68602448F4B6D5A9A40BBA977C ] C:\Users\Justin\AppData\Local\Google\Update\1.3.21.124\goopdate.dll
18:31:31.0975 2724 C:\Users\Justin\AppData\Local\Google\Update\1.3.21.124\goopdate.dll - ok
18:31:31.0991 2724 [ 2368136FF8B2EDDADD5D81EE04693A36 ] C:\Users\Justin\AppData\Local\Google\Update\1.3.21.124\goopdateres_en.dll
18:31:31.0991 2724 C:\Users\Justin\AppData\Local\Google\Update\1.3.21.124\goopdateres_en.dll - ok
18:31:31.0991 2724 [ B07516B5E0D0AC8EE91FE8D746A01690 ] C:\Users\Justin\AppData\Local\Google\Update\1.3.21.124\psuser.dll
18:31:31.0991 2724 C:\Users\Justin\AppData\Local\Google\Update\1.3.21.124\psuser.dll - ok
18:31:32.0006 2724 [ 28943370E3AF1D34D77D22911F891213 ] C:\Windows\System32\NlsData0003.dll
18:31:32.0006 2724 C:\Windows\System32\NlsData0003.dll - ok
18:31:32.0006 2724 [ 4F0429B763D05E721C0DD50693B7EFBE ] C:\Windows\System32\NlsLexicons0003.dll
18:31:32.0006 2724 C:\Windows\System32\NlsLexicons0003.dll - ok
18:31:32.0022 2724 [ A094DF70FC58677D79B1E8F045AC2883 ] C:\Windows\System32\NlsData0416.dll
18:31:32.0022 2724 C:\Windows\System32\NlsData0416.dll - ok
18:31:32.0022 2724 [ 371821A1C47A2B80275A23483FA36BB2 ] C:\Windows\System32\NlsLexicons0416.dll
18:31:32.0022 2724 C:\Windows\System32\NlsLexicons0416.dll - ok
18:31:32.0037 2724 [ 164647BBD819458CE5AA8A8C097B83AC ] C:\Windows\System32\NlsData0007.dll
18:31:32.0037 2724 C:\Windows\System32\NlsData0007.dll - ok
18:31:32.0037 2724 [ 37A2FBCBD0AF846BEF609CBEB61EEA68 ] C:\Windows\System32\NlsLexicons0007.dll
18:31:32.0037 2724 C:\Windows\System32\NlsLexicons0007.dll - ok
18:31:32.0053 2724 [ 061A78FEFA0457FD64F62DF791939466 ] C:\Windows\System32\NlsData000a.dll
18:31:32.0053 2724 C:\Windows\System32\NlsData000a.dll - ok
18:31:32.0053 2724 [ CDDF26D22DF0C095BC3DF44BBCDC426C ] C:\Windows\System32\NlsLexicons000a.dll
18:31:32.0053 2724 C:\Windows\System32\NlsLexicons000a.dll - ok
18:31:32.0069 2724 [ 51272A935F4F482A70F2A7D1C3A67AEE ] C:\Windows\System32\NlsData000c.dll
18:31:32.0069 2724 C:\Windows\System32\NlsData000c.dll - ok
18:31:32.0084 2724 [ C2142407A2BE3462247500849B3FF8C7 ] C:\Windows\System32\NlsLexicons000c.dll
18:31:32.0084 2724 C:\Windows\System32\NlsLexicons000c.dll - ok
18:31:32.0084 2724 [ 2B0605ABC47532155FFBFDC1693317D8 ] C:\Windows\System32\NlsData0010.dll
18:31:32.0084 2724 C:\Windows\System32\NlsData0010.dll - ok
18:31:32.0100 2724 [ 362ACF8F7476637A5F76BE5953F4F258 ] C:\Windows\System32\NlsLexicons0010.dll
18:31:32.0100 2724 C:\Windows\System32\NlsLexicons0010.dll - ok
18:31:32.0100 2724 [ 6607C2182C6A53ED983813AFE2F85768 ] C:\Windows\System32\wbem\cimwin32.dll
18:31:32.0100 2724 C:\Windows\System32\wbem\cimwin32.dll - ok
18:31:32.0115 2724 [ 1484B9EBF567346582DE571B0E164AE0 ] C:\Windows\System32\framedynos.dll
18:31:32.0115 2724 C:\Windows\System32\framedynos.dll - ok
18:31:32.0115 2724 [ 0D893F8D145D3B125B0226727C243A69 ] C:\Windows\System32\security.dll
18:31:32.0115 2724 C:\Windows\System32\security.dll - ok
18:31:32.0131 2724 [ 012787CEB35505EB78DF82E0A0072888 ] C:\Windows\System32\browcli.dll
18:31:32.0131 2724 C:\Windows\System32\browcli.dll - ok
18:31:32.0131 2724 [ C4BFE4B61086416B0529212F92BCE081 ] C:\Windows\System32\schedcli.dll
18:31:32.0131 2724 C:\Windows\System32\schedcli.dll - ok
18:31:32.0147 2724 [ 5EA9A0950F322BFA382AF277801C0307 ] C:\Windows\System32\wbem\wmipcima.dll
18:31:32.0147 2724 C:\Windows\System32\wbem\wmipcima.dll - ok
18:31:32.0147 2724 [ C00DB14550E4BD49737F311C644E45FF ] C:\Windows\System32\wmi.dll
18:31:32.0147 2724 C:\Windows\System32\wmi.dll - ok
18:31:32.0162 2724 [ A9263F43A5F55F8920DEFA5DB13915D3 ] C:\Windows\System32\NlsData001a.dll
18:31:32.0162 2724 C:\Windows\System32\NlsData001a.dll - ok
18:31:32.0162 2724 [ 916A505D363C3864B5B1CF52A43276A2 ] C:\Windows\System32\NlsLexicons001a.dll
18:31:32.0162 2724 C:\Windows\System32\NlsLexicons001a.dll - ok
18:31:32.0178 2724 [ A42FBC61385A5F5F444209EE94D89F27 ] C:\Windows\System32\NlsData0021.dll
18:31:32.0178 2724 C:\Windows\System32\NlsData0021.dll - ok
18:31:32.0178 2724 [ E5283AFD7590ECC37F8D62C4D6F1FB48 ] C:\Windows\System32\NlsLexicons0021.dll
18:31:32.0178 2724 C:\Windows\System32\NlsLexicons0021.dll - ok
18:31:32.0193 2724 [ 005247E3057BC5D5C3F8C6F886FFC10C ] C:\Windows\System32\wbem\WMIADAP.exe
18:31:32.0193 2724 C:\Windows\System32\wbem\WMIADAP.exe - ok
18:31:32.0209 2724 [ 52799EAD792B0E9AE7FD4BA5BD18FE5C ] C:\Windows\SysWOW64\wbem\WMIADAP.exe
18:31:32.0209 2724 C:\Windows\SysWOW64\wbem\WMIADAP.exe - ok
18:31:32.0209 2724 [ 9FE3ED67345F0FF829A4A53B90E09672 ] C:\Windows\System32\loadperf.dll
18:31:32.0209 2724 C:\Windows\System32\loadperf.dll - ok
18:31:32.0225 2724 [ 9BDB62D5C4B3AE8807CB61F7503784E7 ] C:\Windows\System32\NlsData0018.dll
18:31:32.0225 2724 C:\Windows\System32\NlsData0018.dll - ok
18:31:32.0225 2724 [ 3A84190D1D472A3BB9CC4AF141326F13 ] C:\Windows\System32\NlsLexicons0018.dll
18:31:32.0225 2724 C:\Windows\System32\NlsLexicons0018.dll - ok
18:31:32.0240 2724 [ 916DB4FEB392BC58239D1C5825E33EA3 ] C:\Windows\System32\NlsData001b.dll
18:31:32.0240 2724 C:\Windows\System32\NlsData001b.dll - ok
18:31:32.0240 2724 [ EE44FD66D54E14694E7DD21C4E1E6599 ] C:\Windows\System32\NlsLexicons001b.dll
18:31:32.0240 2724 C:\Windows\System32\NlsLexicons001b.dll - ok
18:31:32.0256 2724 [ 4A7D7024A99B111417C26B5F48E7C5A1 ] C:\Windows\System32\NlsData003e.dll
18:31:32.0256 2724 C:\Windows\System32\NlsData003e.dll - ok
18:31:32.0271 2724 [ B3854FE99BC75FD6D9DD2D313B94277D ] C:\Windows\System32\NlsLexicons003e.dll
18:31:32.0271 2724 C:\Windows\System32\NlsLexicons003e.dll - ok
18:31:32.0271 2724 [ F9EFAB39E0A45D159CAFA3648E4E2FC8 ] C:\Program Files (x86)\AVG\AVG2012\avgadvisorx.dll
18:31:32.0271 2724 C:\Program Files (x86)\AVG\AVG2012\avgadvisorx.dll - ok
18:31:32.0287 2724 [ 1220595CABA75AB91A6B3FA3B89483CC ] C:\Windows\SysWOW64\snmpapi.dll
18:31:32.0287 2724 C:\Windows\SysWOW64\snmpapi.dll - ok
18:31:32.0287 2724 [ B010CF886420EE29C2C276646721D255 ] C:\Windows\SysWOW64\wlanapi.dll
18:31:32.0287 2724 C:\Windows\SysWOW64\wlanapi.dll - ok
18:31:32.0303 2724 [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\SysWOW64\wlanutil.dll
18:31:32.0303 2724 C:\Windows\SysWOW64\wlanutil.dll - ok
18:31:32.0318 2724 [ FCF1A9C3FB29786946302B4470952D85 ] C:\Program Files (x86)\AVG\AVG2012\avgcslx.dll
18:31:32.0318 2724 C:\Program Files (x86)\AVG\AVG2012\avgcslx.dll - ok
18:31:32.0318 2724 [ 874F1EE41B7686798FF1065D17A60D66 ] C:\Windows\System32\rtffilt.dll
18:31:32.0318 2724 C:\Windows\System32\rtffilt.dll - ok
18:31:32.0334 2724 [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
18:31:32.0334 2724 C:\Windows\System32\msftedit.dll - ok
18:31:32.0334 2724 [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll
18:31:32.0334 2724 C:\Windows\SysWOW64\devrtl.dll - ok
18:31:32.0349 2724 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
18:31:32.0349 2724 C:\Windows\SysWOW64\mpr.dll - ok
18:31:32.0349 2724 [ B519848DFA30AE2B306576B51321D102 ] C:\Windows\System32\ie4uinit.exe
18:31:32.0349 2724 C:\Windows\System32\ie4uinit.exe - ok
18:31:32.0365 2724 [ C3E98C42EDF7EF237A4BAB91FEAC7426 ] C:\Windows\System32\iedkcs32.dll
18:31:32.0365 2724 C:\Windows\System32\iedkcs32.dll - ok
18:31:32.0365 2724 [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
18:31:32.0365 2724 C:\Windows\System32\timedate.cpl - ok
18:31:32.0381 2724 [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
18:31:32.0381 2724 C:\Windows\System32\actxprxy.dll - ok
18:31:32.0381 2724 [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
18:31:32.0381 2724 C:\Windows\System32\shdocvw.dll - ok
18:31:32.0396 2724 [ E6DD15E668DAF0A02470CF551B0A0105 ] C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll
18:31:32.0396 2724 C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll - ok
18:31:32.0396 2724 [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
18:31:32.0396 2724 C:\Windows\System32\msls31.dll - ok
18:31:32.0412 2724 [ 2BCBA6052374959A30BD7948444DBB79 ] C:\Windows\System32\gameux.dll
18:31:32.0412 2724 C:\Windows\System32\gameux.dll - ok
18:31:32.0412 2724 [ 7DBA84667DC18877AEF693E3543DFAD7 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
18:31:32.0412 2724 C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
18:31:32.0427 2724 [ 40E76CC4DF514CE083ABF7905837DB78 ] C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
18:31:32.0427 2724 C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe - ok
18:31:32.0427 2724 [ 5D61BE7DB55B026A5D61A3EED09D0EAD ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
18:31:32.0427 2724 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - ok
18:31:32.0443 2724 [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
18:31:32.0443 2724 C:\Windows\System32\DeviceCenter.dll - ok
18:31:32.0443 2724 [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll
18:31:32.0443 2724 C:\Windows\System32\msi.dll - ok
18:31:32.0459 2724 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
18:31:32.0459 2724 C:\Windows\System32\msiltcfg.dll - ok
18:31:32.0474 2724 [ 6C05EE9545E4D000793461E1F27F7698 ] C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
18:31:32.0474 2724 C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll - ok
18:31:32.0474 2724 [ 9482A6241FD04A3D395200A14709CEE8 ] C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
18:31:32.0474 2724 C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\QtGui4.dll - ok
18:31:32.0490 2724 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\SysWOW64\comdlg32.dll
18:31:32.0490 2724 C:\Windows\SysWOW64\comdlg32.dll - ok
18:31:32.0490 2724 [ 994BF064851281D22CFACB306EF0C277 ] C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
18:31:32.0490 2724 C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\QtCore4.dll - ok
18:31:32.0505 2724 [ BD6599741E57F3CE5B77875B69459A7B ] C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
18:31:32.0505 2724 C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll - ok
18:31:32.0505 2724 [ 76E7410B3A308F6960D3CE06DC7874AD ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll
18:31:32.0505 2724 C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll - ok
18:31:32.0521 2724 [ E495B1EAFA617CAF67E3457C2746FA8F ] C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\pthread.dll
18:31:32.0521 2724 C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\pthread.dll - ok
18:31:32.0521 2724 [ 9208AA7D6EDF715BE8DDCB09DCC873D7 ] C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\log4cxx.dll
18:31:32.0521 2724 C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\log4cxx.dll - ok
18:31:32.0537 2724 [ 7D34AF98A706230CC2DEDFE0CABF87AB ] C:\Windows\SysWOW64\odbc32.dll
18:31:32.0537 2724 C:\Windows\SysWOW64\odbc32.dll - ok
18:31:32.0537 2724 [ D2A85867DB4F59F1CDBB8505D24E8B13 ] C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
18:31:32.0552 2724 C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\libaacdec.dll - ok
18:31:32.0552 2724 [ B9CDC23624B1139CEAFA87F9547E81C4 ] C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
18:31:32.0552 2724 C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\libid3tag.dll - ok
18:31:32.0568 2724 [ 4EFAC73C3CD8E6D94C3B861BC53245B9 ] C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
18:31:32.0568 2724 C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll - ok
18:31:32.0568 2724 [ 409F0748FF1346C45B06175A442D0316 ] C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
18:31:32.0568 2724 C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll - ok
18:31:32.0583 2724 [ 917A728A12F25FCF4636858FAC9979FA ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
18:31:32.0583 2724 C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll - ok
18:31:32.0583 2724 [ 371BA71B566260932DCCCF843BF6C7E7 ] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
18:31:32.0583 2724 C:\Program Files (x86)\AVG\AVG2012\avgtray.exe - ok
18:31:32.0599 2724 [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
18:31:32.0599 2724 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - ok
18:31:32.0599 2724 [ 0D286C0FE561D1A7EB30E83A0FF305B2 ] C:\Program Files (x86)\Internet Explorer\iexplore.exe
18:31:32.0599 2724 C:\Program Files (x86)\Internet Explorer\iexplore.exe - ok
18:31:32.0615 2724 [ ABA457BFC7EC0B5E130B2F1E0F549DFF ] C:\Windows\SysWOW64\odbcint.dll
18:31:32.0615 2724 C:\Windows\SysWOW64\odbcint.dll - ok
18:31:32.0615 2724 [ C26B09276755E0698B31CF0BAE0BF182 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
18:31:32.0615 2724 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
18:31:32.0630 2724 [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
18:31:32.0630 2724 C:\Windows\System32\thumbcache.dll - ok
18:31:32.0646 2724 [ 3CB07566302BCEEB898DE270A0BEC175 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
18:31:32.0646 2724 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
18:31:32.0646 2724 [ 48E6868781B4E8BF4B77DBEC7694BCE8 ] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
18:31:32.0646 2724 C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe - ok
18:31:32.0661 2724 [ CA6ADE4F7761BB15B3325356DC3B82BB ] C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
18:31:32.0661 2724 C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll - ok
18:31:32.0661 2724 [ 6C4B5DFA3C8706D3FEC335701B058FA3 ] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
18:31:32.0661 2724 C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe - ok
18:31:32.0677 2724 [ 5112FBD9885D79A9FC73BDE9B1EF9334 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
18:31:32.0677 2724 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
18:31:32.0677 2724 [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
18:31:32.0677 2724 C:\Windows\System32\wdmaud.drv - ok
18:31:32.0693 2724 [ 5AA4DF6CD3C96086955064BEC1CD0C9B ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
18:31:32.0693 2724 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe - ok
18:31:32.0693 2724 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
18:31:32.0693 2724 C:\Windows\System32\ksuser.dll - ok
18:31:32.0708 2724 [ F783EC309D42813F74319EB776153B2B ] C:\Users\Justin\Desktop\SystemLook_x64.exe
18:31:32.0708 2724 C:\Users\Justin\Desktop\SystemLook_x64.exe - ok
18:31:32.0724 2724 [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll
18:31:32.0724 2724 C:\Windows\System32\AudioSes.dll - ok
18:31:32.0724 2724 [ 414DA952A35BF5D50192E28263B40577 ] C:\Windows\SysWOW64\shsvcs.dll
18:31:32.0724 2724 C:\Windows\SysWOW64\shsvcs.dll - ok
18:31:32.0739 2724 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
18:31:32.0739 2724 C:\Windows\System32\msacm32.drv - ok
18:31:32.0739 2724 [ 81ADBC4E31A721AEF23251A952049BA2 ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
18:31:32.0739 2724 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
18:31:32.0755 2724 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
18:31:32.0755 2724 C:\Windows\System32\msacm32.dll - ok
18:31:32.0755 2724 [ 612DCF511367C3666BEF8D1EFFB2566E ] C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
18:31:32.0755 2724 C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll - ok
18:31:32.0771 2724 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
18:31:32.0771 2724 C:\Windows\System32\midimap.dll - ok
18:31:32.0771 2724 [ 20ECAC7791DCBA69121631CB627E5A96 ] C:\Windows\System32\mf.dll
18:31:32.0771 2724 C:\Windows\System32\mf.dll - ok
18:31:32.0786 2724 [ AC5DF873913B00E554D8F553459BC431 ] C:\Windows\System32\qmgrprxy.dll
18:31:32.0786 2724 C:\Windows\System32\qmgrprxy.dll - ok
18:31:32.0786 2724 [ 85B45B4B285B159ACDB355FC8C1E8925 ] C:\Windows\SysWOW64\qmgrprxy.dll
18:31:32.0786 2724 C:\Windows\SysWOW64\qmgrprxy.dll - ok
18:31:32.0802 2724 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
18:31:32.0802 2724 C:\Windows\System32\AudioEng.dll - ok
18:31:32.0817 2724 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
18:31:32.0817 2724 C:\Windows\SysWOW64\msimg32.dll - ok
18:31:32.0817 2724 [ C335EC1182AC10B188705554E0BC1186 ] C:\Windows\SysWOW64\msvfw32.dll
18:31:32.0817 2724 C:\Windows\SysWOW64\msvfw32.dll - ok
18:31:32.0833 2724 [ EE5B38DD8B8EBBE8868B9EF00B815585 ] C:\Program Files (x86)\Real\RealPlayer\Update\setu3270.dll
18:31:32.0833 2724 C:\Program Files (x86)\Real\RealPlayer\Update\setu3270.dll - ok
18:31:32.0833 2724 [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
18:31:32.0833 2724 C:\Windows\System32\stobject.dll - ok
18:31:32.0880 2724 [ FBFCA1A574D47EE575448B719CBBF2E4 ] C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
18:31:32.0880 2724 C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL - ok
18:31:32.0911 2724 [ 8B9D6D070113CFD8E20793768AFA26FC ] C:\Program Files (x86)\AVG\AVG2012\avglngx.dll
18:31:32.0911 2724 C:\Program Files (x86)\AVG\AVG2012\avglngx.dll - ok
18:31:32.0927 2724 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
18:31:32.0927 2724 C:\Windows\System32\AUDIOKSE.dll - ok
18:31:32.0942 2724 [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
18:31:32.0942 2724 C:\Windows\System32\batmeter.dll - ok
18:31:32.0942 2724 [ 7301A8574C11A22CB63C45260F69988D ] C:\Program Files (x86)\Real\RealPlayer\realjbox.exe
18:31:32.0942 2724 C:\Program Files (x86)\Real\RealPlayer\realjbox.exe - ok
18:31:32.0958 2724 [ 01243FA89FBEC041E873DE8386138440 ] C:\Program Files (x86)\Real\RealPlayer\realplay.exe
18:31:32.0958 2724 C:\Program Files (x86)\Real\RealPlayer\realplay.exe - ok
18:31:32.0973 2724 [ 7240EA3FA768ED1E6E52741AE47EA08A ] C:\Program Files (x86)\AVG\AVG2012\avgabout.dll
18:31:32.0973 2724 C:\Program Files (x86)\AVG\AVG2012\avgabout.dll - ok
18:31:32.0973 2724 [ 6F3C559B82F2912354BE5B098744CC8C ] C:\Windows\System32\WMALFXGFXDSP.dll
18:31:32.0973 2724 C:\Windows\System32\WMALFXGFXDSP.dll - ok
18:31:32.0989 2724 [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
18:31:32.0989 2724 C:\Windows\System32\prnfldr.dll - ok
18:31:32.0989 2724 [ 2A436796758BF2555A26C770FE8A6FEE ] C:\Windows\System32\fdProxy.dll
18:31:32.0989 2724 C:\Windows\System32\fdProxy.dll - ok
18:31:33.0005 2724 [ 6F20729E802D5CC643A73A7F0339032B ] C:\Program Files (x86)\AVG\AVG2012\avguires.dll
18:31:33.0005 2724 C:\Program Files (x86)\AVG\AVG2012\avguires.dll - ok
18:31:33.0005 2724 [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
18:31:33.0005 2724 C:\Windows\System32\DXP.dll - ok
18:31:33.0020 2724 [ 020D5F7ABD814935C1BBD55D97F11DB8 ] C:\Program Files (x86)\Real\RealPlayer\rpwa3260.dll
18:31:33.0020 2724 C:\Program Files (x86)\Real\RealPlayer\rpwa3260.dll - ok
18:31:33.0036 2724 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
18:31:33.0036 2724 C:\Windows\System32\Syncreg.dll - ok
18:31:33.0036 2724 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
18:31:33.0036 2724 C:\Windows\ehome\ehSSO.dll - ok
18:31:33.0051 2724 [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll
18:31:33.0051 2724 C:\Windows\System32\ActionCenter.dll - ok
18:31:33.0051 2724 [ 54C0E2C37436A15DA2CC40FDA742E2F5 ] C:\Windows\System32\mfds.dll
18:31:33.0051 2724 C:\Windows\System32\mfds.dll - ok
18:31:33.0067 2724 [ 44A8B9185030EA57F7999383643ADFFB ] C:\Windows\System32\quartz.dll
18:31:33.0067 2724 C:\Windows\System32\quartz.dll - ok
18:31:33.0067 2724 [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
18:31:33.0067 2724 C:\Windows\System32\WPDShServiceObj.dll - ok
18:31:33.0083 2724 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
18:31:33.0083 2724 C:\Windows\System32\PortableDeviceTypes.dll - ok
18:31:33.0083 2724 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
18:31:33.0083 2724 C:\Windows\System32\AltTab.dll - ok
18:31:33.0098 2724 [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
18:31:33.0098 2724 C:\Windows\System32\srchadmin.dll - ok
18:31:33.0098 2724 [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
18:31:33.0098 2724 C:\Windows\System32\pnidui.dll - ok
18:31:33.0114 2724 [ 1E452D8F44D82BFC256E02D0D6FD9608 ] C:\Windows\System32\mpg2splt.ax
18:31:33.0114 2724 C:\Windows\System32\mpg2splt.ax - ok
18:31:33.0114 2724 [ 4D842C5081F06E61BFF461CF87D13525 ] C:\Windows\ehome\ehtrace.dll
18:31:33.0114 2724 C:\Windows\ehome\ehtrace.dll - ok
18:31:33.0129 2724 [ 35E81AA554E60D395572E780EF3B60CB ] C:\Windows\System32\msmpeg2adec.dll
18:31:33.0129 2724 C:\Windows\System32\msmpeg2adec.dll - ok
18:31:33.0129 2724 [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
18:31:33.0129 2724 C:\Windows\System32\QUTIL.DLL - ok
18:31:33.0145 2724 [ B2E9DB5E5F4091FCDA0C9249C1E3F974 ] C:\Program Files (x86)\AVG\AVG2012\avgidpmx.dll
18:31:33.0145 2724 C:\Program Files (x86)\AVG\AVG2012\avgidpmx.dll - ok
18:31:33.0161 2724 [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
18:31:33.0161 2724 C:\Windows\System32\bthprops.cpl - ok
18:31:33.0161 2724 [ E793D5BC2D58797235741EBA61DC56B8 ] C:\Windows\System32\msmpeg2vdec.dll
18:31:33.0161 2724 C:\Windows\System32\msmpeg2vdec.dll - ok
18:31:33.0176 2724 [ C71E7ABB1A34E56CE73AE117C8DD566F ] C:\Windows\System32\ieframe.dll
18:31:33.0176 2724 C:\Windows\System32\ieframe.dll - ok
18:31:33.0176 2724 [ BA9DC5F6E03309B795566122847B8428 ] C:\Windows\System32\evr.dll
18:31:33.0176 2724 C:\Windows\System32\evr.dll - ok
18:31:33.0176 2724 [ 4C3DAEE652B005B483F16B8E9131C99D ] C:\Windows\System32\d3d9.dll
18:31:33.0176 2724 C:\Windows\System32\d3d9.dll - ok
18:31:33.0192 2724 [ 3044D07ABDF4BBEA27E2EE7B1E0C0C65 ] C:\Windows\System32\d3d8thk.dll
18:31:33.0192 2724 C:\Windows\System32\d3d8thk.dll - ok
18:31:33.0207 2724 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
18:31:33.0207 2724 C:\Windows\System32\FXSST.dll - ok
18:31:33.0207 2724 [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
18:31:33.0207 2724 C:\Windows\System32\FXSAPI.dll - ok
18:31:33.0223 2724 [ C5DCF85E964F6E4D13AE3BCBB5400567 ] C:\Program Files (x86)\AVG SafeGuard toolbar\14.0.0.14\AVG SafeGuard toolbar_toolbar.dll
18:31:33.0223 2724 C:\Program Files (x86)\AVG SafeGuard toolbar\14.0.0.14\AVG SafeGuard toolbar_toolbar.dll - ok
18:31:33.0223 2724 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
18:31:33.0223 2724 C:\Windows\System32\FXSSVC.exe - ok
18:31:33.0239 2724 [ D7CEAEDD5F75D2C8A2E80887D7C114CE ] C:\Windows\System32\webcheck.dll
18:31:33.0239 2724 C:\Windows\System32\webcheck.dll - ok
18:31:33.0239 2724 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
18:31:33.0239 2724 C:\Windows\System32\mlang.dll - ok
18:31:33.0254 2724 [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
18:31:33.0254 2724 C:\Windows\System32\SyncCenter.dll - ok
18:31:33.0254 2724 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\44270131.sys
18:31:33.0254 2724 C:\Windows\System32\drivers\44270131.sys - ok
18:31:33.0270 2724 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
18:31:33.0270 2724 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
18:31:33.0270 2724 [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll
18:31:33.0270 2724 C:\Windows\System32\imapi2.dll - ok
18:31:33.0285 2724 [ B0F69B9DE0AEBFD7E4CEADE6758DF627 ] C:\Windows\System32\SearchFolder.dll
18:31:33.0285 2724 C:\Windows\System32\SearchFolder.dll - ok
18:31:33.0285 2724 [ 4E81439902079C348B61D7FF027FE147 ] C:\Windows\System32\StructuredQuery.dll
18:31:33.0301 2724 C:\Windows\System32\StructuredQuery.dll - ok
18:31:33.0301 2724 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
18:31:33.0301 2724 C:\Windows\SysWOW64\riched20.dll - ok
18:31:33.0317 2724 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
18:31:33.0317 2724 C:\Windows\System32\rasdlg.dll - ok
18:31:33.0317 2724 [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
18:31:33.0317 2724 C:\Windows\System32\hgcpl.dll - ok
18:31:33.0332 2724 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
18:31:33.0332 2724 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
18:31:33.0332 2724 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
18:31:33.0332 2724 C:\Windows\SysWOW64\duser.dll - ok
18:31:33.0348 2724 [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
18:31:33.0348 2724 C:\Windows\System32\dot3api.dll - ok
18:31:33.0348 2724 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
18:31:33.0348 2724 C:\Windows\System32\wlanhlp.dll - ok
18:31:33.0363 2724 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
18:31:33.0363 2724 C:\Windows\System32\wlanapi.dll - ok
18:31:33.0363 2724 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
18:31:33.0363 2724 C:\Windows\SysWOW64\dui70.dll - ok
18:31:33.0379 2724 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
18:31:33.0379 2724 C:\Windows\System32\wlanutil.dll - ok
18:31:33.0379 2724 [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
18:31:33.0379 2724 C:\Windows\System32\onex.dll - ok
18:31:33.0395 2724 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
18:31:33.0395 2724 C:\Windows\System32\WWanAPI.dll - ok
18:31:33.0395 2724 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
18:31:33.0395 2724 C:\Windows\System32\wwapi.dll - ok
18:31:33.0410 2724 [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
18:31:33.0410 2724 C:\Windows\System32\UIAnimation.dll - ok
18:31:33.0410 2724 [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
18:31:33.0410 2724 C:\Windows\System32\QAGENT.DLL - ok
18:31:33.0426 2724 [ 382BDDDE3438F9A65935ABC6B3F76D1B ] C:\Windows\SysWOW64\amstream.dll
18:31:33.0426 2724 C:\Windows\SysWOW64\amstream.dll - ok
18:31:33.0426 2724 [ 198552AEFECA69D646867EC8D792DE95 ] C:\Windows\SysWOW64\ddraw.dll
18:31:33.0426 2724 C:\Windows\SysWOW64\ddraw.dll - ok
18:31:33.0441 2724 [ 55E5B32AE8D1F51A63C82919656FD275 ] C:\Windows\SysWOW64\dciman32.dll
18:31:33.0441 2724 C:\Windows\SysWOW64\dciman32.dll - ok
18:31:33.0441 2724 [ 0AE0C4955E1DE29CCDC9DA1B816FE5EE ] C:\Windows\SysWOW64\quartz.dll
18:31:33.0441 2724 C:\Windows\SysWOW64\quartz.dll - ok
18:31:33.0457 2724 [ 7460D7EED8A97FD7603B254C9F1EC354 ] C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\SiteSafety.dll
18:31:33.0457 2724 C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\SiteSafety.dll - ok
18:31:33.0457 2724 [ E6F9143B9607A682ED439900AA99D586 ] C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\14.0.1\avgdttbx.dll
18:31:33.0457 2724 C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\14.0.1\avgdttbx.dll - ok
18:31:33.0473 2724 ============================================================
18:31:33.0473 2724 Scan finished
18:31:33.0473 2724 ============================================================
18:31:33.0488 1848 Detected object count: 6
18:31:33.0488 1848 Actual detected object count: 6
18:32:26.0466 1848 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:26.0466 1848 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:32:26.0466 1848 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:26.0466 1848 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:32:26.0481 1848 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:26.0481 1848 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:32:26.0481 1848 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:26.0481 1848 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:32:26.0481 1848 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:26.0481 1848 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:32:26.0481 1848 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:26.0481 1848 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:33:56.0088 4044 Deinitialize success


----------



## justgreene (Jun 21, 2005)

Here is the OTL log (wasn't sure if you needed that):
OTL logfile created on: 2/4/2013 5:34:00 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Justin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 70.93% Memory free
5.75 Gb Paging File | 4.40 Gb Available in Paging File | 76.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.63 Gb Total Space | 103.58 Gb Free Space | 46.73% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 14.96 Gb Free Space | 40.17% Space Free | Partition Type: NTFS
Drive E: | 11.25 Gb Total Space | 1.51 Gb Free Space | 13.38% Space Free | Partition Type: NTFS
Drive G: | 74.52 Gb Total Space | 14.28 Gb Free Space | 19.17% Space Free | Partition Type: NTFS
Drive H: | 465.64 Gb Total Space | 113.05 Gb Free Space | 24.28% Space Free | Partition Type: FAT32
Drive I: | 2794.51 Gb Total Space | 2580.27 Gb Free Space | 92.33% Space Free | Partition Type: NTFS

Computer Name: GREENEHOME | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\14.0.1\ScriptHelper.exe ()
PRC - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
PRC - C:\Users\Justin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Users\Justin\AppData\Local\Google\Update\1.3.21.124\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\14.0.1\ScriptHelper.exe ()
MOD - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\SiteSafety.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\libid3tag.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\libaacdec.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\QtGui4.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\QtCore4.dll ()

========== Services (SafeList) ==========

SRV:*64bit:* - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:*64bit:* - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (vToolbarUpdater14.0.1) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()

========== Driver Services (SafeList) ==========

DRV:*64bit:* - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:*64bit:* - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:*64bit:* - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:*64bit:* - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:*64bit:* - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:*64bit:* - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:*64bit:* - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:*64bit:* - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:*64bit:* - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:*64bit:* - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:*64bit:* - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:*64bit:* - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:*64bit:* - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:*64bit:* - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:*64bit:* - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:*64bit:* - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:*64bit:* - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:*64bit:* - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:*64bit:* - (AVMNgTunM780) -- C:\Windows\SysNative\drivers\AVerTun.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:*64bit:* - (AVMNgCapM780) -- C:\Windows\SysNative\drivers\AVerCap.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:*64bit:* - (AVMNgBasM780) -- C:\Windows\SysNative\drivers\AVerBas.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:*64bit:* - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:*64bit:* - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:*64bit:* - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:*64bit:* - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:*64bit:* - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

IE - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 88 E2 41 07 65 CD 01 [binary data]
IE - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_enUS495
IE - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={D5E1EF48-3B55-4C47-8F96-A43D4BEC3430}&mid=0ee2cac576784bef9cf54f979af83bd2-31c09cfdf0b96324640915a9f1bc07a9260dde39&lang=en&ds=AVG&pr=fr&d=2013-01-23 21:59:50&v=14.0.0.14&pid=safeguard&sg=1&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://mysearch.avg.com/?cid={D5E1EF48-3B55-4C47-8F96-A43D4BEC3430}&mid=0ee2cac576784bef9cf54f979af83bd2-31c09cfdf0b96324640915a9f1bc07a9260dde39&lang=en&ds=AVG&pr=fr&d=2013-01-23 21:59:50&v=14.0.0.14&pid=safeguard&sg=1&sap=hp"
FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "http://mysearch.avg.com/search?cid={D5E1EF48-3B55-4C47-8F96-A43D4BEC3430}&mid=0ee2cac576784bef9cf54f979af83bd2-31c09cfdf0b96324640915a9f1bc07a9260dde39&lang=en&ds=AVG&pr=fr&d=2013-01-23 21:59:50&pid=safeguard&sg=1&v=14.0.0.14&sap=ku&q="
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Justin\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Justin\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/18 14:43:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/01/30 14:12:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/09/12 19:53:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/23 16:44:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/23 16:44:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14 [2013/01/23 21:59:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/08 14:02:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/23 16:43:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/18 14:43:53 | 000,000,000 | ---D | M]

[2012/07/18 11:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions
[2012/10/25 15:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\extensions
[2012/10/25 15:50:51 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\extensions\[email protected]
[2012/12/08 14:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/08 14:02:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/11/29 02:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/24 08:43:29 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2012/12/18 08:28:14 | 000,186,584 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2013/01/23 16:43:41 | 000,153,296 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll
[2012/11/07 15:59:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2012/11/07 15:59:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2012/11/07 15:59:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2012/11/07 15:59:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2012/11/07 15:59:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2012/11/07 15:59:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2012/11/07 15:59:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2013/01/23 16:43:33 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/11/29 02:27:12 | 000,001,607 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2012/11/29 02:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/29 02:27:12 | 000,001,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2012/11/29 02:27:12 | 000,003,581 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2013/01/23 21:59:56 | 000,003,607 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2012/11/29 02:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/11/29 02:27:12 | 000,001,391 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2012/11/29 02:27:12 | 000,001,309 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - homepage: http://www.yahoo.com/?fr=fptb-sunm
CHR - default_search_provider: swagbucks.com (Enabled)
CHR - default_search_provider: search_url = http://swagbucks.com/?sfp=h&t=w&p=1&q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.yahoo.com/?fr=fptb-sunm
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.6 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealDownloader = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Freemake Video Converter = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: AVG Safe Search = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: AVG SafeGuard toolbar = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.0.0.14_0\
CHR - Extension: Gmail = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/02/03 14:27:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:*64bit:* - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\14.0.0.14\AVG SafeGuard toolbar_toolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\14.0.0.14\AVG SafeGuard toolbar_toolbar.dll ()
O3:*64bit:* - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKU\S-1-5-21-2758387876-317494887-4176309356-1000..\Run: [MusicManager] C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-2758387876-317494887-4176309356-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:*64bit:* - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9:*64bit:* - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\SysWOW64\shdocvw.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BD735A3-23A0-4C7E-96AA-B48844B33697}: DhcpNameServer = 192.168.10.1
O18:*64bit:* - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\http\oledb - No CLSID value found
O18:*64bit:* - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\https\oledb - No CLSID value found
O18:*64bit:* - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:*64bit:* - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll ()
O18:*64bit:* - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O29:*64bit:* - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/12 12:20:56 | 000,000,000 | -H-- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/02/09 14:59:36 | 000,000,000 | R--D | M] - H:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:*64bit:* {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:*64bit:* {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:*64bit:* {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:*64bit:* {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:*64bit:* {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:*64bit:* {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:*64bit:* {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:*64bit:* {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:*64bit:* {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:*64bit:* {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:*64bit:* {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:*64bit:* {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:*64bit:* {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:*64bit:* {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:*64bit:* {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:*64bit:* {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:*64bit:* {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:*64bit:* {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:*64bit:* {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:*64bit:* {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:*64bit:* {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:*64bit:* >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:*64bit:* >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:*64bit:* >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8CC2963-BD50-F4BF-5E31-9CB5E936958C} - LightScribe Control Panel
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Justin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk - C:\Program Files (x86)\Logitech\Ereg\eReg.exe - (Leader Technologies/Logitech)
MsConfig:64bit - StartUpReg: *Adobe ARM* - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: *APSDaemon* - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: *CanonMyPrinter* - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig:64bit - StartUpReg: *CanonSolutionMenu* - hkey= - key= - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig:64bit - StartUpReg: *DXM6Patch_981116* - hkey= - key= - C:\Windows\p_981116.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: *Google Update* - hkey= - key= - C:\Users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: *HP Software Update* - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: *hpqSRMon* - hkey= - key= - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: *iTunesHelper* - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: *LightScribe Control Panel* - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: *LVCOMS* - hkey= - key= - C:\Program Files (x86)\Common Files\Logitech\QCDriver\LVComS.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: *LWS* - hkey= - key= - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: *QuickTime Task* - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: *RealTray* - hkey= - key= - C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: *ROC_roc_ssl_v12* - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: *swg* - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - StartUpReg: *TkBellExe* - hkey= - key= - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/03 14:27:27 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/02/03 14:09:00 | 005,029,686 | R--- | C] (Swearware) -- C:\Users\Justin\Desktop\justgreene124.exe
[2013/01/30 18:59:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/30 14:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/01/24 14:40:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/01/23 22:00:09 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\AVG SafeGuard toolbar
[2013/01/23 21:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2013/01/23 21:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/01/23 21:59:45 | 000,037,720 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/01/23 21:59:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/01/23 21:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/01/23 17:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/01/23 17:44:17 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2013/01/23 17:44:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2013/01/23 17:44:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2013/01/23 17:44:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0307060.005
[2013/01/23 17:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/01/23 17:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/01/23 17:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/01/23 16:49:48 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\RealNetworks
[2013/01/23 16:44:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013/01/23 16:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/01/23 16:43:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013/01/23 16:43:41 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2013/01/23 16:43:30 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2013/01/23 16:43:30 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2013/01/23 16:43:29 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/01/23 16:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/01/23 16:41:33 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Real
[2013/01/22 17:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG January 2013 Campaign
[2013/01/17 18:14:43 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\RK_Quarantine
[2013/01/17 17:30:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/17 17:30:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/17 17:30:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/17 17:30:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/17 17:30:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/17 16:26:47 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Justin\Desktop\aswMBR.exe
[2013/01/17 13:36:26 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/17 13:36:06 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/17 13:28:34 | 000,499,213 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Justin\Desktop\JRT.exe
[2013/01/13 11:15:34 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/13 11:15:34 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/13 11:15:28 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/13 11:15:26 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/13 11:15:26 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/13 11:15:26 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/13 11:15:26 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/13 11:15:26 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/13 11:15:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/13 11:15:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/13 11:15:26 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/13 11:15:26 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/13 11:15:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/13 11:15:21 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/13 11:15:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/13 11:15:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/13 11:15:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/13 11:15:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/13 11:15:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/13 11:15:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/13 11:15:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/13 11:15:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/13 11:15:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/13 11:15:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/13 11:15:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/13 11:15:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/13 11:15:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/13 11:15:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/13 11:15:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/13 11:15:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/13 11:15:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/13 11:15:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/13 11:15:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/13 11:15:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/13 11:15:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/13 11:15:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/13 11:15:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/13 11:15:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/13 11:14:51 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/13 11:14:51 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/13 11:14:51 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/13 11:14:51 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/13 11:14:51 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/13 11:14:51 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/13 11:14:51 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/13 11:14:50 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/13 11:14:50 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/13 11:14:50 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/13 11:14:50 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/13 11:14:50 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/13 11:14:50 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/13 11:14:50 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/13 11:14:50 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/13 11:14:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/13 11:14:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/13 11:14:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/13 11:14:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/13 11:14:50 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/13 11:14:50 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/13 11:14:49 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/13 11:14:49 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/13 11:14:49 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/13 11:14:48 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/13 11:14:48 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/13 11:14:48 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/13 11:14:48 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/13 11:14:48 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/13 11:14:48 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/13 11:14:48 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/13 11:14:48 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/13 11:14:10 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/01/13 11:14:09 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/13 11:14:08 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/12 13:38:19 | 000,000,000 | ---D | C] -- C:\Jillian Michaels 30 Day Shred
[2013/01/11 22:34:24 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\Movies
[2013/01/11 22:32:38 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\HandBrake
[2013/01/11 22:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013/01/11 22:32:18 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013/01/11 22:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2013/01/11 17:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2013/01/11 17:05:34 | 000,000,000 | ---D | C] -- C:\rsit
[2013/01/10 16:45:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2013/02/04 17:27:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2758387876-317494887-4176309356-1000UA.job
[2013/02/04 17:25:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/04 17:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/04 13:51:52 | 000,035,368 | ---- | M] () -- C:\Users\Justin\Desktop\IMG_1125.jpg
[2013/02/04 13:27:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2758387876-317494887-4176309356-1000Core.job
[2013/02/04 13:25:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/04 12:52:38 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 12:52:38 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 12:48:32 | 108,827,837 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013/02/04 12:44:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/04 12:44:51 | 2314,055,680 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/03 14:54:25 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Justin.job
[2013/02/03 14:27:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/03 14:09:07 | 005,029,686 | R--- | M] (Swearware) -- C:\Users\Justin\Desktop\justgreene124.exe
[2013/02/01 17:02:48 | 000,482,242 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2013/01/31 21:24:49 | 001,366,425 | ---- | M] () -- C:\Users\Justin\Desktop\DSC03502fix.jpg
[2013/01/31 21:22:14 | 001,366,009 | ---- | M] () -- C:\Users\Justin\Desktop\DSC03502f.jpg
[2013/01/31 21:00:48 | 000,956,989 | ---- | M] () -- C:\Users\Justin\Desktop\dsc07620-1.jpg
[2013/01/31 14:57:21 | 000,636,177 | ---- | M] () -- C:\Users\Justin\Desktop\IMG_5572f.jpg
[2013/01/31 14:46:10 | 000,621,658 | ---- | M] () -- C:\Users\Justin\Desktop\IMG_4821f.jpg
[2013/01/31 14:39:59 | 000,650,410 | ---- | M] () -- C:\Users\Justin\Desktop\IMG_3713f.jpg
[2013/01/31 14:30:11 | 000,493,958 | ---- | M] () -- C:\Users\Justin\Desktop\IMG_3155f.jpg
[2013/01/30 14:12:35 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2013/01/28 18:02:11 | 000,165,376 | ---- | M] () -- C:\Users\Justin\Desktop\SystemLook_x64.exe
[2013/01/23 21:59:18 | 000,037,720 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/01/23 17:44:21 | 000,001,339 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2013/01/23 16:44:16 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/23 16:43:41 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2013/01/23 16:43:30 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2013/01/23 16:43:30 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2013/01/23 16:43:29 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/01/23 16:32:44 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/17 17:28:56 | 000,000,512 | ---- | M] () -- C:\Users\Justin\Desktop\MBR.dat
[2013/01/17 16:32:06 | 000,764,416 | ---- | M] () -- C:\Users\Justin\Desktop\RogueKiller.exe
[2013/01/17 16:27:41 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Justin\Desktop\aswMBR.exe
[2013/01/17 16:25:52 | 000,881,914 | ---- | M] () -- C:\Users\Justin\Desktop\SecurityCheck.exe
[2013/01/17 13:30:27 | 000,574,677 | ---- | M] () -- C:\Users\Justin\Desktop\adwcleaner.exe
[2013/01/17 13:28:35 | 000,499,213 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Justin\Desktop\JRT.exe
[2013/01/13 12:39:42 | 000,294,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/13 11:35:57 | 000,785,842 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/13 11:35:57 | 000,668,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/13 11:35:57 | 000,125,022 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/13 11:35:48 | 000,785,842 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/11 22:32:50 | 000,000,977 | ---- | M] () -- C:\Users\Justin\Desktop\Handbrake.lnk
[2013/01/11 17:04:52 | 000,781,383 | ---- | M] () -- C:\Users\Justin\Desktop\RSIT.exe
[2013/01/10 16:45:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
[2013/01/08 15:16:02 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/08 15:16:02 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/06 21:10:09 | 062,790,379 | ---- | M] () -- C:\Users\Justin\Desktop\2012_ What Brought Us Together.wmv
[2013/01/06 20:29:58 | 054,849,949 | ---- | M] () -- C:\Users\Justin\Desktop\Zeitgeist 2012_ Year In Review.wmv
[2013/01/06 18:01:12 | 002,256,011 | ---- | M] () -- C:\Users\Justin\Desktop\img_0884fi.jpg

========== Files Created - No Company Name ==========

[2013/02/04 13:51:51 | 000,035,368 | ---- | C] () -- C:\Users\Justin\Desktop\IMG_1125.jpg
[2013/01/31 21:24:46 | 001,366,425 | ---- | C] () -- C:\Users\Justin\Desktop\DSC03502fix.jpg
[2013/01/31 21:22:11 | 001,366,009 | ---- | C] () -- C:\Users\Justin\Desktop\DSC03502f.jpg
[2013/01/31 21:00:42 | 000,956,989 | ---- | C] () -- C:\Users\Justin\Desktop\dsc07620-1.jpg
[2013/01/31 14:57:19 | 000,636,177 | ---- | C] () -- C:\Users\Justin\Desktop\IMG_5572f.jpg
[2013/01/31 14:46:08 | 000,621,658 | ---- | C] () -- C:\Users\Justin\Desktop\IMG_4821f.jpg
[2013/01/31 14:39:57 | 000,650,410 | ---- | C] () -- C:\Users\Justin\Desktop\IMG_3713f.jpg
[2013/01/31 14:30:09 | 000,493,958 | ---- | C] () -- C:\Users\Justin\Desktop\IMG_3155f.jpg
[2013/01/28 18:02:11 | 000,165,376 | ---- | C] () -- C:\Users\Justin\Desktop\SystemLook_x64.exe
[2013/01/23 17:44:23 | 000,000,450 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Justin.job
[2013/01/23 17:44:21 | 000,001,339 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2013/01/23 17:44:17 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0307060.005\isolate.ini
[2013/01/23 16:44:16 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/22 17:10:48 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/17 21:50:08 | 002,257,341 | R--- | C] () -- C:\Users\Justin\Desktop\DSC03573(rev 0).jpg
[2013/01/17 17:30:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/17 17:30:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/17 17:30:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/17 17:30:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/17 17:30:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/17 17:28:56 | 000,000,512 | ---- | C] () -- C:\Users\Justin\Desktop\MBR.dat
[2013/01/17 16:32:03 | 000,764,416 | ---- | C] () -- C:\Users\Justin\Desktop\RogueKiller.exe
[2013/01/17 16:25:52 | 000,881,914 | ---- | C] () -- C:\Users\Justin\Desktop\SecurityCheck.exe
[2013/01/17 13:30:27 | 000,574,677 | ---- | C] () -- C:\Users\Justin\Desktop\adwcleaner.exe
[2013/01/11 22:32:19 | 000,000,977 | ---- | C] () -- C:\Users\Justin\Desktop\Handbrake.lnk
[2013/01/11 17:04:52 | 000,781,383 | ---- | C] () -- C:\Users\Justin\Desktop\RSIT.exe
[2013/01/06 21:02:35 | 062,790,379 | ---- | C] () -- C:\Users\Justin\Desktop\2012_ What Brought Us Together.wmv
[2013/01/06 20:23:44 | 054,849,949 | ---- | C] () -- C:\Users\Justin\Desktop\Zeitgeist 2012_ Year In Review.wmv
[2013/01/06 18:01:08 | 002,256,011 | ---- | C] () -- C:\Users\Justin\Desktop\img_0884fi.jpg
[2012/08/26 17:11:23 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012/08/26 14:54:48 | 000,000,218 | ---- | C] () -- C:\Users\Justin\.recently-used.xbel
[2012/07/23 15:24:59 | 000,000,226 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\default.rss
[2012/07/18 15:44:30 | 000,000,544 | ---- | C] () -- C:\Windows\_delis32.ini
[2012/07/18 15:14:12 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2012/07/18 14:55:01 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/07/18 14:36:41 | 000,221,311 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/07/18 14:36:41 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/07/18 13:10:00 | 000,785,842 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/18 00:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 00:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 00:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/30 14:12:34 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/01/30 14:12:34 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/11/24 12:39:31 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Ashisoft
[2012/07/22 20:06:30 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\AVG2012
[2012/10/31 20:39:22 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Azureus
[2012/08/29 19:51:37 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\BitTorrent
[2012/07/18 13:43:27 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Caspedia
[2012/07/24 08:43:29 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Catalina Marketing Corp
[2012/08/04 20:51:58 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\com.Shutterfly.ExpressUploader
[2012/09/23 12:21:13 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1
[2012/08/15 15:53:46 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DT
[2013/01/12 10:31:17 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\HandBrake
[2012/11/28 21:17:35 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Leadertech
[2012/12/19 15:10:26 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2012/09/27 11:23:42 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Rovio
[2013/02/01 01:02:09 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Spotify
[2012/12/24 11:42:19 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\uTorrent
[2013/01/11 22:30:09 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Vso

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2012/07/23 16:44:49 | 000,000,000 | ---D | M] -- C:\$AVG
[2013/02/03 14:27:27 | 000,000,000 | ---D | M] -- C:\$RECYCLE.BIN
[2013/01/30 14:13:12 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009/07/13 23:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2013/01/05 16:11:30 | 000,000,000 | ---D | M] -- C:\Forks Over Knives
[2012/07/19 21:18:26 | 000,000,000 | ---D | M] -- C:\found.000
[2012/07/22 20:46:01 | 000,000,000 | ---D | M] -- C:\found.001
[2012/11/09 18:00:46 | 000,000,000 | ---D | M] -- C:\FVPD_2012_SHOW_5
[2013/01/12 13:38:39 | 000,000,000 | ---D | M] -- C:\Jillian Michaels 30 Day Shred
[2013/01/17 13:36:08 | 000,000,000 | ---D | M] -- C:\JRT
[2012/07/18 13:16:32 | 000,000,000 | ---D | M] -- C:\My Memory Vault
[2012/12/24 11:30:47 | 000,000,000 | ---D | M] -- C:\My Music
[2013/01/05 11:32:09 | 000,000,000 | ---D | M] -- C:\New folder
[2009/07/13 21:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013/01/11 22:32:17 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/01/23 21:59:35 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013/01/23 21:59:58 | 000,000,000 | ---D | M] -- C:\ProgramData
[2013/02/03 14:32:08 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012/07/18 13:00:02 | 000,000,000 | ---D | M] -- C:\Recovery
[2013/01/11 17:05:58 | 000,000,000 | ---D | M] -- C:\rsit
[2012/12/29 12:34:39 | 000,000,000 | ---D | M] -- C:\Star Wars #2_Attack of the Clones
[2013/01/01 21:48:44 | 000,000,000 | ---D | M] -- C:\Star Wars #3_Revenge of the Sith
[2012/12/29 12:33:54 | 000,000,000 | ---D | M] -- C:\Star Wars #4_ A New Hope
[2013/01/05 11:33:59 | 000,000,000 | ---D | M] -- C:\Star Wars #5_Empire Strikes Back
[2013/01/01 22:48:21 | 000,000,000 | ---D | M] -- C:\Star Wars #6_Return of the Jedi
[2013/02/04 17:35:58 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/07/18 13:00:13 | 000,000,000 | R--D | M] -- C:\Users
[2012/07/18 15:31:09 | 000,000,000 | ---D | M] -- C:\VSO Software ConvertXtoDVD v4.1.19.365 Incl.Keygen
[2013/02/03 14:27:33 | 000,000,000 | ---D | M] -- C:\Windows
[2013/01/30 18:59:33 | 000,000,000 | ---D | M] -- C:\_OTL

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %windir%\Installer\*.* >
[2012/12/02 13:13:44 | 020,185,088 | ---- | M] () -- C:\Windows\Installer\107a117.msi
[2012/04/11 03:55:34 | 000,041,472 | ---- | M] () -- C:\Windows\Installer\107c0bc.msi
[2012/08/15 20:13:25 | 053,217,792 | R--- | M] () -- C:\Windows\Installer\107c0c7.msp
[2010/03/18 18:29:02 | 000,872,448 | ---- | M] () -- C:\Windows\Installer\10cfc84.msi
[2012/09/14 12:20:26 | 000,025,600 | ---- | M] () -- C:\Windows\Installer\1478842.msi
[2009/08/21 06:54:52 | 000,384,512 | ---- | M] () -- C:\Windows\Installer\1575c02.msi
[2012/08/23 16:40:13 | 000,179,200 | ---- | M] () -- C:\Windows\Installer\167b3fa.msi
[2012/07/18 14:53:36 | 010,937,344 | R--- | M] () -- C:\Windows\Installer\16c471.msp
[2011/11/01 12:34:30 | 002,531,840 | R--- | M] () -- C:\Windows\Installer\16c47d.msp
[2011/12/26 05:24:12 | 008,835,072 | R--- | M] () -- C:\Windows\Installer\16c48a.msp
[2012/04/04 21:38:16 | 003,620,864 | R--- | M] () -- C:\Windows\Installer\16c495.msp
[2012/03/15 13:26:06 | 004,212,736 | R--- | M] () -- C:\Windows\Installer\16c4a2.msp
[2012/01/19 13:20:42 | 011,997,696 | R--- | M] () -- C:\Windows\Installer\16c4b2.msp
[2012/04/22 21:46:00 | 001,187,328 | R--- | M] () -- C:\Windows\Installer\16c4be.msp
[2011/06/28 20:27:28 | 004,028,928 | R--- | M] () -- C:\Windows\Installer\16c4d9.msp
[2012/12/26 16:13:13 | 059,588,608 | ---- | M] () -- C:\Windows\Installer\17fc4ca.msi
[2008/08/08 13:11:02 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\19e190.msi
[2012/08/26 15:19:24 | 008,822,784 | ---- | M] () -- C:\Windows\Installer\1b96591.msi
[2012/08/26 15:19:41 | 004,227,072 | ---- | M] () -- C:\Windows\Installer\1b96595.msi
[2012/08/26 15:19:59 | 002,081,792 | ---- | M] () -- C:\Windows\Installer\1b96599.msi
[2012/08/26 15:20:05 | 000,026,112 | ---- | M] () -- C:\Windows\Installer\1b9659d.msi
[2012/08/26 15:20:11 | 000,074,240 | ---- | M] () -- C:\Windows\Installer\1b965a1.msi
[2012/08/26 15:20:17 | 000,039,936 | R--- | M] () -- C:\Windows\Installer\1b965a6.msp
[2012/08/26 15:20:34 | 002,856,448 | ---- | M] () -- C:\Windows\Installer\1b965aa.msi
[2012/08/26 15:21:11 | 009,553,408 | ---- | M] () -- C:\Windows\Installer\1b965ae.msi
[2012/08/26 15:21:14 | 000,053,248 | ---- | M] () -- C:\Windows\Installer\1b965b2.msi
[2012/08/26 15:21:23 | 000,037,888 | ---- | M] () -- C:\Windows\Installer\1b965b6.msi
[2012/08/26 15:16:40 | 009,433,088 | ---- | M] () -- C:\Windows\Installer\1b965ba.msi
[2012/08/26 15:21:30 | 004,426,240 | R--- | M] () -- C:\Windows\Installer\1b965c9.msp
[2012/08/26 15:21:51 | 007,710,720 | ---- | M] () -- C:\Windows\Installer\1b965cd.msi
[2012/08/26 15:22:13 | 002,932,224 | R--- | M] () -- C:\Windows\Installer\1b965e1.msp
[2012/08/26 15:22:23 | 004,680,704 | ---- | M] () -- C:\Windows\Installer\1b965e5.msi
[2012/08/26 15:22:49 | 002,343,936 | ---- | M] () -- C:\Windows\Installer\1b965e9.msi
[2012/08/26 15:22:53 | 000,147,968 | ---- | M] () -- C:\Windows\Installer\1b965ed.msi
[2012/08/26 15:23:00 | 000,429,056 | ---- | M] () -- C:\Windows\Installer\1b965f1.msi
[2012/08/26 15:23:05 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\1b965f6.msp
[2012/08/26 15:23:21 | 004,004,864 | ---- | M] () -- C:\Windows\Installer\1b965fa.msi
[2012/08/26 15:23:33 | 001,139,712 | R--- | M] () -- C:\Windows\Installer\1b96606.msp
[2012/08/26 15:23:52 | 002,310,656 | ---- | M] () -- C:\Windows\Installer\1b9660a.msi
[2012/08/26 15:24:01 | 000,715,264 | R--- | M] () -- C:\Windows\Installer\1b96612.msp
[2012/08/26 15:24:30 | 008,332,288 | ---- | M] () -- C:\Windows\Installer\1b96616.msi
[2012/08/26 15:24:49 | 003,312,128 | R--- | M] () -- C:\Windows\Installer\1b96632.msp
[2012/08/26 15:26:00 | 022,647,296 | ---- | M] () -- C:\Windows\Installer\1b96637.msi
[2012/08/26 15:26:26 | 005,535,744 | R--- | M] () -- C:\Windows\Installer\1b9664a.msp
[2012/08/26 15:26:54 | 003,664,384 | ---- | M] () -- C:\Windows\Installer\1b9664f.msi
[2012/08/26 15:27:01 | 003,734,016 | ---- | M] () -- C:\Windows\Installer\1b96653.msi
[2012/08/26 15:27:38 | 013,850,624 | ---- | M] () -- C:\Windows\Installer\1b96657.msi
[2012/08/26 15:28:26 | 005,868,544 | R--- | M] () -- C:\Windows\Installer\1b9666e.msp
[2012/08/26 15:28:55 | 008,313,856 | ---- | M] () -- C:\Windows\Installer\1b96672.msi
[2012/08/26 15:29:12 | 002,957,312 | R--- | M] () -- C:\Windows\Installer\1b9668c.msp
[2012/08/26 15:29:26 | 001,819,136 | ---- | M] () -- C:\Windows\Installer\1b96690.msi
[2012/08/26 15:30:40 | 034,193,408 | ---- | M] () -- C:\Windows\Installer\1b96694.msi
[2012/08/26 15:31:51 | 014,624,256 | R--- | M] () -- C:\Windows\Installer\1b966c0.msp
[2012/08/26 15:32:24 | 011,846,656 | ---- | M] () -- C:\Windows\Installer\1b966c5.msi
[2012/08/26 15:32:48 | 003,734,016 | R--- | M] () -- C:\Windows\Installer\1b966ce.msp
[2012/08/26 15:32:57 | 000,775,168 | ---- | M] () -- C:\Windows\Installer\1b966d3.msi
[2012/08/26 15:33:04 | 000,205,824 | R--- | M] () -- C:\Windows\Installer\1b966dc.msp
[2012/08/26 15:34:23 | 006,363,136 | ---- | M] () -- C:\Windows\Installer\1b966e0.msi
[2012/08/26 15:34:28 | 000,276,480 | R--- | M] () -- C:\Windows\Installer\1b9671d.msp
[2012/08/26 15:35:00 | 006,195,200 | ---- | M] () -- C:\Windows\Installer\1b96721.msi
[2012/08/26 15:35:29 | 003,105,792 | R--- | M] () -- C:\Windows\Installer\1b9672c.msp
[2012/08/26 15:35:36 | 000,067,072 | ---- | M] () -- C:\Windows\Installer\1b96730.msi
[2012/08/26 15:35:42 | 000,029,184 | R--- | M] () -- C:\Windows\Installer\1b96736.msp
[2012/08/26 15:35:54 | 001,492,992 | ---- | M] () -- C:\Windows\Installer\1b9673a.msi
[2012/08/26 15:36:04 | 000,625,664 | R--- | M] () -- C:\Windows\Installer\1b96743.msp
[2012/08/26 15:36:13 | 001,070,592 | ---- | M] () -- C:\Windows\Installer\1b96747.msi
[2012/08/26 15:36:22 | 000,468,480 | R--- | M] () -- C:\Windows\Installer\1b96751.msp
[2012/08/26 15:37:00 | 006,661,632 | ---- | M] () -- C:\Windows\Installer\1b96756.msi
[2012/08/26 15:37:30 | 005,124,096 | R--- | M] () -- C:\Windows\Installer\1b96760.msp
[2012/08/26 15:37:46 | 003,410,944 | ---- | M] () -- C:\Windows\Installer\1b96765.msi
[2012/08/26 15:37:55 | 000,635,904 | R--- | M] () -- C:\Windows\Installer\1b9676b.msp
[2012/08/26 15:38:14 | 004,175,360 | ---- | M] () -- C:\Windows\Installer\1b9676f.msi
[2012/08/26 15:38:21 | 000,509,952 | R--- | M] () -- C:\Windows\Installer\1b96774.msp
[2012/08/26 15:38:45 | 004,250,112 | ---- | M] () -- C:\Windows\Installer\1b96779.msi
[2012/08/26 15:39:02 | 002,146,304 | R--- | M] () -- C:\Windows\Installer\1b96784.msp
[2012/08/26 15:39:08 | 000,153,600 | ---- | M] () -- C:\Windows\Installer\1b96789.msi
[2012/08/26 15:39:14 | 000,060,416 | R--- | M] () -- C:\Windows\Installer\1b9678e.msp
[2012/08/26 15:39:19 | 000,029,696 | ---- | M] () -- C:\Windows\Installer\1b96793.msi
[2012/08/26 15:39:25 | 000,023,552 | R--- | M] () -- C:\Windows\Installer\1b96798.msp
[2012/08/26 15:39:52 | 002,631,168 | ---- | M] () -- C:\Windows\Installer\1b9679c.msi
[2012/08/26 15:39:59 | 000,074,240 | ---- | M] () -- C:\Windows\Installer\1b967a0.msi
[2012/08/26 15:40:03 | 000,030,720 | R--- | M] () -- C:\Windows\Installer\1b967a5.msp
[2012/08/26 15:40:10 | 000,065,536 | ---- | M] () -- C:\Windows\Installer\1b967a9.msi
[2012/09/07 10:59:42 | 001,930,752 | R--- | M] () -- C:\Windows\Installer\1e8c54.msp
[2012/12/18 13:27:10 | 018,984,960 | R--- | M] () -- C:\Windows\Installer\1e8d42.msp
[2012/11/17 09:36:10 | 003,865,600 | R--- | M] () -- C:\Windows\Installer\1e8d4e.msp
[2012/10/10 04:44:54 | 012,961,280 | R--- | M] () -- C:\Windows\Installer\1e8d6e.msp
[2012/11/07 15:56:58 | 026,722,816 | ---- | M] () -- C:\Windows\Installer\1f862e7.msi
[2010/03/18 15:41:22 | 001,901,056 | ---- | M] () -- C:\Windows\Installer\2314721.msi
[2009/07/12 11:16:26 | 000,223,232 | ---- | M] () -- C:\Windows\Installer\24758fb.msi
[2012/04/04 21:38:44 | 002,831,360 | R--- | M] () -- C:\Windows\Installer\249754.msp
[2012/06/26 17:03:12 | 003,875,840 | R--- | M] () -- C:\Windows\Installer\249760.msp
[2011/11/01 12:34:30 | 001,552,384 | R--- | M] () -- C:\Windows\Installer\24976c.msp
[2011/04/16 07:44:26 | 002,770,944 | ---- | M] () -- C:\Windows\Installer\284895.msi
[2011/11/21 23:42:40 | 033,189,888 | R--- | M] () -- C:\Windows\Installer\2848ad.msp
[2011/05/18 22:06:22 | 038,672,896 | R--- | M] () -- C:\Windows\Installer\2848c9.msp
[2012/04/28 20:43:58 | 008,459,264 | R--- | M] () -- C:\Windows\Installer\2848d4.msp
[2004/01/30 02:19:10 | 056,269,996 | R--- | M] () -- C:\Windows\Installer\28495a.msp
[2011/09/15 17:37:32 | 038,176,256 | R--- | M] () -- C:\Windows\Installer\284968.msp
[2011/12/15 13:54:16 | 039,732,736 | R--- | M] () -- C:\Windows\Installer\284987.msp
[2011/04/06 21:12:06 | 194,340,864 | R--- | M] () -- C:\Windows\Installer\2849a5.msp
[2011/04/19 03:54:14 | 000,227,328 | ---- | M] () -- C:\Windows\Installer\2849af.msi
[2012/08/04 20:46:16 | 000,031,232 | ---- | M] () -- C:\Windows\Installer\2a141de.msi
[2009/10/09 09:21:56 | 029,962,664 | ---- | M] () -- C:\Windows\Installer\2a44220.msi
[2012/11/16 19:45:07 | 000,024,064 | ---- | M] () -- C:\Windows\Installer\2a44229.msi
[2012/07/27 19:47:34 | 013,123,584 | R--- | M] () -- C:\Windows\Installer\2b37417.msp
[2012/12/03 20:37:46 | 021,461,504 | ---- | M] () -- C:\Windows\Installer\2b4912e.msi
[2012/12/03 20:38:13 | 012,054,528 | ---- | M] () -- C:\Windows\Installer\2b49157.msi
[2012/08/03 21:16:54 | 002,353,664 | ---- | M] () -- C:\Windows\Installer\2fd0936.msi
[2012/11/28 21:09:16 | 001,690,624 | ---- | M] () -- C:\Windows\Installer\3071b07.msi
[2012/11/28 21:09:09 | 012,637,184 | ---- | M] () -- C:\Windows\Installer\3071b11.msi
[2012/11/28 21:07:33 | 006,149,632 | ---- | M] () -- C:\Windows\Installer\3071b1b.msi
[2012/11/28 21:10:17 | 000,734,720 | ---- | M] () -- C:\Windows\Installer\3071b25.msi
[2012/11/28 21:09:49 | 000,468,992 | ---- | M] () -- C:\Windows\Installer\3071b2f.msi
[2010/05/16 08:43:58 | 000,889,344 | ---- | M] () -- C:\Windows\Installer\3071b39.msi
[2012/11/28 21:09:42 | 000,487,424 | ---- | M] () -- C:\Windows\Installer\3071b43.msi
[2012/11/28 21:09:38 | 001,406,464 | ---- | M] () -- C:\Windows\Installer\3071b4d.msi
[2012/11/28 21:06:56 | 001,687,552 | ---- | M] () -- C:\Windows\Installer\3071b57.msi
[2012/11/28 21:07:08 | 004,774,400 | ---- | M] () -- C:\Windows\Installer\3071b6b.msi
[2012/11/28 21:09:33 | 004,807,680 | ---- | M] () -- C:\Windows\Installer\3071b75.msi
[2012/11/28 21:08:24 | 010,962,432 | ---- | M] () -- C:\Windows\Installer\3071b7f.msi
[2012/11/28 21:10:51 | 000,119,296 | ---- | M] () -- C:\Windows\Installer\3071b89.msi
[2012/11/28 21:09:45 | 000,379,904 | ---- | M] () -- C:\Windows\Installer\3071b93.msi
[2009/07/08 04:51:17 | 000,423,936 | ---- | M] () -- C:\Windows\Installer\3638d3.msi
[2009/09/20 12:55:38 | 000,468,992 | ---- | M] () -- C:\Windows\Installer\3638db.msi
[2009/09/20 11:44:02 | 000,939,520 | ---- | M] () -- C:\Windows\Installer\3638e3.msi
[2009/05/21 20:05:25 | 000,390,144 | ---- | M] () -- C:\Windows\Installer\3638eb.msi
[2009/05/21 21:40:28 | 000,935,424 | ---- | M] () -- C:\Windows\Installer\3638f3.msi
[2008/10/17 11:29:32 | 000,519,680 | ---- | M] () -- C:\Windows\Installer\3638fb.msi
[2009/05/21 22:28:17 | 000,496,640 | ---- | M] () -- C:\Windows\Installer\363907.msi
[2009/10/19 15:19:44 | 000,455,168 | ---- | M] () -- C:\Windows\Installer\36390f.msi
[2009/05/14 09:50:46 | 000,859,648 | ---- | M] () -- C:\Windows\Installer\36391b.msi
[2009/05/21 21:49:22 | 000,609,280 | ---- | M] () -- C:\Windows\Installer\363923.msi
[2009/05/14 09:15:22 | 000,459,264 | ---- | M] () -- C:\Windows\Installer\363933.msi
[2009/09/20 13:36:15 | 000,692,736 | ---- | M] () -- C:\Windows\Installer\36393c.msi
[2009/09/20 09:56:25 | 000,613,376 | ---- | M] () -- C:\Windows\Installer\36394b.msi
[2009/09/20 13:07:47 | 000,678,912 | ---- | M] () -- C:\Windows\Installer\363953.msi
[2009/09/20 13:24:04 | 000,585,216 | ---- | M] () -- C:\Windows\Installer\36395b.msi
[2009/09/20 10:26:42 | 000,751,616 | ---- | M] () -- C:\Windows\Installer\363977.msi
[2009/05/21 21:46:54 | 000,477,696 | ---- | M] () -- C:\Windows\Installer\36397f.msi
[2009/05/21 21:21:36 | 000,822,272 | ---- | M] () -- C:\Windows\Installer\36398a.msi
[2009/05/21 21:05:55 | 000,470,016 | ---- | M] () -- C:\Windows\Installer\363992.msi
[2009/05/21 19:58:17 | 000,765,440 | ---- | M] () -- C:\Windows\Installer\36399a.msi
[2009/05/14 09:41:30 | 000,340,480 | ---- | M] () -- C:\Windows\Installer\3639a2.msi
[2009/01/05 18:42:07 | 001,891,840 | ---- | M] () -- C:\Windows\Installer\3639ab.msi
[2009/05/21 21:09:31 | 001,054,720 | ---- | M] () -- C:\Windows\Installer\3639b3.msi
[2008/08/01 15:00:58 | 000,224,256 | ---- | M] () -- C:\Windows\Installer\3639bb.msi
[2008/08/01 15:00:58 | 003,064,320 | ---- | M] () -- C:\Windows\Installer\3639c6.msi
[2009/09/20 13:15:49 | 000,857,600 | ---- | M] () -- C:\Windows\Installer\3639ce.msi
[2009/09/20 12:22:52 | 002,754,048 | ---- | M] () -- C:\Windows\Installer\3639d7.msi
[2012/07/18 14:41:00 | 000,454,656 | ---- | M] () -- C:\Windows\Installer\3639df.msi
[2009/07/08 04:51:17 | 000,242,012 | ---- | M] () -- C:\Windows\Installer\3639e7.msi
[2009/07/08 04:51:17 | 000,231,936 | ---- | M] () -- C:\Windows\Installer\3639ef.msi
[2001/03/07 14:28:55 | 003,262,464 | ---- | M] () -- C:\Windows\Installer\3639f4.msi
[2009/08/28 01:42:52 | 001,411,584 | ---- | M] () -- C:\Windows\Installer\363a15.msi
[2009/08/28 01:37:17 | 000,035,840 | ---- | M] () -- C:\Windows\Installer\363a1d.msi
[2009/08/28 01:37:58 | 009,291,776 | ---- | M] () -- C:\Windows\Installer\363a26.msi
[2009/08/28 02:07:12 | 000,046,592 | ---- | M] () -- C:\Windows\Installer\363a2e.msi
[2009/08/28 02:06:54 | 003,501,568 | ---- | M] () -- C:\Windows\Installer\363a36.msi
[2009/08/28 02:07:07 | 003,447,296 | ---- | M] () -- C:\Windows\Installer\363a3e.msi
[2009/08/28 02:07:11 | 003,480,576 | ---- | M] () -- C:\Windows\Installer\363a46.msi
[2009/08/28 02:07:05 | 003,480,576 | ---- | M] () -- C:\Windows\Installer\363a4e.msi
[2009/08/28 02:06:55 | 003,602,944 | ---- | M] () -- C:\Windows\Installer\363a5b.msi
[2009/08/28 02:06:52 | 003,510,272 | ---- | M] () -- C:\Windows\Installer\363a63.msi
[2009/08/28 02:06:57 | 003,478,016 | ---- | M] () -- C:\Windows\Installer\363a6b.msi
[2009/08/28 02:06:50 | 003,475,968 | ---- | M] () -- C:\Windows\Installer\363a73.msi
[2009/08/28 02:06:51 | 003,473,920 | ---- | M] () -- C:\Windows\Installer\363a7f.msi
[2009/08/28 02:06:48 | 003,436,544 | ---- | M] () -- C:\Windows\Installer\363a87.msi
[2009/08/28 02:06:58 | 003,426,816 | ---- | M] () -- C:\Windows\Installer\363a8f.msi
[2009/08/28 02:06:59 | 003,426,816 | ---- | M] () -- C:\Windows\Installer\363a97.msi
[2009/08/28 02:07:01 | 003,427,328 | ---- | M] () -- C:\Windows\Installer\363a9f.msi
[2009/08/28 02:07:02 | 003,427,840 | ---- | M] () -- C:\Windows\Installer\363aa7.msi
[2009/08/28 02:07:09 | 003,427,840 | ---- | M] () -- C:\Windows\Installer\363aaf.msi
[2009/08/28 02:07:14 | 000,041,984 | ---- | M] () -- C:\Windows\Installer\363ab7.msi
[2009/08/28 02:07:15 | 003,427,840 | ---- | M] () -- C:\Windows\Installer\363abf.msi
[2009/08/28 02:07:16 | 000,031,744 | ---- | M] () -- C:\Windows\Installer\363ac7.msi
[2009/08/28 02:07:23 | 000,025,088 | ---- | M] () -- C:\Windows\Installer\363acf.msi
[2009/08/28 02:07:24 | 003,522,048 | ---- | M] () -- C:\Windows\Installer\363ad7.msi
[2009/08/28 02:07:26 | 003,447,296 | ---- | M] () -- C:\Windows\Installer\363adf.msi
[2009/08/28 02:07:04 | 003,813,888 | ---- | M] () -- C:\Windows\Installer\363ae7.msi
[2012/08/16 09:08:04 | 007,674,368 | ---- | M] () -- C:\Windows\Installer\3a1bed.msi
[2012/07/18 15:54:24 | 002,831,360 | R--- | M] () -- C:\Windows\Installer\3d5b06.msp
[2010/05/24 13:54:34 | 006,704,640 | R--- | M] () -- C:\Windows\Installer\3d5b30.msp
[2009/07/20 12:03:10 | 016,465,408 | R--- | M] () -- C:\Windows\Installer\3d5b48.msp
[2011/02/25 14:25:42 | 007,968,256 | R--- | M] () -- C:\Windows\Installer\3d5b60.msp
[2011/04/28 12:23:56 | 009,607,680 | R--- | M] () -- C:\Windows\Installer\3d5b78.msp
[2010/11/16 12:54:38 | 000,906,240 | R--- | M] () -- C:\Windows\Installer\3d5b94.msp
[2009/08/20 15:27:58 | 003,622,400 | R--- | M] () -- C:\Windows\Installer\3d5bab.msp
[2004/09/13 00:35:58 | 001,452,544 | R--- | M] () -- C:\Windows\Installer\3d5c01.msp
[2010/08/18 10:19:08 | 008,400,896 | R--- | M] () -- C:\Windows\Installer\3d5c18.msp
[2004/03/10 09:13:24 | 002,602,496 | R--- | M] () -- C:\Windows\Installer\3d5c2e.msp
[2010/08/27 13:36:08 | 002,807,296 | R--- | M] () -- C:\Windows\Installer\3d5c4c.msp
[2006/08/29 17:50:46 | 003,210,240 | R--- | M] () -- C:\Windows\Installer\3d5c63.msp
[2006/03/28 15:37:38 | 006,956,032 | R--- | M] () -- C:\Windows\Installer\3d5c7c.msp
[2010/10/04 13:59:08 | 008,300,032 | R--- | M] () -- C:\Windows\Installer\3d5c92.msp
[2006/02/27 16:31:58 | 001,269,248 | R--- | M] () -- C:\Windows\Installer\3d5ca8.msp
[2012/09/25 12:35:46 | 004,285,952 | R--- | M] () -- C:\Windows\Installer\3d5cb4.msp
[2010/01/11 16:35:12 | 004,480,000 | R--- | M] () -- C:\Windows\Installer\3d5ccb.msp
[2012/09/06 10:16:24 | 025,810,944 | R--- | M] () -- C:\Windows\Installer\3d5ce6.msp
[2005/09/25 11:46:04 | 016,084,480 | R--- | M] () -- C:\Windows\Installer\3d5d01.msp
[2009/11/05 14:21:38 | 000,537,600 | R--- | M] () -- C:\Windows\Installer\3d5d19.msp
[2010/08/09 16:44:40 | 003,778,048 | R--- | M] () -- C:\Windows\Installer\3d5d30.msp
[2005/11/14 16:38:22 | 000,072,192 | R--- | M] () -- C:\Windows\Installer\3d5d47.msp
[2012/09/25 12:36:20 | 008,465,408 | R--- | M] () -- C:\Windows\Installer\3d5d53.msp
[2012/09/10 09:35:36 | 015,580,672 | R--- | M] () -- C:\Windows\Installer\3d5d6c.msp
[2008/09/04 15:52:10 | 004,337,664 | R--- | M] () -- C:\Windows\Installer\3d5d81.msp
[2009/04/20 14:59:32 | 000,219,648 | R--- | M] () -- C:\Windows\Installer\3d5d97.msp
[2011/04/27 19:21:28 | 017,515,520 | R--- | M] () -- C:\Windows\Installer\3d5dae.msp
[2008/07/22 23:20:04 | 000,110,592 | R--- | M] () -- C:\Windows\Installer\3d5dc4.msp
[2012/07/28 10:50:16 | 126,410,752 | ---- | M] () -- C:\Windows\Installer\4fb9ce.msi
[2013/01/17 13:28:07 | 002,920,448 | ---- | M] () -- C:\Windows\Installer\5a0dc.msi
[2011/02/19 22:08:16 | 000,163,840 | ---- | M] () -- C:\Windows\Installer\611405.msi
[2012/08/03 09:16:24 | 000,028,160 | ---- | M] () -- C:\Windows\Installer\68ba24.msi
[2003/02/21 10:43:14 | 005,922,304 | ---- | M] () -- C:\Windows\Installer\7990d3.msi
[2013/01/30 14:10:21 | 008,499,200 | ---- | M] () -- C:\Windows\Installer\92606.msi
[2013/01/23 16:42:21 | 000,491,520 | ---- | M] () -- C:\Windows\Installer\9f5e0.msi
[2013/01/23 16:42:21 | 001,412,096 | ---- | M] () -- C:\Windows\Installer\9f5ea.msi
[2013/01/23 16:42:21 | 000,399,297 | ---- | M] () -- C:\Windows\Installer\9f5fd.msi
[2013/01/23 16:42:22 | 009,365,504 | ---- | M] () -- C:\Windows\Installer\9f612.msi
[2012/10/20 23:32:14 | 002,830,848 | R--- | M] () -- C:\Windows\Installer\aaa9b.msp
[2011/04/28 17:35:20 | 001,375,744 | R--- | M] () -- C:\Windows\Installer\aaac3.msp
[2007/03/15 16:45:06 | 000,698,880 | ---- | M] () -- C:\Windows\Installer\aaaea.msi
[2012/04/05 16:23:32 | 002,682,368 | ---- | M] () -- C:\Windows\Installer\be732.msi
[2012/04/05 16:27:02 | 002,323,456 | ---- | M] () -- C:\Windows\Installer\be742.msi
[2012/09/23 12:20:57 | 000,025,088 | ---- | M] () -- C:\Windows\Installer\d99b70.msi
[2012/07/22 19:57:56 | 008,544,256 | ---- | M] () -- C:\Windows\Installer\db5693.msi
[2008/09/30 20:07:10 | 006,042,112 | ---- | M] () -- C:\Windows\Installer\ddc79e.msi
[2009/07/20 23:29:14 | 006,057,984 | ---- | M] () -- C:\Windows\Installer\ddc7a7.msi
[2011/06/06 14:45:15 | 002,318,848 | ---- | M] () -- C:\Windows\Installer\e3533e.msi
[2012/04/04 05:17:36 | 016,613,376 | R--- | M] () -- C:\Windows\Installer\e3533f.msp
[2012/12/08 12:41:19 | 000,031,232 | ---- | M] () -- C:\Windows\Installer\ec8b14.msi
[2012/09/02 12:24:19 | 000,902,144 | ---- | M] () -- C:\Windows\Installer\f644b5.msi
[2012/09/02 12:25:44 | 000,877,056 | ---- | M] () -- C:\Windows\Installer\f6473d.msi
[2012/08/02 07:22:23 | 000,726,528 | ---- | M] () -- C:\Windows\Installer\fe6808.msi
[2012/08/26 15:25:16 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}.SchedServiceConfig.rmi
[2012/07/18 13:54:54 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}.SchedServiceConfig.rmi
[2012/10/24 15:20:11 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}.SchedServiceConfig.rmi
[2012/12/03 20:41:29 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}.SchedServiceConfig.rmi
[2012/08/26 15:23:48 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}.SchedServiceConfig.rmi
[4 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %windir%\system32\tasks\*.* >

< %windir%\system32\tasks\*.* /64 >
[2013/01/08 15:16:06 | 000,003,768 | ---- | M] () -- C:\Windows\SysNative\tasks\Adobe Flash Player Updater
[2012/10/31 20:37:13 | 000,002,774 | ---- | M] () -- C:\Windows\SysNative\tasks\CCleanerSkipUAC
[2012/09/14 12:20:34 | 000,003,642 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore
[2012/09/14 12:20:36 | 000,003,894 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA
[2012/12/29 13:22:50 | 000,003,488 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2758387876-317494887-4176309356-1000Core
[2012/12/29 13:22:51 | 000,003,884 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2758387876-317494887-4176309356-1000UA
[2013/01/23 17:44:23 | 000,003,614 | ---- | M] () -- C:\Windows\SysNative\tasks\Norton Security Scan for Justin
[2013/02/04 12:45:05 | 000,003,214 | ---- | M] () -- C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2758387876-317494887-4176309356-1000
[2013/02/04 12:45:04 | 000,003,346 | ---- | M] () -- C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2758387876-317494887-4176309356-1000
[2013/01/23 16:33:01 | 000,003,214 | ---- | M] () -- C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-2758387876-317494887-4176309356-1000
[2013/01/23 16:33:00 | 000,003,346 | ---- | M] () -- C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-2758387876-317494887-4176309356-1000
[2013/01/22 16:32:02 | 000,002,970 | ---- | M] () -- C:\Windows\SysNative\tasks\ReclaimerUpdateFiles_Justin
[2013/01/22 17:10:48 | 000,002,706 | ---- | M] () -- C:\Windows\SysNative\tasks\ROC_REG_JAN_DELETE
[2012/07/23 14:36:34 | 000,003,138 | ---- | M] () -- C:\Windows\SysNative\tasks\{E05D680F-CD68-4D55-842A-8A77E5686F6C}

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: ATAPI.SYS >
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/09/07 12:20:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/09/07 12:17:02 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/09/07 12:20:51 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/09/07 12:17:02 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/09/07 12:20:51 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/09/07 12:17:02 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/09/07 12:20:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/09/07 12:17:02 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009/07/13 19:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\erdnt\cache86\regedit.exe
[2009/07/13 19:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/13 19:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/13 19:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/13 19:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2012/09/07 16:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USER32.DLL >
[2010/11/20 06:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll
[2010/11/20 06:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 06:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 19:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 19:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 07:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010/11/20 07:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 07:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/09/07 16:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/09/07 12:20:51 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/09/07 12:20:51 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >
[2009/07/13 23:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/13 23:08:49 | 000,032,656 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/18 12:24:37 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/07/22 16:11:37 | 000,000,860 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2758387876-317494887-4176309356-1000Core.job
[2012/07/22 16:11:38 | 000,000,912 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2758387876-317494887-4176309356-1000UA.job
[2012/08/03 09:15:45 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/08/03 09:15:46 | 000,000,898 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/01/22 17:10:48 | 000,000,298 | ---- | C] () -- C:\Windows\Tasks\ROC_REG_JAN_DELETE.job
[2013/01/23 17:44:23 | 000,000,450 | -H-- | C] () -- C:\Windows\Tasks\Norton Security Scan for Justin.job

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Yep, the OTL scan was still needed 

Now, we'll remove some things, but I've seen that you have AVG Secure Search and AVG SafeGuard toolbar. Sometimes these can cause slowness, but they're not classed as malware. We can leave them for now, but when its all clean, if you want to remove them, we can.

So, lets remove some things first:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/np-cwmp.dll
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
[2012/07/18 15:31:09 | 000,000,000 | ---D | M] -- C:\VSO Software ConvertXtoDVD v4.1.19.365 Incl.Keygen
[4 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
:Files
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/np-cwmp.dll
:Commands 
[purity] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

---------

Then, can you re-run OTL but use this code in the Custom Scan/Fixes, and press the *Run Scan* button, and post the log:


```
type C:\Windows\SysNative\tasks\{E05D680F-CD68-4D55-842A-8A77E5686F6C} /c
```
--------

Then, can you run this:

Download *CKScanner* from *here*

*Important :* Save it to your desktop. 

Doubleclick CKScanner.exe and click *Search For Files*. 
After a very short time, when the cursor hourglass disappears, click *Save List To File*. 
A message box will verify that the file is saved. 
Double-click the *CKFiles.txt* icon on your desktop and copy/paste the contents in your next reply.

eddie


----------



## justgreene (Jun 21, 2005)

Here are 3 logs:

All processes killed
========== OTL ==========
File C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll not found.
File C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/np-cwmp.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\0x00000001\ deleted successfully.
File Protocol\Handler\http\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\oledb\ deleted successfully.
File Protocol\Handler\http\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\0x00000001\ deleted successfully.
File Protocol\Handler\https\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\oledb\ deleted successfully.
File Protocol\Handler\https\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
File Protocol\Handler\viprotocol - No CLSID value found not found.
C:\VSO Software ConvertXtoDVD v4.1.19.365 Incl.Keygen folder moved successfully.
C:\Windows\Installer\MSI6472.tmp deleted successfully.
C:\Windows\Installer\MSI6E0C.tmp deleted successfully.
C:\Windows\Installer\MSI767.tmp deleted successfully.
C:\Windows\Installer\MSIC3B4.tmp deleted successfully.
========== FILES ==========
Invalid Switch: ConduitChromeApiPlugin.dll
Invalid Switch: np-cwmp.dll
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Justin
->Temp folder emptied: 1128399875 bytes
->Temporary Internet Files folder emptied: 188065494 bytes
->Java cache emptied: 21894667 bytes
->FireFox cache emptied: 78714511 bytes
->Google Chrome cache emptied: 428459570 bytes
->Flash cache emptied: 57825 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 140216 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,760.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Justin
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Justin
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 02072013_170439

Files\Folders moved on Reboot...
File move failed. C:\Users\Justin\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 2/7/2013 6:42:46 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Justin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 36.92% Memory free
5.75 Gb Paging File | 3.54 Gb Available in Paging File | 61.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.63 Gb Total Space | 106.44 Gb Free Space | 48.02% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 14.96 Gb Free Space | 40.17% Space Free | Partition Type: NTFS
Drive E: | 11.25 Gb Total Space | 1.51 Gb Free Space | 13.38% Space Free | Partition Type: NTFS
Drive G: | 74.52 Gb Total Space | 14.28 Gb Free Space | 19.17% Space Free | Partition Type: NTFS
Drive H: | 465.64 Gb Total Space | 113.05 Gb Free Space | 24.28% Space Free | Partition Type: FAT32
Drive I: | 2794.51 Gb Total Space | 2580.27 Gb Free Space | 92.33% Space Free | Partition Type: NTFS

Computer Name: GREENEHOME | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\14.0.1\ScriptHelper.exe ()
PRC - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
PRC - C:\Users\Justin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll ()
MOD - C:\Users\Justin\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Justin\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll ()
MOD - C:\Users\Justin\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\14.0.1\ScriptHelper.exe ()
MOD - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\SiteSafety.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\libid3tag.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\libaacdec.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\QtGui4.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\QtCore4.dll ()
MOD - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Hook\rndlpepperbrowserrecordhelper.dll ()
MOD - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll ()

========== Services (SafeList) ==========

SRV:*64bit:* - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:*64bit:* - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater14.0.1) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()

========== Driver Services (SafeList) ==========

DRV:*64bit:* - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:*64bit:* - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:*64bit:* - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:*64bit:* - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:*64bit:* - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:*64bit:* - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:*64bit:* - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:*64bit:* - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:*64bit:* - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:*64bit:* - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:*64bit:* - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:*64bit:* - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:*64bit:* - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:*64bit:* - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:*64bit:* - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:*64bit:* - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:*64bit:* - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:*64bit:* - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:*64bit:* - (AVMNgTunM780) -- C:\Windows\SysNative\drivers\AVerTun.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:*64bit:* - (AVMNgCapM780) -- C:\Windows\SysNative\drivers\AVerCap.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:*64bit:* - (AVMNgBasM780) -- C:\Windows\SysNative\drivers\AVerBas.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:*64bit:* - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:*64bit:* - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:*64bit:* - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:*64bit:* - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:*64bit:* - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 88 E2 41 07 65 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_enUS495
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={D5E1EF48-3B55-4C47-8F96-A43D4BEC3430}&mid=0ee2cac576784bef9cf54f979af83bd2-31c09cfdf0b96324640915a9f1bc07a9260dde39&lang=en&ds=AVG&pr=fr&d=2013-01-23 21:59:50&v=14.0.0.14&pid=safeguard&sg=1&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://mysearch.avg.com/?cid={D5E1EF48-3B55-4C47-8F96-A43D4BEC3430}&mid=0ee2cac576784bef9cf54f979af83bd2-31c09cfdf0b96324640915a9f1bc07a9260dde39&lang=en&ds=AVG&pr=fr&d=2013-01-23 21:59:50&v=14.0.0.14&pid=safeguard&sg=1&sap=hp"
FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "http://mysearch.avg.com/search?cid={D5E1EF48-3B55-4C47-8F96-A43D4BEC3430}&mid=0ee2cac576784bef9cf54f979af83bd2-31c09cfdf0b96324640915a9f1bc07a9260dde39&lang=en&ds=AVG&pr=fr&d=2013-01-23 21:59:50&pid=safeguard&sg=1&v=14.0.0.14&sap=ku&q="
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Justin\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Justin\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/18 14:43:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/01/30 14:12:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/09/12 19:53:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/23 16:44:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/23 16:44:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14 [2013/01/23 21:59:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/08 14:02:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/23 16:43:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/18 14:43:53 | 000,000,000 | ---D | M]

[2012/07/18 11:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions
[2012/10/25 15:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\extensions
[2012/10/25 15:50:51 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\extensions\[email protected]
[2012/12/08 14:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/29 02:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/24 08:43:29 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2013/01/23 16:43:33 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/11/29 02:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/23 21:59:56 | 000,003,607 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2012/11/29 02:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.yahoo.com/?fr=fptb-sunm
CHR - default_search_provider: swagbucks.com (Enabled)
CHR - default_search_provider: search_url = http://swagbucks.com/?sfp=h&t=w&p=1&q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.yahoo.com/?fr=fptb-sunm
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.6 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealDownloader = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Freemake Video Converter = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: AVG Safe Search = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: AVG SafeGuard toolbar = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.0.0.14_0\
CHR - Extension: Gmail = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/02/03 14:27:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\14.0.0.14\AVG SafeGuard toolbar_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\14.0.0.14\AVG SafeGuard toolbar_toolbar.dll ()
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [MusicManager] C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:*64bit:* - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BD735A3-23A0-4C7E-96AA-B48844B33697}: DhcpNameServer = 192.168.10.1
O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/12 12:20:56 | 000,000,000 | -H-- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/02/09 14:59:36 | 000,000,000 | R--D | M] - H:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/04 18:20:46 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Justin\Desktop\tdsskiller.exe
[2013/02/03 14:27:27 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/02/03 14:09:00 | 005,029,686 | R--- | C] (Swearware) -- C:\Users\Justin\Desktop\justgreene124.exe
[2013/01/30 18:59:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/30 14:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/01/24 14:40:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/01/23 22:00:09 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\AVG SafeGuard toolbar
[2013/01/23 21:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2013/01/23 21:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/01/23 21:59:45 | 000,037,720 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/01/23 21:59:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/01/23 21:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/01/23 17:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/01/23 17:44:17 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2013/01/23 17:44:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2013/01/23 17:44:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2013/01/23 17:44:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0307060.005
[2013/01/23 17:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/01/23 17:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/01/23 17:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/01/23 16:49:48 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\RealNetworks
[2013/01/23 16:44:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013/01/23 16:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/01/23 16:43:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013/01/23 16:43:41 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2013/01/23 16:43:30 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2013/01/23 16:43:30 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2013/01/23 16:43:29 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/01/23 16:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/01/23 16:41:33 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Real
[2013/01/22 17:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG January 2013 Campaign
[2013/01/17 18:14:43 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\RK_Quarantine
[2013/01/17 17:30:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/17 17:30:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/17 17:30:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/17 17:30:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/17 17:30:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/17 16:26:47 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Justin\Desktop\aswMBR.exe
[2013/01/17 13:36:26 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/17 13:36:06 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/17 13:28:34 | 000,499,213 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Justin\Desktop\JRT.exe
[2013/01/13 11:15:34 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/13 11:15:34 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/13 11:15:28 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/13 11:15:26 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/13 11:15:26 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/13 11:15:26 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/13 11:15:26 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/13 11:15:26 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/13 11:15:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/13 11:15:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/13 11:15:26 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/13 11:15:26 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/13 11:15:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/13 11:15:21 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/13 11:15:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/13 11:15:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/13 11:15:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/13 11:15:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/13 11:15:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/13 11:15:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/13 11:15:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/13 11:15:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/13 11:15:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/13 11:15:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/13 11:15:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/13 11:15:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/13 11:15:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/13 11:15:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/13 11:15:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/13 11:15:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/13 11:15:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/13 11:15:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/13 11:15:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/13 11:15:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/13 11:15:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/13 11:15:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/13 11:15:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/13 11:15:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/13 11:15:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/13 11:14:51 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/13 11:14:51 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/13 11:14:51 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/13 11:14:51 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/13 11:14:51 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/13 11:14:51 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/13 11:14:51 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/13 11:14:50 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/13 11:14:50 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/13 11:14:50 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/13 11:14:50 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/13 11:14:50 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/13 11:14:50 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/13 11:14:50 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/13 11:14:50 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/13 11:14:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/13 11:14:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/13 11:14:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/13 11:14:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/13 11:14:50 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/13 11:14:50 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/13 11:14:49 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/13 11:14:49 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/13 11:14:49 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/13 11:14:48 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/13 11:14:48 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/13 11:14:48 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/13 11:14:48 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/13 11:14:48 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/13 11:14:48 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/13 11:14:48 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/13 11:14:48 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/13 11:14:10 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/01/13 11:14:09 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/13 11:14:08 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/12 13:38:19 | 000,000,000 | ---D | C] -- C:\Jillian Michaels 30 Day Shred
[2013/01/11 22:34:24 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\Movies
[2013/01/11 22:32:38 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\HandBrake
[2013/01/11 22:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013/01/11 22:32:18 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013/01/11 22:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2013/01/11 17:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2013/01/11 17:05:34 | 000,000,000 | ---D | C] -- C:\rsit
[2013/01/10 16:45:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2013/02/07 18:27:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2758387876-317494887-4176309356-1000UA.job
[2013/02/07 18:25:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/07 18:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/07 17:39:25 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/07 17:39:25 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/07 17:32:09 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/07 17:32:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/07 17:32:04 | 2314,055,680 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/07 17:14:05 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/07 17:14:05 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/07 16:59:46 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Justin.job
[2013/02/07 13:27:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2758387876-317494887-4176309356-1000Core.job
[2013/02/07 13:23:02 | 109,190,061 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013/02/05 18:22:09 | 000,482,606 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2013/02/04 18:20:47 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Justin\Desktop\tdsskiller.exe
[2013/02/04 13:51:52 | 000,035,368 | ---- | M] () -- C:\Users\Justin\Desktop\IMG_1125.jpg
[2013/02/03 14:27:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/03 14:09:07 | 005,029,686 | R--- | M] (Swearware) -- C:\Users\Justin\Desktop\justgreene124.exe
[2013/01/31 21:24:49 | 001,366,425 | ---- | M] () -- C:\Users\Justin\Desktop\DSC03502fix.jpg
[2013/01/31 21:22:14 | 001,366,009 | ---- | M] () -- C:\Users\Justin\Desktop\DSC03502f.jpg
[2013/01/31 21:00:48 | 000,956,989 | ---- | M] () -- C:\Users\Justin\Desktop\dsc07620-1.jpg
[2013/01/31 14:57:21 | 000,636,177 | ---- | M] () -- C:\Users\Justin\Desktop\IMG_5572f.jpg
[2013/01/31 14:46:10 | 000,621,658 | ---- | M] () -- C:\Users\Justin\Desktop\IMG_4821f.jpg
[2013/01/31 14:39:59 | 000,650,410 | ---- | M] () -- C:\Users\Justin\Desktop\IMG_3713f.jpg
[2013/01/31 14:30:11 | 000,493,958 | ---- | M] () -- C:\Users\Justin\Desktop\IMG_3155f.jpg
[2013/01/30 14:12:35 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2013/01/28 18:02:11 | 000,165,376 | ---- | M] () -- C:\Users\Justin\Desktop\SystemLook_x64.exe
[2013/01/23 21:59:18 | 000,037,720 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/01/23 17:44:21 | 000,001,339 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2013/01/23 16:44:16 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/23 16:43:41 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2013/01/23 16:43:30 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2013/01/23 16:43:30 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2013/01/23 16:43:29 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/01/23 16:32:44 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/17 17:28:56 | 000,000,512 | ---- | M] () -- C:\Users\Justin\Desktop\MBR.dat
[2013/01/17 16:32:06 | 000,764,416 | ---- | M] () -- C:\Users\Justin\Desktop\RogueKiller.exe
[2013/01/17 16:27:41 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Justin\Desktop\aswMBR.exe
[2013/01/17 16:25:52 | 000,881,914 | ---- | M] () -- C:\Users\Justin\Desktop\SecurityCheck.exe
[2013/01/17 13:30:27 | 000,574,677 | ---- | M] () -- C:\Users\Justin\Desktop\adwcleaner.exe
[2013/01/17 13:28:35 | 000,499,213 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Justin\Desktop\JRT.exe
[2013/01/13 12:39:42 | 000,294,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/13 11:35:57 | 000,785,842 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/13 11:35:57 | 000,668,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/13 11:35:57 | 000,125,022 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/13 11:35:48 | 000,785,842 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/11 22:32:50 | 000,000,977 | ---- | M] () -- C:\Users\Justin\Desktop\Handbrake.lnk
[2013/01/11 17:04:52 | 000,781,383 | ---- | M] () -- C:\Users\Justin\Desktop\RSIT.exe
[2013/01/10 16:45:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2013/02/04 13:51:51 | 000,035,368 | ---- | C] () -- C:\Users\Justin\Desktop\IMG_1125.jpg
[2013/01/31 21:24:46 | 001,366,425 | ---- | C] () -- C:\Users\Justin\Desktop\DSC03502fix.jpg
[2013/01/31 21:22:11 | 001,366,009 | ---- | C] () -- C:\Users\Justin\Desktop\DSC03502f.jpg
[2013/01/31 21:00:42 | 000,956,989 | ---- | C] () -- C:\Users\Justin\Desktop\dsc07620-1.jpg
[2013/01/31 14:57:19 | 000,636,177 | ---- | C] () -- C:\Users\Justin\Desktop\IMG_5572f.jpg
[2013/01/31 14:46:08 | 000,621,658 | ---- | C] () -- C:\Users\Justin\Desktop\IMG_4821f.jpg
[2013/01/31 14:39:57 | 000,650,410 | ---- | C] () -- C:\Users\Justin\Desktop\IMG_3713f.jpg
[2013/01/31 14:30:09 | 000,493,958 | ---- | C] () -- C:\Users\Justin\Desktop\IMG_3155f.jpg
[2013/01/28 18:02:11 | 000,165,376 | ---- | C] () -- C:\Users\Justin\Desktop\SystemLook_x64.exe
[2013/01/23 17:44:23 | 000,000,450 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Justin.job
[2013/01/23 17:44:21 | 000,001,339 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2013/01/23 17:44:17 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0307060.005\isolate.ini
[2013/01/23 16:44:16 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/22 17:10:48 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/17 21:50:08 | 002,257,341 | R--- | C] () -- C:\Users\Justin\Desktop\DSC03573(rev 0).jpg
[2013/01/17 17:30:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/17 17:30:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/17 17:30:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/17 17:30:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/17 17:30:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/17 17:28:56 | 000,000,512 | ---- | C] () -- C:\Users\Justin\Desktop\MBR.dat
[2013/01/17 16:32:03 | 000,764,416 | ---- | C] () -- C:\Users\Justin\Desktop\RogueKiller.exe
[2013/01/17 16:25:52 | 000,881,914 | ---- | C] () -- C:\Users\Justin\Desktop\SecurityCheck.exe
[2013/01/17 13:30:27 | 000,574,677 | ---- | C] () -- C:\Users\Justin\Desktop\adwcleaner.exe
[2013/01/11 22:32:19 | 000,000,977 | ---- | C] () -- C:\Users\Justin\Desktop\Handbrake.lnk
[2013/01/11 17:04:52 | 000,781,383 | ---- | C] () -- C:\Users\Justin\Desktop\RSIT.exe
[2012/08/26 17:11:23 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012/08/26 14:54:48 | 000,000,218 | ---- | C] () -- C:\Users\Justin\.recently-used.xbel
[2012/07/23 15:24:59 | 000,000,226 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\default.rss
[2012/07/18 15:44:30 | 000,000,544 | ---- | C] () -- C:\Windows\_delis32.ini
[2012/07/18 15:14:12 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2012/07/18 14:55:01 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/07/18 14:36:41 | 000,221,311 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/07/18 14:36:41 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/07/18 13:10:00 | 000,785,842 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/18 00:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 00:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 00:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< type C:\Windows\SysNative\tasks\{E05D680F-CD68-4D55-842A >

< End of report >

CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
c:\users\justin\documents\recipes\firecracker grilled alaska salmon.doc
c:\_otl\movedfiles\02072013_170439\c_\vso software convertxtodvd v4.1.19.365 incl.keygen\keygen.rar
c:\_otl\movedfiles\02072013_170439\c_\vso software convertxtodvd v4.1.19.365 incl.keygen\setup.exe
c:\_otl\movedfiles\02072013_170439\c_\vso software convertxtodvd v4.1.19.365 incl.keygen\torrent downloaded from ahashare.com.txt
scanner sequence 3.BB.11.AMAPVD
----- EOF -----


----------



## eddie5659 (Mar 19, 2001)

Looks good, but seems that all of the custom scan wasn't pasted fully. It looks like its because I put it in a code, and it may have looked like some was missing.

Can you try OTL again, but just with this:



> type C:\Windows\SysNative\tasks\{E05D680F-CD68-4D55-842A-8A77E5686F6C} /c


Make sure it has the /c at the end


----------



## justgreene (Jun 21, 2005)

Do OTL as a "run scan" or "run fix"?


----------



## eddie5659 (Mar 19, 2001)

Sorry, forgot that part 

'Run Scan'


----------



## justgreene (Jun 21, 2005)

OTL logfile created on: 2/13/2013 6:45:02 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Justin\Desktop\techguys
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 64.22% Memory free
5.75 Gb Paging File | 3.88 Gb Available in Paging File | 67.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.63 Gb Total Space | 104.13 Gb Free Space | 46.98% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 14.96 Gb Free Space | 40.17% Space Free | Partition Type: NTFS
Drive E: | 11.25 Gb Total Space | 1.51 Gb Free Space | 13.38% Space Free | Partition Type: NTFS
Drive G: | 74.52 Gb Total Space | 14.28 Gb Free Space | 19.17% Space Free | Partition Type: NTFS
Drive H: | 465.64 Gb Total Space | 112.90 Gb Free Space | 24.25% Space Free | Partition Type: FAT32
Drive I: | 2794.51 Gb Total Space | 2580.27 Gb Free Space | 92.33% Space Free | Partition Type: NTFS

Computer Name: GREENEHOME | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
PRC - C:\Users\Justin\Desktop\techguys\OTL.exe (OldTimer Tools)
PRC - C:\Users\Justin\AppData\Local\Google\Update\1.3.21.124\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\libid3tag.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\libaacdec.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\QtGui4.dll ()
MOD - C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\QtCore4.dll ()

========== Services (SafeList) ==========

SRV:*64bit:* - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:*64bit:* - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TransferService) -- C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe (Microsoft)
SRV - (EventService) -- C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe ()
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()

========== Driver Services (SafeList) ==========

DRV:*64bit:* - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:*64bit:* - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:*64bit:* - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:*64bit:* - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:*64bit:* - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:*64bit:* - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:*64bit:* - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:*64bit:* - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:*64bit:* - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:*64bit:* - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:*64bit:* - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:*64bit:* - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:*64bit:* - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:*64bit:* - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:*64bit:* - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:*64bit:* - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:*64bit:* - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:*64bit:* - (AVMNgTunM780) -- C:\Windows\SysNative\drivers\AVerTun.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:*64bit:* - (AVMNgCapM780) -- C:\Windows\SysNative\drivers\AVerCap.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:*64bit:* - (AVMNgBasM780) -- C:\Windows\SysNative\drivers\AVerBas.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:*64bit:* - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:*64bit:* - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:*64bit:* - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:*64bit:* - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:*64bit:* - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 88 E2 41 07 65 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{1FB6ACF9-BDF3-4D3D-BC71-9D2E10D54BCE}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=EE108896-C466-44FF-AB79-7879EE2B75B9&apn_sauid=4B13FE89-1549-47DF-8B2D-03449ECA7EDF
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_enUS495
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:16110;https=127.0.0.1:16110

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/|http://pinterest.com/"
FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Justin\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Justin\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/18 14:43:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/01/30 14:12:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/09/12 19:53:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/23 16:44:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/23 16:44:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/08 14:02:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/23 16:43:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/18 14:43:53 | 000,000,000 | ---D | M]

[2012/07/18 11:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions
[2013/02/11 17:05:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\extensions
[2012/10/25 15:50:51 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\extensions\[email protected]
[2013/02/10 10:56:31 | 000,002,308 | ---- | M] () -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\searchplugins\askcom.xml
[2012/12/08 14:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/13 10:30:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013/02/13 10:30:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/11/29 02:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/24 08:43:29 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2013/01/23 16:43:33 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/11/29 02:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/29 02:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.yahoo.com/?fr=fptb-sunm
CHR - default_search_provider: swagbucks.com (Enabled)
CHR - default_search_provider: search_url = http://swagbucks.com/?sfp=h&t=w&p=1&q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.yahoo.com/?fr=fptb-sunm
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.6 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealDownloader = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Freemake Video Converter = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: AVG Safe Search = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: Gmail = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/02/03 14:27:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [MusicManager] C:\Users\Justin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:*64bit:* - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BD735A3-23A0-4C7E-96AA-B48844B33697}: DhcpNameServer = 192.168.10.1
O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/12 12:20:56 | 000,000,000 | -H-- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/02/09 14:59:36 | 000,000,000 | R--D | M] - H:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/12 14:27:28 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\MR APP
[2013/02/12 14:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MR APP
[2013/02/12 14:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/02/12 14:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\MR APP
[2013/02/10 10:52:28 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/02/10 10:52:28 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/02/10 10:52:28 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/02/07 20:30:19 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\Random Pics & Video
[2013/02/07 20:28:58 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\techguys
[2013/02/03 14:27:27 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/01/30 18:59:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/30 14:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/01/24 14:40:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/01/23 21:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2013/01/23 17:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/01/23 17:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/01/23 17:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/01/23 16:49:48 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\RealNetworks
[2013/01/23 16:44:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013/01/23 16:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/01/23 16:43:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013/01/23 16:43:41 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2013/01/23 16:43:30 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2013/01/23 16:43:30 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2013/01/23 16:43:29 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/01/23 16:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/01/23 16:41:33 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Real
[2013/01/22 17:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG January 2013 Campaign
[2013/01/17 18:14:43 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\RK_Quarantine
[2013/01/17 17:30:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/17 17:30:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/17 17:30:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/17 17:30:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/17 17:30:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/17 13:36:26 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/17 13:36:06 | 000,000,000 | ---D | C] -- C:\JRT

========== Files - Modified Within 30 Days ==========

[2013/02/13 18:27:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2758387876-317494887-4176309356-1000UA.job
[2013/02/13 18:25:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/13 18:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/13 13:27:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2758387876-317494887-4176309356-1000Core.job
[2013/02/13 13:25:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/13 09:55:39 | 109,895,690 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013/02/13 08:50:53 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/13 08:50:53 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/13 08:42:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/13 08:42:40 | 2314,055,680 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/11 22:00:48 | 000,792,118 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/11 22:00:48 | 000,668,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/11 22:00:48 | 000,125,022 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/11 21:58:06 | 001,190,297 | R--- | M] () -- C:\Users\Justin\Desktop\dsc03958-1(rev 0).jpg
[2013/02/11 18:14:10 | 000,483,256 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2013/02/07 17:14:05 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/07 17:14:05 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/03 14:27:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/30 14:12:35 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2013/01/23 16:44:16 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/23 16:43:41 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2013/01/23 16:43:30 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2013/01/23 16:43:30 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2013/01/23 16:43:29 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/01/23 16:32:44 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/17 17:28:56 | 000,000,512 | ---- | M] () -- C:\Users\Justin\Desktop\MBR.dat

========== Files Created - No Company Name ==========

[2013/02/11 22:05:58 | 006,421,129 | R--- | C] () -- C:\Users\Justin\Desktop\dsc03864-1(rev 1).jpg
[2013/02/11 22:02:05 | 001,190,297 | R--- | C] () -- C:\Users\Justin\Desktop\dsc03958-1(rev 0).jpg
[2013/01/23 16:44:16 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/22 17:10:48 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/17 17:30:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/17 17:30:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/17 17:30:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/17 17:30:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/17 17:30:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/17 17:28:56 | 000,000,512 | ---- | C] () -- C:\Users\Justin\Desktop\MBR.dat
[2012/08/26 17:11:23 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012/08/26 14:54:48 | 000,000,218 | ---- | C] () -- C:\Users\Justin\.recently-used.xbel
[2012/07/23 15:24:59 | 000,000,226 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\default.rss
[2012/07/18 15:44:30 | 000,000,544 | ---- | C] () -- C:\Windows\_delis32.ini
[2012/07/18 15:14:12 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2012/07/18 14:55:01 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/07/18 14:36:41 | 000,221,311 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/07/18 14:36:41 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/07/18 13:10:00 | 000,785,842 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/18 00:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 00:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 00:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< type C:\Windows\SysNative\tasks\{E05D680F-CD68-4D55-842A-8A77E5686F6C} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Users\Justin\AppData\Local\Temp\Temp1_dlgsetup11_win.zip\Setup.exe</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Greenehome\Justin</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Thanks 

Looks like the task folder is related to your hardrive, so thats okay 

However, I'm curious about these entries:

*SRV - (TransferService) -- C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe (Microsoft)
SRV - (EventService) -- C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe ()*

Do you know what they are? They also have folders here:

*C:\Users\Justin\AppData\Local\MR APP
C:\Program Files (x86)\MR APP
C:\ProgramData\MR APP*

If you do, that's fine, I'll just grab some info on them later if that's okay, as we have a database of files etc, so any info on certain files is very useful, as this can help many malware experts in the future.

Also, seen a few things that need to be removed in OTL, but will wait for your reply on the above first.

eddie


----------



## justgreene (Jun 21, 2005)

I really don't know what the files are. there is a folder in the MR APP folder called mozillacertutil. So, it might have something to do with firefox but am not sure what.


----------



## eddie5659 (Mar 19, 2001)

Okay, we'll look at them in detail in a bit. First, lets remove some things:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 88 E2 41 07 65 CD 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:16110;https=127.0.0.1:16110
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/np-cwmp.dll
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

-----------

Then, using SysteMlook which you should still have from before, can you run it with this code, and post the log it produces:


```
:file
C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe
C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe
:dir
C:\Users\Justin\AppData\Local\MR APP /s
C:\Program Files (x86)\MR APP /s
C:\ProgramData\MR APP /s
```


----------



## justgreene (Jun 21, 2005)

There was no log for the OTL after the system reboot. Here is the other log:

SystemLook 30.07.11 by jpshortstuff
Log created at 12:51 on 17/02/2013 by Justin
Administrator - Elevation successful

========== file ==========

C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe - File found and opened.
MD5: B1511F1F4E547A671DFD0DC82E08FC4B
Created at 20:16 on 06/12/2012
Modified at 20:16 on 06/12/2012
Size: 30720 bytes
Attributes: --a----
FileDescription: MRAPP.Transfer.Service
FileVersion: 1.0.0.0
ProductVersion: 1.0.0.0
OriginalFilename: MRAPP.Transfer.Service.exe
InternalName: MRAPP.Transfer.Service.exe
ProductName: MRAPP.Transfer.Service
CompanyName: Microsoft
LegalCopyright: Copyright © Microsoft 2011

C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe - File found and opened.
MD5: A06D709715E2E3E1CBDECE49534E2A6E
Created at 20:16 on 06/12/2012
Modified at 20:16 on 06/12/2012
Size: 27136 bytes
Attributes: --a----
FileDescription: MRAPP.Event.Service
FileVersion: 1.0.0.0
ProductVersion: 1.0.0.0
OriginalFilename: MRAPP.Event.Service.exe
InternalName: MRAPP.Event.Service.exe
ProductName: MRAPP.Event.Service
LegalCopyright: Copyright © 2011

========== dir ==========

C:\Users\Justin\AppData\Local\MR APP - Parameters: "/s"

---Files---
UserProxySetting.xml	--a---- 252 bytes	[20:27 12/02/2013]	[20:27 12/02/2013]

No folders found.

C:\Program Files (x86)\MR APP - Parameters: "/s"

---Files---
Avro.dll	--a---- 81920 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
BouncyCastle.CryptoExt.dll	--a---- 1507328 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
C5.dll	--a---- 272384 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
Common.Logging.dll	--a---- 49152 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
CommonServiceLocator.NinjectAdapter.dll	--a---- 5120 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
DidiSoft.Pgp.dll	--a---- 352256 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
FiddlerCore4.dll	--a---- 269824 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
Hardcodet.Wpf.TaskbarNotification.dll	--a---- 46592 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
makecert.exe	--a---- 55632 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
Microsoft.CompilerServices.AsyncTargetingPack.Net4.dll	--a---- 65696 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
Microsoft.Practices.ServiceLocation.dll	--a---- 29760 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
MRAPP.Behavioural.dll	--a---- 19968 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
MRAPP.Classes.dll	--a---- 30720 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
MRAPP.Common.Business.dll	--a---- 59392 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
MRAPP.Common.dll	--a---- 71680 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
MRAPP.Contracts.dll	--a---- 22016 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
MRAPP.Event.Service.exe	--a---- 27136 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
MRAPP.Event.Service.exe.config	--a---- 935 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
MRAPP.Logging.dll	--a---- 58880 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
MRAPP.Mock.Services.dll	--a---- 15360 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
MRAPP.Proxy.dll	--a---- 25600 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
MRAPP.Scheduler.dll	--a---- 13824 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
MRAPP.ServiceLocatorBindings.dll	--a---- 9728 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
MRAPP.Transfer.Service.exe	--a---- 30720 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
MRAPP.Transfer.Service.exe.config	--a---- 201 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
MRAPP.UI.exe	--a---- 71680 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
MRAPP.UI.Resources.R23.dll	--a---- 76288 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
Newtonsoft.Json.dll	--a---- 319488 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
Ninject.dll	--a---- 105472 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
NLog.config	--a---- 3928 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
NLog.dll	--a---- 388096 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
NLog.Extended.dll	--a---- 14336 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
Quartz.dll	--a---- 497152 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
System.Net.Http.dll	--a---- 180048 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
System.Reactive.dll	--a---- 397640 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]

C:\Program Files (x86)\MR APP\es	d------	[20:26 12/02/2013]
MRAPP.UI.Resources.dll	--a---- 3584 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
MRAPP.UI.Resources.R23.resources.dll	--a---- 3072 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]

C:\Program Files (x86)\MR APP\MozillaCertUtil	d------	[20:26 12/02/2013]
certutil.exe	--a---- 90112 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
libnspr4.dll	--a---- 208896 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
libplc4.dll	--a---- 28672 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
libplds4.dll	--a---- 24576 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
nss3.dll	--a---- 364544 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
smime3.dll	--a---- 106496 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]
softokn3.dll	--a---- 372736 bytes	[20:16 06/12/2012]	[20:16 06/12/2012]

C:\ProgramData\MR APP - Parameters: "/s"

---Files---
None found.

C:\ProgramData\MR APP\Configuration	d------	[20:24 12/02/2013]
670308343819.dat	--a---- 7616 bytes	[20:27 12/02/2013]	[03:33 14/02/2013]
_control.dat	--a---- 19 bytes	[20:27 12/02/2013]	[03:33 14/02/2013]

C:\ProgramData\MR APP\Configuration\Install	d------	[20:24 12/02/2013]
670308343819.dat	--a---- 24 bytes	[20:26 12/02/2013]	[20:26 12/02/2013]
Device.dat	--a---- 64 bytes	[20:27 12/02/2013]	[20:27 12/02/2013]

C:\ProgramData\MR APP\Log	d------	[20:26 12/02/2013]
MRAPP.Event.Service.log	--a---- 375553 bytes	[20:26 12/02/2013]	[18:48 17/02/2013]
MRAPP.Transfer.Service.log	--a---- 1287517 bytes	[20:26 12/02/2013]	[18:51 17/02/2013]
MRAPP.UI.log	--a---- 737258 bytes	[20:27 12/02/2013]	[18:48 17/02/2013]

C:\ProgramData\MR APP\Log\Queue	d------	[20:26 12/02/2013]

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Okay, just did a refresh on the entire thread, and would have replied yesterday, but bashed my leg so limping around, moaning like a zombie all night 

Firstly, and I know you use IE mainly, but did you set the search page in Chrome to this:

swagbucks.com

If not, we'll get that back to normal.

--

Also, and I'm pretty sure its okay just looks a bit strange, can you get me a copy of the following file as follows so I can check it fully:

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file



> *
> c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe
> C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe
> C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe
> *


Let me know when they're uploaded 

--

Also, you should have this on your Desktop still:

*C:\Users\Justin\Desktop\MBR.dat*

Will you be able to upload it as an attachment here, by doing this:

Rightclick on it and select *Send To* then select *Compressed (zipped) Folder * and upload that zip here. Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  ) [/list]











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *mbr.zip* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*










If its too big, upload it using the sfp tool like I posted just above, and post it at thespykiller in your same thread there 

----

As for the files that have MRAPP, the reason I'm curious is that one is sgned by Microsoft, and the other isn't at all, and there's not much infor on them either.

I've added them to the sfp speech above, so I'll have a detailed look at them. They may be okay, but just prefer to be safe 

eddie


----------



## justgreene (Jun 21, 2005)

I uploaded the zip file


----------



## justgreene (Jun 21, 2005)

i also did the spykiller thread


----------



## eddie5659 (Mar 19, 2001)

Thanks for posting at Spykiller, however only this file was there:

c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe

It may be because the others have been removed, but we'll check that in a bit 

Also, the mbr is clean, so definatly no rootkit there.

For the MRAPP files, do you have any e-rewards programs? I notice in your Chrome settings you have this:



> CHR - default_search_provider: swagbucks.com (Enabled)
> CHR - default_search_provider: search_url = http://swagbucks.com/?sfp=h&t=w&p=1&q={searchTerms}


Having a read about the files, they may be tracking your usage.

Can you post a list of your installed programs:

*1. Please download HijackThis:*

Please go * here* to download *HijackThis*.

Save the *HijackThis.exe* file to your desktop.
Double-click the * HijackThis.exe* file on your desktop to launch the program. If you get a security warning asking if you want to run this software because the publisher couldn't be verified click on Run to allow it.

Now, do the following:

Click Config, click Misc Tools
Click "*Open Uninstall Manager*"
Click "Save List" (generates *uninstall_list.txt*)
Click Save, copy and paste the results in your next post.

---------

Also, can you run these to see if it helps the IE issue as well:

*Clear Cache/Temp Files*
Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

----

Please download *ATF Cleaner* by Atribune.

*Caution: This program is for Windows 2000, XP and Vista only*


Double-click *ATF-Cleaner.exe* to run the program.
Under *Main* choose: *Select All*
Click the *Empty Selected* button.
If you use Firefox browser
Click *Firefox* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.
If you use Opera browser
Click *Opera* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.
Click *Exit* on the Main menu to close the program.
For *Technical Support*, double-click the e-mail address located at the bottom of each menu.

eddie


----------



## justgreene (Jun 21, 2005)

Yes, my wife uses swagbucks. I did everything but ATF Cleaner cause I am running Windows 7 and it says it is only for 2000, XP, and Vista. I appreciate all your help.

µTorrent
3DVIA player 5.0.0.20
7-Zip 9.22beta
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 8.0
Adobe Photoshop.com Inspiration Browser
Adobe Photoshop.com Inspiration Browser
Adobe Reader X (10.1.6)
Advertising Center
Angry Birds
Apple Application Support
Apple Software Update
CameraHelperMsi
Canon Easy-PhotoPrint EX
Canon Easy-PhotoPrint Pro
Canon Easy-PhotoPrint Pro - PRO-1 series Extention Data
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon Pro9000 Mark II series User Registration
Canon Utilities My Printer
Canon Utilities Solution Menu
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 4.1.19.365
Coupon Printer for Windows
Creative Memories Memory Manager 3
D3DX10
DolbyFiles
Duplicate Finder
DVD Shrink 3.2
e-Rewards Notify
erLT
Freemake Video Converter version 3.1.1
Google Drive
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HandBrake 0.9.8
HP Update
Java 7 Update 15
Junk Mail filter update
LightScribe System Software
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.65.0.1400
Memory Manager 3 Service Update
Menu Templates - Starter Kit
Mesh Runtime
Microsoft .NET Framework 1.1
Microsoft Office XP Professional
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Templates - Starter Kit
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero Live
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
NeroLiveGadget
neroxml
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Shutterfly Express Uploader
Shutterfly Express Uploader
Skype™ 6.0
SoundTrax
Swag Bucks Toolbar
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Zoodles
Zoodles


----------



## eddie5659 (Mar 19, 2001)

Okay, the file:

c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe

Is okay, just looked a bit strange 

In your installed programs, you have this:

*e-Rewards Notify*

Do you know if Swagbucks uses this program? If you're not sure, lets see if we can look at the files using SystemLook 

Using SystemLook, can you run the following code and copy/paste the log here:


```
:filefind
*swagbucks*
*e-Rewards*
:folderfind
*swagbucks*
*e-Rewards*
```
Then, lets try sfp again, but with the following. You can reply to the thread you already have at Spykiller 



> C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe
> C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe


Let me know when they're uploaded


----------



## justgreene (Jun 21, 2005)

SystemLook 30.07.11 by jpshortstuff
Log created at 20:50 on 12/03/2013 by Justin
Administrator - Elevation successful

========== filefind ==========

Searching for "*swagbucks*"
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_blog.swagbucks.com_0.localstorage	--a---- 3072 bytes	[00:14 28/02/2013]	[00:14 28/02/2013] 1B1795D33D30DFA3053C5A5D95C83B13
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_blog.swagbucks.com_0.localstorage-journal	--a---- 3608 bytes	[00:14 28/02/2013]	[00:14 28/02/2013] F9C78F53417E15AC55461DC8D46C8476
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_player.swagbucks.com_0.localstorage	--a---- 5120 bytes	[05:01 21/12/2012]	[03:54 09/03/2013] 98E47275BCAA72FB6B6B4FEF227E700D
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_player.swagbucks.com_0.localstorage-journal	--a---- 5672 bytes	[05:01 21/12/2012]	[03:54 09/03/2013] E9ECE6864835480C4A3E552ACA5F595D
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.swagbucks.com_0.localstorage	--a---- 3072 bytes	[20:55 06/03/2013]	[22:46 09/03/2013] BBD2A00D901CB338F909187BAB979EC2
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.swagbucks.com_0.localstorage-journal	--a---- 3608 bytes	[20:55 06/03/2013]	[22:46 09/03/2013] 1A88A9817B80EB7566D00EAD31B3D303
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbartv.swagbucks.com_0.localstorage	--a---- 3072 bytes	[19:47 26/02/2013]	[03:26 11/03/2013] AA712825329DA7C4CE20733D2371A60D
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbartv.swagbucks.com_0.localstorage-journal	--a---- 3608 bytes	[19:47 26/02/2013]	[03:26 11/03/2013] E94CE540B4F9CA9D18F955A41F69199A
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_video.swagbucks.com_0.localstorage	--a---- 3072 bytes	[21:47 30/12/2012]	[14:45 08/03/2013] 0868E7D6453B45728A44FF5B6EF8D1EA
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_video.swagbucks.com_0.localstorage-journal	--a---- 3608 bytes	[21:47 30/12/2012]	[14:45 08/03/2013] A06230B45842067917396AB51C55CF4B
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.swagbucks.com_0.localstorage	--a---- 14336 bytes	[03:26 26/02/2013]	[03:31 11/03/2013] 73CF06E78957EFE23159040B8D562839
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.swagbucks.com_0.localstorage-journal	--a---- 6704 bytes	[03:26 26/02/2013]	[03:31 11/03/2013] 9C8F94F4C9D1B95171742CFA45090339
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HX3JWBZN\cfiles.5min.com\5minSessionT#\racker_player.swagbucks.com.sol	--a---- 128 bytes	[13:46 03/08/2012]	[01:04 09/03/2013] 246E178892C36F2E4A67D35DA6581B90
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HX3JWBZN\cfiles.5min.com\5minSessionTrac#\ker_toolbartv.swagbucks.com.sol	--a---- 134 bytes	[19:46 26/02/2013]	[03:26 11/03/2013] E9CF433844AD242692B58D91C0793335
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HX3JWBZN\cfiles.5min.com\player.#\swagbucks.com_5minVideoCust.sol	--a---- 94 bytes	[20:07 03/08/2012]	[00:50 06/03/2013] 478AD082D682CC2FA342F251751D7D42
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HX3JWBZN\cfiles.5min.com\toolbartv.#\swagbucks.com_5minVideoCust.sol	--a---- 78 bytes	[19:48 26/02/2013]	[19:48 26/02/2013] FA7C7CF79227E915F88D1837AD584042
C:\Users\Justin\Downloads\SwagBucks (1).exe	--a---- 1249016 bytes	[22:15 25/02/2013]	[22:15 25/02/2013] 6BC0E4B2C4B940BC84F24161A776076A
C:\Users\Justin\Downloads\SwagBucks.exe	--a---- 1249016 bytes	[22:14 25/02/2013]	[22:15 25/02/2013] 6BC0E4B2C4B940BC84F24161A776076A

Searching for "*e-Rewards*"
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.e-rewards.com_0.localstorage	--a---- 3072 bytes	[02:08 14/01/2013]	[14:58 20/01/2013] 06D3F596DF71620BAE579F2FBD0827B2
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.e-rewards.com_0.localstorage-journal	--a---- 3608 bytes	[02:08 14/01/2013]	[14:58 20/01/2013] 7ECE2E3C5CBDF13A5E31FEF054D64149

========== folderfind ==========

Searching for "*swagbucks*"
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HX3JWBZN\cdn1.gaming.swagbucks.com	d------	[17:27 11/09/2012]
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HX3JWBZN\player.swagbucks.com	d------	[03:11 04/08/2012]
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HX3JWBZN\toolbartv.swagbucks.com	d------	[17:33 27/02/2013]
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HX3JWBZN\macromedia.com\support\flashplayer\sys\#cdn1.gaming.swagbucks.com	d------	[18:57 25/10/2012]
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HX3JWBZN\macromedia.com\support\flashplayer\sys\#player.swagbucks.com	d------	[19:00 01/01/2013]
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HX3JWBZN\macromedia.com\support\flashplayer\sys\#toolbartv.swagbucks.com	d------	[17:33 27/02/2013]
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#player.swagbucks.com	d------	[01:52 29/09/2012]

Searching for "*e-Rewards*"
No folders found.

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

No email notification saying I had a reply 

So, looking at the above, it doesn't look like the two are related. And in your installed programs you have two seperate programs, and reading about e-rewards, it installs the MR APP files.

So, using AddRemove Programs in your Control Panel, uninstall the following:

*
e-Rewards Notify
*

Restart and post a fresh OTL log by doing this:


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open one notepad window, *OTL.Txt*. This is saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of this files and post them in your topic


----------



## justgreene (Jun 21, 2005)

OTL logfile created on: 3/17/2013 4:54:20 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Justin\Desktop\techguys
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 65.60% Memory free
5.75 Gb Paging File | 4.21 Gb Available in Paging File | 73.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.63 Gb Total Space | 98.66 Gb Free Space | 44.52% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 37.11 Gb Free Space | 99.63% Space Free | Partition Type: NTFS
Drive E: | 11.25 Gb Total Space | 1.51 Gb Free Space | 13.38% Space Free | Partition Type: NTFS
Drive G: | 74.52 Gb Total Space | 14.28 Gb Free Space | 19.17% Space Free | Partition Type: NTFS
Drive H: | 465.64 Gb Total Space | 109.92 Gb Free Space | 23.61% Space Free | Partition Type: FAT32
Drive I: | 2794.51 Gb Total Space | 2577.27 Gb Free Space | 92.23% Space Free | Partition Type: NTFS

Computer Name: GREENEHOME | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (Conduit)
PRC - C:\Users\Justin\Desktop\techguys\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:*64bit:* - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:*64bit:* - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (CltMngSvc) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (Conduit)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()

========== Driver Services (SafeList) ==========

DRV:*64bit:* - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:*64bit:* - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:*64bit:* - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:*64bit:* - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:*64bit:* - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:*64bit:* - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:*64bit:* - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:*64bit:* - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:*64bit:* - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:*64bit:* - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:*64bit:* - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:*64bit:* - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:*64bit:* - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:*64bit:* - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:*64bit:* - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:*64bit:* - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:*64bit:* - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:*64bit:* - (AVMNgTunM780) -- C:\Windows\SysNative\drivers\AVerTun.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:*64bit:* - (AVMNgCapM780) -- C:\Windows\SysNative\drivers\AVerCap.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:*64bit:* - (AVMNgBasM780) -- C:\Windows\SysNative\drivers\AVerBas.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:*64bit:* - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:*64bit:* - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:*64bit:* - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:*64bit:* - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:*64bit:* - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{1FB6ACF9-BDF3-4D3D-BC71-9D2E10D54BCE}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=EE108896-C466-44FF-AB79-7879EE2B75B9&apn_sauid=4B13FE89-1549-47DF-8B2D-03449ECA7EDF
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_enUS495
IE - HKCU\..\SearchScopes\{95549C03-5A7A-4F4E-BA2A-152EED2278F8}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2260173&CUI=UN82970557828419189
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/|http://pinterest.com/"
FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Justin\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Justin\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/18 15:43:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/03/06 09:21:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/09/12 20:53:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/23 17:44:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/23 17:44:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/23 17:45:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/15 09:26:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/22 13:28:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/18 15:43:53 | 000,000,000 | ---D | M]

[2012/07/18 12:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions
[2013/02/11 18:05:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\extensions
[2012/10/25 16:50:51 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\extensions\[email protected]
[2013/02/10 11:56:31 | 000,002,308 | ---- | M] () -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\searchplugins\askcom.xml
[2013/02/13 11:30:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/13 11:30:26 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/24 09:43:29 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2013/01/23 17:43:33 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/11/29 03:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/29 03:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: swagbucks.com (Enabled)
CHR - default_search_provider: search_url = http://swagbucks.com/?sfp=h&t=w&p=1&q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.yahoo.com/?fr=fptb-sunm
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.6 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Swag Bucks = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak\10.14.370.524_0\
CHR - Extension: YouTube = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealDownloader = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Freemake Video Converter = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: AVG Safe Search = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: Gmail = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/02/03 15:27:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:*64bit:* - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BD735A3-23A0-4C7E-96AA-B48844B33697}: DhcpNameServer = 192.168.10.1
O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/12 13:20:56 | 000,000,000 | -H-- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/02/09 14:59:36 | 000,000,000 | R--D | M] - H:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/15 22:51:00 | 000,000,000 | ---D | C] -- C:\Users\Justin\FrostWire
[2013/03/15 22:50:41 | 000,000,000 | ---D | C] -- C:\Users\Justin\.frostwire5
[2013/03/15 22:50:10 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
[2013/03/15 22:49:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FrostWire 5
[2013/03/15 22:47:22 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\OpenCandy
[2013/03/15 09:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/03/15 09:25:04 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\SearchProtect
[2013/03/07 22:18:44 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Justin\Desktop\TFC.exe
[2013/03/06 09:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/03/04 23:34:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MR APP
[2013/03/02 11:39:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/02/25 22:25:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/02/25 22:24:52 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Conduit
[2013/02/25 22:24:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Swag_Bucks
[2013/02/18 21:24:51 | 000,000,000 | --SD | C] -- C:\Users\Justin\Google Drive
[2013/02/18 21:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/02/18 11:26:13 | 000,000,000 | ---D | C] -- C:\Big Miracle

========== Files - Modified Within 30 Days ==========

[2013/03/17 16:33:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2758387876-317494887-4176309356-1000UA.job
[2013/03/17 16:31:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/17 16:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/17 10:31:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/17 09:53:50 | 113,628,723 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013/03/17 08:38:53 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/17 08:38:53 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/17 08:38:30 | 000,668,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/17 08:38:29 | 000,792,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/17 08:38:29 | 000,125,022 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/17 08:31:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/17 08:31:30 | 2314,055,680 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/16 18:33:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2758387876-317494887-4176309356-1000Core.job
[2013/03/15 22:50:13 | 000,001,243 | ---- | M] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.5.5.lnk
[2013/03/15 22:50:13 | 000,001,219 | ---- | M] () -- C:\Users\Justin\Desktop\FrostWire 5.5.5.lnk
[2013/03/12 20:56:05 | 000,013,318 | ---- | M] () -- C:\Users\Justin\Desktop\requested-files[2013-03-12_20_56].cab
[2013/03/10 17:57:32 | 000,489,448 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2013/03/09 23:38:58 | 002,188,566 | R--- | M] () -- C:\Users\Justin\Desktop\img_2205fix(rev 0).jpg
[2013/03/09 20:16:55 | 002,188,566 | ---- | M] () -- C:\Users\Justin\Desktop\img_2205fix.jpg
[2013/03/07 22:18:44 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\TFC.exe
[2013/03/06 09:21:13 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2013/03/04 19:50:10 | 000,000,572 | ---- | M] () -- C:\Users\Justin\Desktop\MBR.zip
[2013/03/04 19:41:11 | 000,099,053 | ---- | M] () -- C:\Users\Justin\Desktop\requested-files[2013-03-04_18_41].cab
[2013/03/04 19:40:37 | 000,264,875 | ---- | M] () -- C:\Users\Justin\Desktop\sfp.zip
[2013/03/02 11:36:04 | 000,001,135 | ---- | M] () -- C:\Users\Justin\Desktop\Continue Adobe Flash Player (IE) Installation.lnk
[2013/02/25 22:25:26 | 000,000,009 | ---- | M] () -- C:\END
[2013/02/18 21:24:52 | 000,001,698 | ---- | M] () -- C:\Users\Justin\Desktop\Google Drive.lnk
[2013/02/16 23:46:27 | 001,806,460 | ---- | M] () -- C:\Users\Justin\Desktop\img_1672f.jpg
[2013/02/16 22:19:08 | 007,530,386 | R--- | M] () -- C:\Users\Justin\Desktop\img_1916(rev 0).jpg

========== Files Created - No Company Name ==========

[2013/03/16 22:12:11 | 002,188,566 | R--- | C] () -- C:\Users\Justin\Desktop\img_2205fix(rev 0).jpg
[2013/03/15 22:50:13 | 000,001,243 | ---- | C] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.5.5.lnk
[2013/03/15 22:50:13 | 000,001,219 | ---- | C] () -- C:\Users\Justin\Desktop\FrostWire 5.5.5.lnk
[2013/03/12 20:56:05 | 000,013,318 | ---- | C] () -- C:\Users\Justin\Desktop\requested-files[2013-03-12_20_56].cab
[2013/03/09 20:16:47 | 002,188,566 | ---- | C] () -- C:\Users\Justin\Desktop\img_2205fix.jpg
[2013/03/04 19:50:10 | 000,000,572 | ---- | C] () -- C:\Users\Justin\Desktop\MBR.zip
[2013/03/04 19:41:11 | 000,099,053 | ---- | C] () -- C:\Users\Justin\Desktop\requested-files[2013-03-04_18_41].cab
[2013/03/04 19:40:21 | 000,264,875 | ---- | C] () -- C:\Users\Justin\Desktop\sfp.zip
[2013/03/02 11:36:04 | 000,001,135 | ---- | C] () -- C:\Users\Justin\Desktop\Continue Adobe Flash Player (IE) Installation.lnk
[2013/02/18 21:24:52 | 000,001,698 | ---- | C] () -- C:\Users\Justin\Desktop\Google Drive.lnk
[2013/02/17 00:54:47 | 007,530,386 | R--- | C] () -- C:\Users\Justin\Desktop\img_1916(rev 0).jpg
[2013/02/16 23:46:21 | 001,806,460 | ---- | C] () -- C:\Users\Justin\Desktop\img_1672f.jpg
[2013/01/17 18:30:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/17 18:30:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/17 18:30:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/17 18:30:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/17 18:30:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/26 18:11:23 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012/08/26 15:54:48 | 000,000,218 | ---- | C] () -- C:\Users\Justin\.recently-used.xbel
[2012/07/23 16:24:59 | 000,000,226 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\default.rss
[2012/07/18 16:44:30 | 000,000,544 | ---- | C] () -- C:\Windows\_delis32.ini
[2012/07/18 16:14:12 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2012/07/18 15:55:01 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/07/18 15:36:41 | 000,221,311 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/07/18 15:36:41 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/07/18 14:10:00 | 000,785,842 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/18 01:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 01:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 01:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/24 13:39:31 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Ashisoft
[2012/07/22 21:06:30 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\AVG2012
[2012/10/31 21:39:22 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Azureus
[2012/08/29 20:51:37 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\BitTorrent
[2012/07/18 14:43:27 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Caspedia
[2012/07/24 09:43:29 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Catalina Marketing Corp
[2012/08/04 21:51:58 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\com.Shutterfly.ExpressUploader
[2012/09/23 13:21:13 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1
[2012/08/15 16:53:46 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DT
[2013/01/12 11:31:17 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\HandBrake
[2012/11/28 22:17:35 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Leadertech
[2013/03/15 22:47:22 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\OpenCandy
[2012/12/19 16:10:26 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2012/09/27 12:23:42 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Rovio
[2013/03/15 09:30:27 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\SearchProtect
[2013/03/16 13:26:02 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Spotify
[2013/02/07 22:39:09 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\uTorrent
[2013/01/11 23:30:09 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Vso

========== Purity Check ==========

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Hmmm, you now seem to have some conduit files, so lets sort them out as well 

Ah, looks like its related to swagbucks, but its only the toolbar:

IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)

On the plus side, the MR APP files have gone 

So, lets get these removed, and check for leftovers:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
PRC - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (Conduit)
SRV - (CltMngSvc) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (Conduit)
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes\{1FB6ACF9-BDF3-4D3D-BC71-9D2E10D54BCE}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=EE108896-C466-44FF-AB79-7879EE2B75B9&apn_sauid=4B13FE89-1549-47DF-8B2D-03449ECA7EDF
IE - HKCU\..\SearchScopes\{95549C03-5A7A-4F4E-BA2A-152EED2278F8}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2260173&CUI=UN8297055 7828419189
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
[2013/02/10 11:56:31 | 000,002,308 | ---- | M] () -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\searchplugins\askcom.xml
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
[2013/03/04 23:34:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MR APP
[2013/02/25 22:25:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/02/25 22:24:52 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Conduit
:Commands 
[purity] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

-----------

Then, using SystemLook, can you run it with this code and post the log it creates:


```
:filefind
*conduit*
*SearchProtect*
*ask.com*
:folderfind
*conduit*
*SearchProtect*
*ask.com*
:regfind
conduit
SearchProtect
ask.com
```
eddie


----------



## eddie5659 (Mar 19, 2001)

For some strange reason, my code above has gone weird. Trying to find out why, but if you just copy/paste as normal, it should work.


----------



## eddie5659 (Mar 19, 2001)

Ignore my reply, its fine your end, it was my Firefox that needed cleaning


----------



## justgreene (Jun 21, 2005)

I did the OTL but did not receive a log after the reboot. I had to attach the SystemLook log due to its size.


----------



## eddie5659 (Mar 19, 2001)

It should be in the same place as you run OTL from, which looking at your log, is here:

*C:\Users\Justin\Desktop\techguys*

Now, the SystemLook log may take a while to go through, as you can guess. I have to go out at 8ish (its 6 now) but will reply as soon as I can


----------



## justgreene (Jun 21, 2005)

Yes, I looked in that folder and there is no OTL.txt with yesterday's date. Strange.


----------



## eddie5659 (Mar 19, 2001)

Hmmm, okay we'll use a different tool for now. However, been looking through the log and some of the latest versions of two tools you have may get rid of some of it automatically.

So, delete the copies of JRT and adwcleaner, and get fresh ones from here and post the logs. Then, I'll go through the fix I've just created, remove the ones that were removed, and post the new fix 








Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Please download *AdwCleaner* by Xplode onto your desktop.

Double click on *AdwCleaner.exe* to run the tool.
Click on *Search*.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at *C:\AdwCleaner[R1].txt* as well.


----------



## justgreene (Jun 21, 2005)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Justin on Thu 03/21/2013 at 20:43:07.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\igearsettings
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2260173
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Justin\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Justin\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "C:\Users\Justin\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Justin\appdata\locallow\swag_bucks"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\Program Files (x86)\swag_bucks"

~~~ FireFox

Successfully deleted the following from C:\Users\Justin\AppData\Roaming\mozilla\firefox\profiles\sv5ouond.default\prefs.js

user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2504091.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp:/
user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2504091\"}");
user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://VuzeRemote.OurToolbar.com//xpi\"}");
user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Vuze Remote\"}");
user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3225826.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3225826/CT3225826", "\"affe4f988fe65109775bf184084448032\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3225826", "\"1338589081\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.0.0", "\"0e0a4327275cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3225826", "\"c912886ea3ba021d3a9ef2d6ad700899\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"dfed7e16778403291867fc5515fa7d93\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Justin\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\sv5ouond.default\\conduitCommon\\modules\\3.15.0.0");

~~~ Chrome

Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\ojpijjmpahflnipadmlpgbjmagmjchkk

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/21/2013 at 20:51:17.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.115 - Logfile created 03/21/2013 at 21:05:52
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Justin - GREENEHOME
# Boot Mode : Normal
# Running from : C:\Users\Justin\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\END
File Found : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Found : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak
Folder Found : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak
Folder Found : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Swag_Bucks
Key Found : HKCU\Software\Google\Chrome\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak
Key Found : HKCU\Software\Google\Chrome\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\SearchProtect
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{85675E8E-5807-456E-8005-29ECDFB5AA98}
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\Swag_Bucks
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{85675E8E-5807-456E-8005-29ECDFB5AA98}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35090F24-AA75-43B7-A958-2E2B110D2620}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{941E004C-50E4-488F-AE64-3196E2DC3BED}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Swag_Bucks Toolbar
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\prefs.js

Found : user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT2504091.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FR[...]
Found : user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Found : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3225826.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3225826/CT3225826[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3225826", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3225826",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"dfe[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Justin\\AppData\\Roaming\\Mozilla\\[...]

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.3125] : urls_to_restore_on_startup = [ "hxxp://us.mg5.mail.yahoo.com/neo/launch?.rand=c826096ffuta3", "hxxp://organicdeals.com/", "hxxp://thehungersite.com/", "hxxp://swagbucks.com/", "hxxps://gmail.com/", "hxxp://mysearch.avg.com/?cid={D5E1EF48-3B55-4C47-8F96-A43D4BEC3430}&mid=0ee2cac576784bef9cf54f979af83bd2-31c09cfdf0b96324640915a9f1bc07a9260dde39&lang=en&ds=AVG&pr=fr&d=2013-01-23 21:59:50&v=14.0.0.14&pid=safeguard&sg=1&sap=hp", "hxxp://search.conduit.com/?CUI=UN38891218644857225&ctid=CT2260173&SearchSource=48" ]

*************************

AdwCleaner[R1].txt - [4584 octets] - [17/01/2013 14:59:01]
AdwCleaner[R2].txt - [6724 octets] - [21/03/2013 21:05:52]

########## EOF - C:\AdwCleaner[R2].txt - [6784 octets] ##########


----------



## eddie5659 (Mar 19, 2001)

Hmmm, as you may have seen, JRT has removed these:



> Successfully deleted: [Folder] "C:\Users\Justin\appdata\locallow\swag_bucks"
> Successfully deleted: [Folder] "C:\Program Files (x86)\swag_bucks"


Can you still access Swagbucks online?


Close all open programs and internet browsers.
Double click on *adwcleaner.exe* to run the tool.
Click on *Delete*.
Confirm each time with *Ok*.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at *C:\AdwCleaner[S1].txt* as well.

Then, when the above is posted, my new fix will be created 

eddie


----------



## justgreene (Jun 21, 2005)

# AdwCleaner v2.115 - Logfile created 03/24/2013 at 20:52:54
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Justin - GREENEHOME
# Boot Mode : Normal
# Running from : C:\Users\Justin\Desktop\techguys\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\Justin\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Swag_Bucks
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{85675E8E-5807-456E-8005-29ECDFB5AA98}
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Swag_Bucks
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{85675E8E-5807-456E-8005-29ECDFB5AA98}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35090F24-AA75-43B7-A958-2E2B110D2620}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{941E004C-50E4-488F-AE64-3196E2DC3BED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Swag_Bucks Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\prefs.js

Deleted : user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2504091.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FR[...]
Deleted : user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3225826.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3225826/CT3225826[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3225826", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3225826",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"dfe[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Justin\\AppData\\Roaming\\Mozilla\\[...]

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.3189] : urls_to_restore_on_startup = [ "hxxp://us.mg5.mail.yahoo.com/neo/launch?.rand=c826096ffuta3",[...]

*************************

AdwCleaner[R1].txt - [4584 octets] - [17/01/2013 14:59:01]
AdwCleaner[R2].txt - [6849 octets] - [21/03/2013 21:05:52]
AdwCleaner[S1].txt - [366 octets] - [24/03/2013 20:51:15]
AdwCleaner[S2].txt - [6105 octets] - [24/03/2013 20:52:54]

########## EOF - C:\AdwCleaner[S2].txt - [6165 octets] ##########


----------



## eddie5659 (Mar 19, 2001)

Okay, that has removed quite a bit, so here we go 

*Backing Up Your Registry*
Download *ERUNT* 
_(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)_
Install *ERUNT* by following the prompts
_(use the default install settings but say no to the portion that asks you to add *ERUNT* to the start-up folder, if you like you can enable this option later)_
Start *ERUNT*
_(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)_
Choose a location for the backup
_(the default location is C:\WINDOWS\ERDNT which is acceptable)._
Make sure that at least the first two check boxes are ticked
Press *OK*
Press *YES* to create the folder.










Then, do the following:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:Files
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\Dialogs\NewSearchProtectorDialog
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorDialog
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorRetakeoverDialog
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT2504091\CT2504091.searchProtectorData
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT3225826\Dialogs\NewSearchProtectorDialog
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT3225826\Dialogs\SearchProtectorDialog
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT3225826\Dialogs\SearchProtectorRetakeoverDialog
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT3225826\Dialogs\SearchProtectorBubbleDialog
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\Repository\conduit_CT2260173_CT2260173
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\Repository\conduit_CT2260173_en
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[-HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\AppDataLow\Software\Conduit]
[-HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\AppDataLow\Software\ConduitSearchScopes]
[-HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\SearchProtect]
[-HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Conduit]
[-HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\AppDataLow\Software\Swag_Bucks\toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchProtect]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtect]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
ipconfig /flushdns /c
:Commands 
[purity]
[emptytemp] 
[emptyjava]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.


----------



## justgreene (Jun 21, 2005)

I did the registry backup. However, I have tried doing the OTL but it keeps going into a "not responding" mode. I have tried OTL about 4 times.


----------



## eddie5659 (Mar 19, 2001)

Okay, leave OTL and use this instead:

Please *download* *OTM* 

 *Save* it to your *desktop*. 
 Please double-click *OTM* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*). 
*Copy the lines in the codebox below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Files
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\Dialogs\NewSearchProtectorDialog
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorDialog
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorRetakeoverDialog
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT2504091\CT2504091.searchProtectorData
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT3225826\Dialogs\NewSearchProtectorDialog
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT3225826\Dialogs\SearchProtectorDialog
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT3225826\Dialogs\SearchProtectorRetakeoverDialog
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT3225826\Dialogs\SearchProtectorBubbleDialog
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\Repository\conduit_CT2260173_CT2260173
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\Repository\conduit_CT2260173_en
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[-HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\AppDataLow\Software\Conduit]
[-HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\AppDataLow\Software\ConduitSearchScopes]
[-HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\SearchProtect]
[-HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Conduit]
[-HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\AppDataLow\Software\Swag_Bucks\toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchProtect]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtect]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
ipconfig /flushdns /c
:Commands 
[purity]
[emptytemp] 
[emptyjava]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
```

Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.

Click the red *Moveit!* button. 
*Copy everything in the Results window (under the green bar) to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply. 
Close *OTM* and reboot your PC. 
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.* In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post


----------



## justgreene (Jun 21, 2005)

having the same "not responding" issue with OTM


----------



## eddie5659 (Mar 19, 2001)

Hmm, okay. Do you still have ComboFix? If so, get a fresh one from here:

*Delete any copies of Combofix that you have.*

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:


```
File::
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT2504091\CT2504091.searchProtectorData
Folder::
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\Dialogs\NewSearchProtectorDialog
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorDialog
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorRetakeoverDialog
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT3225826\Dialogs\NewSearchProtectorDialog
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT3225826\Dialogs\SearchProtectorDialog
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT3225826\Dialogs\SearchProtectorRetakeoverDialog
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT3225826\Dialogs\SearchProtectorBubbleDialog
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\Repository\conduit_CT2260173_CT2260173
C:\Users\Justin\AppData\LocalLow\Swag_Bucks\Repository\conduit_CT2260173_en
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[-HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\AppDataLow\Software\Conduit]
[-HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\AppDataLow\Software\ConduitSearchScopes]
[-HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\SearchProtect]
[-HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Conduit]
[-HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\AppDataLow\Software\Swag_Bucks\toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchProtect]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtect]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
```
Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.


----------



## justgreene (Jun 21, 2005)

ComboFix 13-03-28.01 - Justin 03/29/2013 10:33:36.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.1933 [GMT -5:00]
Running from: c:\users\Justin\Desktop\ComboFix.exe
Command switches used :: c:\users\Justin\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal"
"c:\users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage"
"c:\users\Justin\AppData\LocalLow\Swag_Bucks\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml"
"c:\users\Justin\AppData\LocalLow\Swag_Bucks\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml"
"c:\users\Justin\AppData\LocalLow\Swag_Bucks\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml"
"c:\users\Justin\AppData\LocalLow\Swag_Bucks\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml"
"c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\CT2504091\CT2504091.searchProtectorData"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Justin\AppData\Local\BcsKtYcHW.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-29 )))))))))))))))))))))))))))))))
.
.
2013-03-29 15:41 . 2013-03-29 15:41	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-03-29 15:41 . 2013-03-29 15:41	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-28 23:08 . 2013-03-28 23:08	--------	d-----w-	C:\zero dark thirty
2013-03-28 23:00 . 2013-03-28 23:00	--------	d-----w-	C:\Django Unchained
2013-03-27 01:37 . 2013-03-27 01:37	45056	----a-r-	c:\users\Justin\AppData\Roaming\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\UNINST_Uninstall_C_EBD1846850A64C858760A659B987DCFF.exe
2013-03-27 01:37 . 2013-03-27 01:37	45056	----a-r-	c:\users\Justin\AppData\Roaming\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\ARPPRODUCTICON.exe
2013-03-27 01:37 . 2013-03-27 01:37	--------	d-----w-	c:\users\Justin\AppData\Roaming\Catalina - Print Savings
2013-03-26 19:47 . 2013-03-26 19:47	--------	d-----w-	C:\_OTM
2013-03-26 00:20 . 2013-03-26 00:21	--------	d-----w-	c:\program files (x86)\ERUNT
2013-03-25 01:51 . 2013-03-25 01:51	121	----a-w-	c:\windows\DeleteOnReboot.bat
2013-03-16 03:51 . 2013-03-27 21:12	--------	d-----w-	c:\users\Justin\FrostWire
2013-03-16 03:50 . 2013-03-27 21:13	--------	d-----w-	c:\users\Justin\.frostwire5
2013-03-16 03:49 . 2013-03-16 03:50	--------	d-----w-	c:\program files (x86)\FrostWire 5
2013-03-15 18:33 . 2013-03-15 18:33	--------	d-----w-	c:\users\Default\AppData\Local\Google
2013-03-02 16:39 . 2013-03-02 16:39	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-03-02 16:39 . 2013-03-02 16:38	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 15:13 . 2012-07-18 18:24	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 15:13 . 2012-07-18 18:24	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-06 10:38 . 2011-06-11 06:58	421200	----a-w-	c:\windows\SysWow64\msvcp100.dll
2013-03-02 16:38 . 2012-07-22 21:47	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-02 16:38 . 2012-07-22 21:47	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-23 22:43 . 2013-01-23 22:43	499712	----a-w-	c:\windows\SysWow64\msvcp71.dll
2013-01-23 22:43 . 2013-01-23 22:43	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2013-01-13 17:25 . 2012-07-23 20:57	67599240	----a-w-	c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-03 39408]
"Spotify Web Helper"="c:\users\Justin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-03-16 1103768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-01-23 295072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-11-02 5174392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-24 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-11-08 307040]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-12-10 127328]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 AVMNgBasM780;AVerMedia M780 Base Driver;c:\windows\system32\DRIVERS\AVerBas.sys [2009-06-11 72448]
S3 AVMNgCapM780;AVerMedia M780 Audio/Video Capture Driver;c:\windows\system32\DRIVERS\AVerCap.sys [2009-06-11 442368]
S3 AVMNgTunM780;AVerMedia M780 TVTuner Driver;c:\windows\system32\DRIVERS\AVerTun.sys [2009-06-11 240768]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech Webcam C260(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 17:11	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 15:13]
.
2013-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-03 15:15]
.
2013-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-03 15:15]
.
2013-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2758387876-317494887-4176309356-1000Core.job
- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 22:11]
.
2013-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2758387876-317494887-4176309356-1000UA.job
- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 22:11]
.
2013-03-28 c:\windows\Tasks\ReclaimerUpdateFiles_Justin.job
- c:\users\Justin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-27 21:19]
.
2013-03-29 c:\windows\Tasks\ReclaimerUpdateXML_Justin.job
- c:\users\Justin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-27 21:19]
.
2013-03-29 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Justin.job
- c:\users\Justin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-27 21:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 21:31	776144	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 21:31	776144	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 21:31	776144	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 21:31	776144	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/|http://pinterest.com/
FF - ExtSQL: !HIDDEN! 2012-07-18 15:43; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-52809589.sys
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\03\01\003\0aë"
.
Completion time: 2013-03-29 10:44:43
ComboFix-quarantined-files.txt 2013-03-29 15:44
ComboFix2.txt 2013-02-03 20:32
ComboFix3.txt 2013-01-17 23:55
.
Pre-Run: 96,052,248,576 bytes free
Post-Run: 95,947,329,536 bytes free
.
- - End Of File - - E28573B0EAF55C7F043945D47358F1C4


----------



## eddie5659 (Mar 19, 2001)

Looks like that worked 

Please go to *here* to run an online scannner from ESET.

 Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to *YES, I accept the Terms of Use.*
Click *Start*
When asked, allow the activex control to install
Click *Start*
Make sure that the option *Remove found threats* is *ticked*, and the option *Scan unwanted applications* is *checked*
Click on *Advanced Settings* and ensure these options are ticked:
*Scan for potentially unwanted applications*
*Scan for potentially unsafe applications*
*Enable Anti-Stealth Technology*

Click *Scan*
Wait for the scan to finish
If any threats were found, click the *'List of found threats' *, then click* Export to text file...*. 
Save it to your desktop, then please copy and paste that log as a reply to this topic.

-------------

Also, how's the computer running now?


----------



## justgreene (Jun 21, 2005)

I greatly appreciate your help with all this. I understand it takes up a lot of your time. However, the IE still seems to be very jumpy and not fluid. I will click and will get no reaction and then a jumpy screen. I think it might also be bad internet as it is slow at times. I don't know.

C:\Program Files (x86)\FrostWire 5\OCSetupHlp.dll	Win32/OpenCandy application	cleaned by deleting - quarantined
C:\Program Files (x86)\Mozilla Firefox\components\sprotector.js	Win32/Conduit.SearchProtect.A application	cleaned by deleting - quarantined
C:\Program Files (x86)\Mozilla Firefox\updated\components\sprotector.js	Win32/Conduit.SearchProtect.A application	cleaned by deleting - quarantined
C:\Users\Justin\Downloads\AdobeFlash_setup.exe	a variant of Win32/InstallCore.AZ application	cleaned by deleting - quarantined
C:\Users\Justin\Downloads\angry-birds-rio.exe	a variant of Win32/InstallCore.AT application	cleaned by deleting - quarantined
C:\Users\Justin\Downloads\avira_free_antivirus_en.exe	a variant of Win32/Bundled.Toolbar.Ask application	deleted - quarantined
C:\Users\Justin\Downloads\cbsidlm-tr1_8-Duplicate_File_Finder-ORG2-10300084.exe	Win32/DownloadAdmin.E application	cleaned by deleting - quarantined
C:\Users\Justin\Downloads\FreemakeVideoConverterSetup.exe	Win32/OpenCandy application	cleaned by deleting - quarantined
C:\Users\Justin\Downloads\setup_487671.exe	a variant of Win32/Bundled.Toolbar.Ask application	deleted - quarantined
C:\Users\Justin\Downloads\WinZip165.exe	a variant of Win32/OpenInstall application	cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03192013_202243\C_Program Files (x86)\SearchProtect\bin\CltMngSvc.exe	Win32/Conduit.SearchProtect.A application	cleaned by deleting - quarantined
H:\Mp3\MemoriesOnTV\24.09 MemoriesOnTV\keygen.exe	a variant of Win32/Keygen.BP application	cleaned by deleting - quarantined


----------



## eddie5659 (Mar 19, 2001)

Can you run this, so we can see what may be causing it. It may show us something extra 

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices
List Users, Partitions and Memory size.
List Minidump Files
Click *Go* and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

eddie


----------



## eddie5659 (Mar 19, 2001)

Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.

Go to Start | Programs | Accessories | System Tools | Disk Cleanup
It should start straight away, but if you have to select a drive, click on the C-drive.
Let it run, and at the end it will give you some boxes to tick. 
All are okay to enable, then press *OK* and then *Yes* to the question after.
It will close after its completed.

-----

Then, after that, do this:

Go to Control Panel and open the *Internet Options*. Click on the *Advanced tab* and do the following:

 Tick Empty Temporary Internet Files When Browser is Closed under Security. 
 Next press the *Apply* button and then the *OK* to exit the Internet Properties page.


----------



## justgreene (Jun 21, 2005)

MiniToolBox by Farbar Version:05-03-2013
Ran by Justin (administrator) on 31-03-2013 at 19:00:15
Running from "C:\Users\Justin\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce 10/100 Mbps Ethernet = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global taskoffload=enabled

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Greenehome
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet 
Physical Address. . . . . . . . . : 00-21-97-6A-C3-D4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a933:78db:6ccc:386%10(Preferred) 
IPv4 Address. . . . . . . . . . . : 192.168.10.101(Preferred) 
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, March 31, 2013 6:03:17 PM
Lease Expires . . . . . . . . . . : Sunday, April 07, 2013 6:03:18 PM
Default Gateway . . . . . . . . . : 192.168.10.1
DHCP Server . . . . . . . . . . . : 192.168.10.1
DHCPv6 IAID . . . . . . . . . . . : 234889623
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-98-BE-78-00-21-97-6A-C3-D4
DNS Servers . . . . . . . . . . . : 192.168.10.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{6BD735A3-23A0-4C7E-96AA-B48844B33697}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:185a:545:3f57:f59a(Preferred) 
Link-local IPv6 Address . . . . . : fe80::185a:545:3f57:f59a%12(Preferred) 
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: TEW-731BR
Address: 192.168.10.1

Name: google.com
Addresses: 2001:4860:400a:800::1004
74.125.225.9
74.125.225.0
74.125.225.1
74.125.225.2
74.125.225.8
74.125.225.6
74.125.225.5
74.125.225.14
74.125.225.3
74.125.225.7
74.125.225.4

Pinging google.com [74.125.225.4] with 32 bytes of data:
Reply from 74.125.225.4: bytes=32 time=72ms TTL=56
Reply from 74.125.225.4: bytes=32 time=67ms TTL=56

Ping statistics for 74.125.225.4:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 67ms, Maximum = 72ms, Average = 69ms
Server: TEW-731BR
Address: 192.168.10.1

Name: yahoo.com
Addresses: 206.190.36.45
98.139.183.24
98.138.253.109

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=737ms TTL=54
Reply from 98.138.253.109: bytes=32 time=786ms TTL=54

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 737ms, Maximum = 786ms, Average = 761ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...00 21 97 6a c3 d4 ......NVIDIA nForce 10/100 Mbps Ethernet 
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.101 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.10.0 255.255.255.0 On-link 192.168.10.101 276
192.168.10.101 255.255.255.255 On-link 192.168.10.101 276
192.168.10.255 255.255.255.255 On-link 192.168.10.101 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.10.101 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.10.101 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:9d38:953c:185a:545:3f57:f59a/128
On-link
10 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::185a:545:3f57:f59a/128
On-link
10 276 fe80::a933:78db:6ccc:386/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/31/2013 06:03:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/31/2013 05:50:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (03/31/2013 01:26:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/31/2013 00:32:49 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/31/2013 00:32:44 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/31/2013 00:32:16 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/30/2013 00:42:54 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/30/2013 00:42:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/30/2013 10:23:14 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/29/2013 06:19:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (03/31/2013 06:03:17 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:59:21 PM on ?3/?31/?2013 was unexpected.

Error: (03/30/2013 01:00:12 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (03/30/2013 01:00:12 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (03/30/2013 01:00:12 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (03/30/2013 01:00:12 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (03/30/2013 01:00:12 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (03/30/2013 01:00:12 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (03/30/2013 01:00:12 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (03/30/2013 01:00:12 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (03/30/2013 00:52:25 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Microsoft Office Sessions:
=========================
Error: (03/31/2013 06:03:25 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

Error: (03/31/2013 05:50:06 PM) (Source: SideBySide)(User: )
Description: C:\Users\Justin\Downloads\couponprinter.exeC:\Users\Justin\Downloads\couponprinter.exe0

Error: (03/31/2013 01:26:13 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

Error: (03/31/2013 00:32:49 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

Error: (03/31/2013 00:32:44 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest

Error: (03/31/2013 00:32:16 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (03/30/2013 00:42:54 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

Error: (03/30/2013 00:42:51 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest

Error: (03/30/2013 10:23:14 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

Error: (03/29/2013 06:19:47 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

CodeIntegrity Errors:
===================================
Date: 2013-03-29 10:41:13.622
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-03-29 10:41:13.497
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-17 17:38:43.195
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\justgreene123\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-17 17:38:43.007
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\justgreene123\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================

µTorrent (Version: 3.2.0)
3DVIA player 5.0.0.20 (Version: 5.0.20)
64 Bit HP CIO Components Installer (Version: 6.2.1)
7-Zip 9.22beta
Adobe AIR (Version: 3.6.0.6090)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Photoshop Elements 8.0 (Version: 8.0)
Adobe Photoshop.com Inspiration Browser (Version: 3.04)
Adobe Reader X (10.1.6) (Version: 10.1.6)
Advertising Center (Version: 0.0.0.1)
AIO_CDB_ProductContext (Version: 130.0.365.000)
AIO_CDB_Software (Version: 130.0.365.000)
AIO_Scan (Version: 130.0.421.000)
Amazon Kindle
Angry Birds (Version: 2.2.0)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
AVG 2012 (Version: 12.0.2641)
AVG 2012 (Version: 12.1.2240)
AVG 2012 (Version: 2012.1.2240)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 130.0.331.000)
CameraHelperMsi (Version: 13.31.1038.0)
Canon Easy-PhotoPrint EX
Canon Easy-PhotoPrint Pro - PRO-1 series Extention Data
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon Pro9000 II series Printer Driver
Canon Pro9000 Mark II series User Registration
Canon Utilities My Printer
Canon Utilities Solution Menu
Catalina Savings Printer (Version: 1.0.0)
CCleaner (Version: 3.24)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
ConvertXtoDVD 4.1.19.365 (Version: 4.1.19.365)
Copy (Version: 130.0.428.000)
Coupon Printer for Windows (Version: 5.0.0.1)
Creative Memories Memory Manager 3 (Version: 3.0)
D3DX10 (Version: 15.4.2368.0902)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.465.000)
DocProc (Version: 13.0.0.0)
DolbyFiles (Version: 2.0)
Duplicate Finder (Version: 4.2.1.0)
DVD Shrink 3.2
erLT (Version: 1.20.138.34)
ERUNT 1.1j
ESET Online Scanner v3
F300 (Version: 130.0.365.000)
F300_Help (Version: 82.0.242.000)
F300Trb (Version: 82.0.242.000)
Fax (Version: 130.0.418.000)
Freemake Video Converter version 3.1.1 (Version: 3.1.1)
FrostWire 5.5.5 (Version: 5.5.5.0)
Google Chrome (Version: 25.0.1364.172)
Google Drive (Version: 1.8.4357.4863)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
GPBaseService2 (Version: 130.0.371.000)
HandBrake 0.9.8 (Version: 0.9.8)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 4.000.011.006)
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
ImagXpress (Version: 7.0.74.0)
iTunes (Version: 11.0.1.12)
Java 7 Update 15 (Version: 7.0.150)
Java Auto Updater (Version: 2.1.9.0)
Junk Mail filter update (Version: 15.4.3502.0922)
LightScribe System Software (Version: 1.18.6.1)
Logitech Vid HD (Version: 7.2 (7259))
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.31.1038.0)
LWS Gallery (Version: 13.31.1038.0)
LWS Help_main (Version: 13.31.1044.0)
LWS Launcher (Version: 13.31.1038.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.31.1038.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.31.1038.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.31.1038.0)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
MarketResearch (Version: 130.0.374.000)
Memory Manager 3 Service Update (Version: 1.00.0000)
Menu Templates - Starter Kit (Version: 9.4.2.0)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office XP Professional (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Movie Templates - Starter Kit (Version: 9.4.2.0)
Mozilla Firefox 18.0.2 (x86 en-US) (Version: 18.0.2)
Mozilla Maintenance Service (Version: 18.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Music Manager
Nero 9
Nero BurnRights (Version: 3.4.10.100)
Nero ControlCenter (Version: 9.0.0.1)
Nero CoverDesigner (Version: 4.4.8.100)
Nero DiscSpeed (Version: 5.4.10.100)
Nero DriveSpeed (Version: 4.4.10.100)
Nero InfoTool (Version: 6.4.10.100)
Nero Installer (Version: 4.4.8.1)
Nero Live (Version: 1.4.40.0)
Nero PhotoSnap (Version: 1.53.2.0)
Nero Recode (Version: 4.4.22.0)
Nero Rescue Agent (Version: 2.4.11.100)
Nero ShowTime (Version: 5.4.13.100)
Nero StartSmart (Version: 9.4.11.100)
Nero Vision (Version: 6.4.9.100)
Nero WaveEditor (Version: 5.4.23.0)
NeroBurningROM (Version: 9.4.13.100)
NeroExpress (Version: 9.4.13.100)
NeroLiveGadget (Version: 1.2.7.100)
neroxml (Version: 1.0.0)
Network64 (Version: 130.0.572.000)
NVIDIA Drivers (Version: 1.6)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
QuickTime (Version: 7.73.80.64)
RealDownloader (Version: 1.3.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
RealUpgrade 1.1 (Version: 1.1.0)
Scan (Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
Shutterfly Express Uploader (Version: 1.1.0)
Shutterfly Express Uploader (Version: 1.1.0.0)
Skype™ 6.0 (Version: 6.0.126)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
SoundTrax (Version: 4.4.23.0)
Spotify (Version: 0.8.8.450.gd9413516)
Status (Version: 130.0.469.000)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
UnloadSupport (Version: 11.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
WebReg (Version: 130.0.132.017)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Zoodles (Version: 3.0.4)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 69%
Total physical RAM: 2942.48 MB
Available physical RAM: 894.29 MB
Total Pagefile: 5883.14 MB
Available Pagefile: 2939.77 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.74 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:221.63 GB) (Free:82.35 GB) NTFS
2 Drive d: (M) (Fixed) (Total:37.24 GB) (Free:37.11 GB) NTFS
3 Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.25 GB) (Free:1.51 GB) NTFS
4 Drive f: (Pics 2000-05) (CDROM) (Total:3.98 GB) (Free:0 GB) UDF
5 Drive g: () (Fixed) (Total:74.52 GB) (Free:14.28 GB) NTFS
6 Drive h: (Elements) (Fixed) (Total:465.64 GB) (Free:107.81 GB) FAT32
7 Drive j: (Seagate Backup Plus Drive) (Fixed) (Total:2794.51 GB) (Free:2573.16 GB) NTFS

========================= Users: ========================================

User accounts for \\GREENEHOME

Administrator ASPNET Guest 
Justin

========================= Minidump Files ==================================

No minidump file found

**** End of log ****


----------



## eddie5659 (Mar 19, 2001)

Okay, I've re-read the entire thread to see if I've missed something, as its still causing problems.

So, one thing I couldn't find, was the log from the Security Check. Can you run and post this:

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

----

Also, are you using your torrent programs when you notice the slowness? I do see you have/had these:

*Azureus
BitTorrent
uTorrent*

And lastly, I see that you have AVG SafeGuard toolbar. This can sometimes be labelled as malware, or exhibit similar behaviour. So, can you see if uninstalling or disabling it helps.

We can uninstall it as well.

Also, can you run a scan here:

Please run a free online scan with the *ESET Online Scanner*

*Vista / Win7 users: *Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select *Run as Administrator*.

*Note: This scan works with Internet Explorer or Mozilla FireFox.*

If using* Mozilla Firefox* you will need to download *esetsmartinstaller_enu.exe* when prompted then double click on it to install.


Click the green ESET Online Scanner box
Tick the box next to *YES, I accept the Terms of Use*
then click on: *Start*
You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
 Make sure that the option *Scan archives *is checked.
 Now click on *Advanced Settings* and select the following:
*Scan for potentially unwanted applications*
* Scan for potentially unsafe applications*
* Enable Anti-Stealth Technology*

 Click on *Start*
 The virus signature database will begin to download. *Be patient* this make take some time depending on the speed of your Internet Connection.
 When completed the *Online Scan* will begin automatically. The scan may take several hours.
 *Do not touch either the Mouse or keyboard* during the scan otherwise it may stall.
 When completed select *Uninstall application on close*, *make sure you copy the logfile first!*
 Then click on: *Finish*
 Use *notepad* to open the logfile located at *C:\Program Files\ESET\EsetOnlineScanner\log.txt.*
 *Copy *and *paste* that log *as a reply* to this topic.


----------



## justgreene (Jun 21, 2005)

I used to use uTorrent but not as much lately because the speed is very slow. I don't use the other torrent stuff. I would like to delete the AVG toolbar. I have it disabled now.

Results of screen317's Security Check version 0.99.57 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 9 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
AVG Anti-Virus Free Edition 2012 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
Malwarebytes Anti-Malware version 1.65.0.1400 
Java 7 Update 15 
*Java version out of Date!* 
Adobe Flash Player 11.6.602.180 
Adobe Reader 10.1.6 *Adobe Reader out of Date!* 
Mozilla Firefox (18.0.2) 
Google Chrome 25.0.1364.172 
Google Chrome 26.0.1410.43 
Google Chrome Plugins... 
*````````Process Check: objlist.exe by Laurent````````* 
AVG avgwdsvc.exe 
AVG avgtray.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 0% 
*````````````````````End of Log``````````````````````*

C:\Program Files (x86)\FrostWire 5\OCSetupHlp.dll	Win32/OpenCandy application	cleaned by deleting - quarantined
C:\Program Files (x86)\Mozilla Firefox\components\sprotector.js	Win32/Conduit.SearchProtect.A application	cleaned by deleting - quarantined
C:\Program Files (x86)\Mozilla Firefox\updated\components\sprotector.js	Win32/Conduit.SearchProtect.A application	cleaned by deleting - quarantined
C:\Users\Justin\Downloads\AdobeFlash_setup.exe	a variant of Win32/InstallCore.AZ application	cleaned by deleting - quarantined
C:\Users\Justin\Downloads\angry-birds-rio.exe	a variant of Win32/InstallCore.AT application	cleaned by deleting - quarantined
C:\Users\Justin\Downloads\avira_free_antivirus_en.exe	a variant of Win32/Bundled.Toolbar.Ask application	deleted - quarantined
C:\Users\Justin\Downloads\cbsidlm-tr1_8-Duplicate_File_Finder-ORG2-10300084.exe	Win32/DownloadAdmin.E application	cleaned by deleting - quarantined
C:\Users\Justin\Downloads\FreemakeVideoConverterSetup.exe	Win32/OpenCandy application	cleaned by deleting - quarantined
C:\Users\Justin\Downloads\setup_487671.exe	a variant of Win32/Bundled.Toolbar.Ask application	deleted - quarantined
C:\Users\Justin\Downloads\WinZip165.exe	a variant of Win32/OpenInstall application	cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03192013_202243\C_Program Files (x86)\SearchProtect\bin\CltMngSvc.exe	Win32/Conduit.SearchProtect.A application	cleaned by deleting - quarantined
H:\Mp3\MemoriesOnTV\24.09 MemoriesOnTV\keygen.exe	a variant of Win32/Keygen.BP application	cleaned by deleting - quarantined


----------



## eddie5659 (Mar 19, 2001)

I see a few things out of date, and although it won't speed things up, its best to have these uptodate:

*Upgrade Java* : (32 bits)

Download the latest version of *Java SE Runtime Environment (JRE) JRE 7 Update 17 *.
Under the JAVA Platform Standard Edition, click the "*Download JRE*" button to the right.
*Accept License Agreement.*".
Click on the link to download Windows Offline Installation 32 bit ( jre-7u17-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with Java Runtime Environment *(JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the * jre-7u9-windows-i586.exe* and select "Run as an Administrator.")
Don't install any of the toolbars that are offered.

After doing the above, for the remains of the Java, can you do this:

Open Java in the Control Panel and under the General tab, under Temporary Internet Files, click the Settings button. Then click on Delete Files.

Make sure both of these options are checked:


Applications and Applets
Trace and Log Files
OK out of all the screens. 

----------

Your Adobe Reader is out of date, so go here for the latest version:

http://get.adobe.com/reader

*Untick* the option to install the McAfee Security Scan Plus, then click on the *Download Now* button.

----------

Now, onto AVG toolbar. Have a look here and try what they suggest:

http://www.avg.com/gb-en/faq.num-5200

Afterwards, reboot then do the following:

Using SystemLook, run the following code and post the log it creates:


```
:filefind
*AVG SafeGuard*
*AVG Security*
*AVG Secure*
:folderfind
*AVG SafeGuard*
*AVG Security*
*AVG Secure*
:regfind
AVG SafeGuard
AVG Security
AVG Secure
```
eddie


----------



## justgreene (Jun 21, 2005)

SystemLook 30.07.11 by jpshortstuff
Log created at 21:11 on 09/04/2013 by Justin
Administrator - Elevation successful

========== filefind ==========

Searching for "*AVG SafeGuard*"
No files found.

Searching for "*AVG Security*"
No files found.

Searching for "*AVG Secure*"
C:\Users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\AVG Secure Search	--a---- 19400 bytes	[02:03 10/04/2013]	[02:03 10/04/2013] 7549BC3A7EA441ABE866A6A5B288B8D7
C:\Users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\13.3.0.17\AVG Secure Search_toolbar.dll	--a---- 1828808 bytes	[02:04 10/04/2013]	[02:04 10/04/2013] F176069C9E31053100DF70887F592986

========== folderfind ==========

Searching for "*AVG SafeGuard*"
No folders found.

Searching for "*AVG Security*"
No folders found.

Searching for "*AVG Secure*"
C:\Users\Justin\AppData\Local\Temp\avg_a04856\CommonFiles\AVG Secure Search	d------	[02:03 10/04/2013]
C:\Users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search	d------	[02:03 10/04/2013]
C:\Users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search	d------	[02:03 10/04/2013]

========== regfind ==========

Searching for "AVG SafeGuard"
No data found.

Searching for "AVG Security"
No data found.

Searching for "AVG Secure"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ROC_roc_ssl_v12]
"command"=""C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12"

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Firstly, delete the CFScript.txt that you created before, and create a new one as follows:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:



> Folder::
> C:\Users\Justin\AppData\Local\Temp\avg_a04856
> Registry::
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ROC_roc_ssl_v12]


Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

eddie


----------



## justgreene (Jun 21, 2005)

ComboFix 13-03-28.01 - Justin 04/15/2013 21:43:53.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.2010 [GMT -5:00]
Running from: c:\users\Justin\Desktop\ComboFix.exe
Command switches used :: c:\users\Justin\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Justin\AppData\Local\BcsKtYcHW.dll
c:\users\Justin\AppData\Local\Temp\avg_a04856
c:\users\Justin\AppData\Local\Temp\avg_a04856\{95B7759C-8C7F-4BF1-B163-73684A933233}
c:\users\Justin\AppData\Local\Temp\avg_a04856\avg-secure-search-installer.exe
c:\users\Justin\AppData\Local\Temp\avg_a04856\CommonFiles\AVG Secure Search\avgdttbx.dll
c:\users\Justin\AppData\Local\Temp\avg_a04856\CommonFiles\AVG Secure Search\avgtpx64.sys
c:\users\Justin\AppData\Local\Temp\avg_a04856\CommonFiles\AVG Secure Search\avgtpx86.sys
c:\users\Justin\AppData\Local\Temp\avg_a04856\CommonFiles\AVG Secure Search\CommonCfg.ini
c:\users\Justin\AppData\Local\Temp\avg_a04856\CommonFiles\AVG Secure Search\DriverInstaller.exe
c:\users\Justin\AppData\Local\Temp\avg_a04856\CommonFiles\AVG Secure Search\DriverInstaller_64.exe
c:\users\Justin\AppData\Local\Temp\avg_a04856\CommonFiles\AVG Secure Search\npsitesafety.dll
c:\users\Justin\AppData\Local\Temp\avg_a04856\CommonFiles\AVG Secure Search\ScriptHelper.exe
c:\users\Justin\AppData\Local\Temp\avg_a04856\CommonFiles\AVG Secure Search\SiteSafety.dll
c:\users\Justin\AppData\Local\Temp\avg_a04856\CommonFiles\AVG Secure Search\ToolBand.tlb
c:\users\Justin\AppData\Local\Temp\avg_a04856\CommonFiles\AVG Secure Search\ToolbarUpdater.exe
c:\users\Justin\AppData\Local\Temp\avg_a04856\CommonFiles\AVG Secure Search\UpdaterConfig.ini
c:\users\Justin\AppData\Local\Temp\avg_a04856\CommonFiles\AVG Secure Search\ViProtocol.dll
c:\users\Justin\AppData\Local\Temp\avg_a04856\ConfigFiles\avguidx.dll
c:\users\Justin\AppData\Local\Temp\avg_a04856\ConfigFiles\installer_cfg.ini
c:\users\Justin\AppData\Local\Temp\avg_a04856\ConfigFiles\MachineIdCreator.exe
c:\users\Justin\AppData\Local\Temp\avg_a04856\Installer.7z
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\ChromeExt\13.3.0.17\avg.crx
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\chrome.manifest
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\chrome\avg.jar
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\components\avg-dnt-policy.js
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\components\toolbarhomeApi.js
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\icon.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\install.rdf
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\locale\en-US\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\locale\en-US\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\avg-dnt-adapter.js
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\avg.xml
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\avgJsm.js
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\Bindings.xml
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\configuration.js
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\configuration_0.css
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\configuration_0.xul
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\HistoryCleaner.js
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\IOJsm.js
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\af\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\af\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\cs\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\cs\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\da\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\da\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\de\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\de\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\el\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\el\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\en\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\en\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\es-es\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\es-es\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\es\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\es\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\fi\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\fi\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\fr\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\fr\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\hi\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\hi\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\hu\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\hu\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\id\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\id\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\it\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\it\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\ja\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\ja\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\ko\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\ko\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\ms\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\ms\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\nb\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\nb\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\nl\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\nl\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\pl\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\pl\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\pt-br\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\pt-br\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\pt\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\pt\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\ro\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\ro\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\ru\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\ru\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\sk\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\sk\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\sr\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\sr\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\sv\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\sv\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\th\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\th\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\tr\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\tr\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\zh-cn\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\zh-cn\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\zh-tw\global.dtd
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\locale\zh-tw\global.properties
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\Preferences.js
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\propertiesJsm.js
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\about.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\active-threats18.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\ajax-loader.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\calc.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\CleanHistory.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\close.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\current.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\currently-safe18.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\dnt.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\Facebook.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\feedback.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\feedicon.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\help.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\icon_search.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\icon18.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\information-24.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\labs.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\loader.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\note.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\questionmarkIcon.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\search.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\speed-test.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\surf-with-caution18.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\uninstall.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\updating18.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\weather.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\window-close.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\AVG Secure Search\FireFoxExt\13.3.0.17\modules\skin\windows.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgData\FireFoxSearchXml.tmp
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\13.3.0.17\AVG Secure Search_toolbar.dll
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\about.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\active-threats18.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\AVG Secure Search
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\calc.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\Chrome\content\icons\bg_close.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\Chrome\content\icons\bg_expand.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\Chrome\content\icons\bg_tooltip.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\Chrome\content\icons\bg_tracking.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\Chrome\content\icons\bull4x4.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\Chrome\content\icons\divider.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\Chrome\content\icons\innerBG_gradient.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\CleanHistory.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\configuration.xml
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\current.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\currently-safe18.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\Eula.txt
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\Facebook.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\favicon.ico
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\feedback.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\GenericWndApi.dll
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\help.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\icon18.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\labs.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\Licenses\Encoding_decoding_base64.txt
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\Licenses\hmac.txt
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\Licenses\LICENSE-bsdiff.txt
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\Licenses\LICENSE-bzip.txt
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\Licenses\LICENSE-JasonCpp.txt
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\Licenses\LICENSE-MPL-NPAPI.txt
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\Licenses\LICENSE-sparsehash.txt
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\Licenses\PassthruApp.txt
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\lip.exe
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\note.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\PostInstall.exe
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\PostInstaller.ini
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\remote_configuration.xml
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\search.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\setup.bmp
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\speed-test.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\surf-with-caution18.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\Uninstall.exe
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\uninstall.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\cp-bg.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\cp_logo.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\downBtn.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\loader.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\uninstall-bg.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\upBtn.png
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\UninstallRes\ClientPackage\jquery-1.5.1.min.js
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\UninstallRes\ClientPackage\JQueyExtensions.js
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\UninstallRes\ClientPackage\uninstall_cp.css
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\UninstallRes\ClientPackage\Uninstall_cp.html
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\updating18.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\vprot.exe
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\weather.gif
c:\users\Justin\AppData\Local\Temp\avg_a04856\ProgFiles\AVG Secure Search\windows.gif
.
.
((((((((((((((((((((((((( Files Created from 2013-03-16 to 2013-04-16 )))))))))))))))))))))))))))))))
.
.
2013-04-16 02:51 . 2013-04-16 02:51	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-04-16 02:51 . 2013-04-16 02:51	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-15 01:53 . 2013-04-15 01:53	--------	d-----w-	c:\windows\SysWow64\Adobe
2013-04-10 01:57 . 2013-04-10 01:56	310688	----a-w-	c:\windows\system32\javaws.exe
2013-04-10 01:57 . 2013-04-10 01:57	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-04-10 01:57 . 2013-04-10 01:56	188832	----a-w-	c:\windows\system32\javaw.exe
2013-04-10 01:57 . 2013-04-10 01:56	188320	----a-w-	c:\windows\system32\java.exe
2013-04-10 01:56 . 2013-04-10 01:56	--------	d-----w-	c:\program files\Java
2013-04-03 02:03 . 2013-04-03 02:03	--------	d-----w-	c:\users\Justin\AppData\Local\Wondershare
2013-04-03 02:03 . 2013-04-03 02:03	--------	d-----w-	c:\program files (x86)\Common Files\Wondershare
2013-04-03 02:02 . 2013-04-03 02:04	--------	d-----w-	c:\users\Justin\AppData\Roaming\Wondershare
2013-04-03 02:01 . 2013-01-08 16:36	29288	----a-w-	c:\windows\system32\drivers\WsAudioDevice_383S(1).sys
2013-04-03 02:01 . 2013-04-03 02:01	--------	d-----w-	c:\program files (x86)\Wondershare
2013-04-02 16:30 . 2013-04-02 16:30	--------	d-----w-	c:\users\Justin\AppData\Roaming\RealNetworks
2013-04-02 16:25 . 2013-04-02 16:25	--------	d-----w-	c:\program files (x86)\RealNetworks
2013-04-02 16:25 . 2013-04-02 16:25	--------	d-----w-	c:\programdata\RealNetworks
2013-04-02 16:25 . 2013-04-02 16:25	--------	d-----w-	c:\program files (x86)\Common Files\xing shared
2013-03-28 23:08 . 2013-03-28 23:08	--------	d-----w-	C:\zero dark thirty
2013-03-28 23:00 . 2013-03-28 23:00	--------	d-----w-	C:\Django Unchained
2013-03-27 01:37 . 2013-03-27 01:37	45056	----a-r-	c:\users\Justin\AppData\Roaming\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\UNINST_Uninstall_C_EBD1846850A64C858760A659B987DCFF.exe
2013-03-27 01:37 . 2013-03-27 01:37	45056	----a-r-	c:\users\Justin\AppData\Roaming\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\ARPPRODUCTICON.exe
2013-03-27 01:37 . 2013-03-27 01:37	--------	d-----w-	c:\users\Justin\AppData\Roaming\Catalina - Print Savings
2013-03-26 19:47 . 2013-03-26 19:47	--------	d-----w-	C:\_OTM
2013-03-26 00:20 . 2013-03-26 00:21	--------	d-----w-	c:\program files (x86)\ERUNT
2013-03-25 01:51 . 2013-03-25 01:51	121	----a-w-	c:\windows\DeleteOnReboot.bat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 01:56 . 2012-09-02 18:25	963488	----a-w-	c:\windows\system32\deployJava1.dll
2013-04-10 01:56 . 2012-09-02 18:25	1085344	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-04-02 16:24 . 2013-01-23 22:43	499712	----a-w-	c:\windows\SysWow64\msvcp71.dll
2013-04-02 16:24 . 2013-01-23 22:43	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2013-03-13 15:13 . 2012-07-18 18:24	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 15:13 . 2012-07-18 18:24	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-02 16:38 . 2012-07-22 21:47	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-02 16:38 . 2012-07-22 21:47	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-03 39408]
"Spotify Web Helper"="c:\users\Justin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-04-13 1104280]
"MusicManager"="c:\users\Justin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-03-18 7366656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-04-02 295512]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-11-02 5174392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-24 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-11-08 307040]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-12-10 127328]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 AVMNgBasM780;AVerMedia M780 Base Driver;c:\windows\system32\DRIVERS\AVerBas.sys [2009-06-11 72448]
S3 AVMNgCapM780;AVerMedia M780 Audio/Video Capture Driver;c:\windows\system32\DRIVERS\AVerCap.sys [2009-06-11 442368]
S3 AVMNgTunM780;AVerMedia M780 TVTuner Driver;c:\windows\system32\DRIVERS\AVerTun.sys [2009-06-11 240768]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech Webcam C260(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys [2013-01-08 29288]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 17:11	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 15:13]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-03 15:15]
.
2013-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-03 15:15]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2758387876-317494887-4176309356-1000Core.job
- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 22:11]
.
2013-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2758387876-317494887-4176309356-1000UA.job
- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 22:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 21:31	776144	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 21:31	776144	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 21:31	776144	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 21:31	776144	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/|http://pinterest.com/
FF - ExtSQL: 2013-04-02 11:25; {DAC3F861-B30D-40dd-9166-F4E75327FAC7}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: !HIDDEN! 2012-07-18 15:43; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\03\01\003\0aë"
.
Completion time: 2013-04-15 21:54:20
ComboFix-quarantined-files.txt 2013-04-16 02:54
ComboFix2.txt 2013-03-29 15:44
ComboFix3.txt 2013-02-03 20:32
ComboFix4.txt 2013-01-17 23:55
.
Pre-Run: 99,017,072,640 bytes free
Post-Run: 99,025,997,824 bytes free
.
- - End Of File - - 1F7F333B4AF413D5D8671A1A451CDDE1


----------



## eddie5659 (Mar 19, 2001)

Looks like it went well, is it any faster now?

If not, lets see if its an AddOn that could be causing the slowness. So, firstly we'll disable them:

Click on Start > All Programs > Accessories > System Tools > Internet Explorer (No Add-ons)

This will start IE with no add-ons.

Is it smoother without any running?

eddie


----------



## justgreene (Jun 21, 2005)

It runs a bit better with no add-ons. I will keep watching it. However, I am starting to notice it is making a loud whirring sound as if the fan is accelerating or something is ready to take off. It's a fast vroom sound. It is happening more often now.


----------



## eddie5659 (Mar 19, 2001)

Interesting, let me know how it goes with regards to the Addons. If its okay, can you run this tool for me:

This is a different tool to OTL. Very similar name, but called OTS 

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
At the top put a check mark in the box beside "Scan All Users".
Under the *Additional Scans *section put a check in the box next to *Approved Shell Extensions* and *Ext*.
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.

*Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way*

*IF OTS SAYS 'NOT RESPONDING' DON'T USE THE MOUSE. IT WILL CARRY ON SCANNING AFTER A FEW MINUTES*

-------

With regards to the loud sound, it may be the fans that are getting full of fluff etc. Is it a desktop computer or a laptop?

eddie


----------



## justgreene (Jun 21, 2005)

It is a desktop. I can't download OTS. Says it's infected with Trojan Horse.


----------



## eddie5659 (Mar 19, 2001)

Sometimes antivirus programs see the tools we use as suspect, as they contain programming to remove things. Are you still using AVG? If so, I'll get in touch with them to explain about the false positive 

If you disable AVG, download OTS and run the scan, that would be okay. We won't remove anything with it, just run a scan. Then, when its done, re-enable AVG


----------



## justgreene (Jun 21, 2005)

The file is attached


----------



## eddie5659 (Mar 19, 2001)

Thanks 

Okay, we will remove some things with OTS, so you may need to close AVG down just for the fix.

You have a few entries that don't have files etc, plus some other bits that may cause the slowness.

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says *"Paste fix here"* and then click the *Run Fix* button.


```
[Unregister Dlls]
[Processes - Safe List]
YY -> updater.exe -> C:\Program Files (x86)\Ask.com\Updater\Updater.exe
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\] > -> 
YN -> HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\: Main\\"Start Page Redirect Cache AcceptLangs" -> 
YN -> HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 
YY -> HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\: URLSearchHooks\\"{00000000-6E41-4FD3-8538-502F5495E5FC}" [HKLM] -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [UrlSearchHook Class]
< FireFox Settings [Prefs.js] > -> C:\Users\Justin\AppData\Roaming\Mozilla\FireFox\Profiles\sv5ouond.default\prefs.js
YN -> browser.search.order.1 -> "Ask.com"
YN -> browser.search.selectedEngine -> "Ask.com"
YN -> browser.search.defaultengine -> "Ask.com"
YN -> browser.search.defaultenginename -> "Ask.com"
< FireFox Extensions [User Folders] > -> 
YY -> ~EmptyValue -> C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\extensions\[email protected]
< FireFox SearchPlugins [User Folders] > -> 
YY ->  askcom.xml -> C:\Users\Justin\AppData\Roaming\Mozilla\FireFox\Profiles\sv5ouond.default\searchplugins\askcom.xml
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {D4027C7F-154A-4066-A1AD-4243D8127440} [HKLM] -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [Ask Toolbar]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> "{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [Ask Toolbar]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "" -> []
YY -> "ApnUpdater" -> C:\Program Files (x86)\Ask.com\Updater\Updater.exe ["C:\Program Files (x86)\Ask.com\Updater\Updater.exe"]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [Reg Error: Key error.]
[Registry - Additional Scans - Safe List]
< 64bit-Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
YN -> "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" [HKLM] -> Reg Error: Key error. [Shell Extension for Malware scanning]
YN -> "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" [HKLM] -> Reg Error: Key error. [AVG Find Extension]
YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck]
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
YN -> "{0563DB41-F538-4B37-A92D-4659049B7766}" [HKLM] -> Reg Error: Key error. [WLMD Message Handler]
YN -> "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" [HKLM] -> Reg Error: Key error. [AVG Find Extension]
YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck]
< 64bit-Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
YN -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {88d969c1-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {88d969c2-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {88d969c3-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {88d969c4-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {88d969c5-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
YY -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll [Reg Error: Value error.]
< Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\
YN -> {7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YY -> {D4027C7F-154A-4066-A1AD-4243D8127440} [HKLM] -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [Ask Toolbar]
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\
YN -> {00000000-0000-0000-0000-000000000000} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.]
YN -> {219C3416-8CB2-491A-A3C7-D9FCDDC9D600} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YY -> 64bit-{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files\Java\jre7\bin\jp2iexp.dll [Reg Error: Value error.]
YY -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll [Reg Error: Value error.]
YN -> {ad848a76-f236-5ee2-819b-2bde7ed40ae7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {CD67F990-D8E9-11D2-98FE-00C0F0318AFE} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YY -> {D4027C7F-154A-4066-A1AD-4243D8127440} [HKLM] -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [Ask Toolbar]
[Files/Folders - Created Within 30 Days]
NY ->  Ask.com -> C:\Program Files (x86)\Ask.com
NY ->  Ask -> C:\ProgramData\Ask
[Files/Folders - Modified Within 30 Days]
NY ->  2 C:\Users\Justin\AppData\Local\Temp\*.tmp files -> C:\Users\Justin\AppData\Local\Temp\*.tmp
```
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the *Ok* button and Notepad will open with a log of actions taken during the fix. Post that information back here


----------



## justgreene (Jun 21, 2005)

[Processes - Safe List]
Process updater.exe killed successfully!
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
[Registry - Safe List]
Registry value HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2758387876-317494887-4176309356-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\extensions\[email protected]\searchplugins folder moved successfully.
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\extensions\[email protected]\chrome\skin folder moved successfully.
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\sv5ouond.default\extensions\[email protected] folder moved successfully.
C:\Users\Justin\AppData\Roaming\Mozilla\FireFox\Profiles\sv5ouond.default\searchplugins\askcom.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
File C:\Program Files (x86)\Ask.com\Updater\Updater.exe not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\Contains\Files\ not found.
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
[Registry - Additional Scans - Safe List]
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{45AC2688-0253-4ED8-97DE-B5370FA7D48A} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45AC2688-0253-4ED8-97DE-B5370FA7D48A}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{0563DB41-F538-4B37-A92D-4659049B7766} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0563DB41-F538-4B37-A92D-4659049B7766}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{233C1507-6A77-46A4-9443-F871F945D258}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4063BE15-3B08-470D-A0D5-B37161CFFD69}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4063BE15-3B08-470D-A0D5-B37161CFFD69}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{88d969c1-f192-11d4-a65f-0040963251e5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{88d969c2-f192-11d4-a65f-0040963251e5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{88d969c3-f192-11d4-a65f-0040963251e5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{88d969c4-f192-11d4-a65f-0040963251e5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{88d969c5-f192-11d4-a65f-0040963251e5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CA8A9780-280D-11CF-A24D-444553540000}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA8A9780-280D-11CF-A24D-444553540000}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
64bit-Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
LoadLibrary failed for C:\Program Files\Java\jre7\bin\jp2iexp.dll
C:\Program Files\Java\jre7\bin\jp2iexp.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
File C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ad848a76-f236-5ee2-819b-2bde7ed40ae7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad848a76-f236-5ee2-819b-2bde7ed40ae7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{ad848a76-f236-5ee2-819b-2bde7ed40ae7}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
[Files/Folders - Created Within 30 Days]
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
C:\ProgramData\Ask\APN-Stub folder moved successfully.
C:\ProgramData\Ask folder moved successfully.
[Files/Folders - Modified Within 30 Days]
< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 04212013_120830


----------



## justgreene (Jun 21, 2005)

My wife did something and got the ask.com toolbar again. Uggh!


----------



## eddie5659 (Mar 19, 2001)

Not a problem 

Do you know what she did to get it again?

Just post another fresh OTS log again, but the fix this time will be smaller, as a lot of dead entries have gone 

http://forums.techguy.org/8672751-post83.html

No need to redownload it, just use the one you already have


----------



## justgreene (Jun 21, 2005)

Here is my OTS log.


----------



## eddie5659 (Mar 19, 2001)

No signs of the Ask.Com toolbar there 

Still, lets just remove these as well:

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says *"Paste fix here"* and then click the *Run Fix* button.


```
[Unregister Dlls]
[Registry - Additional Scans - Safe List]
< 64bit-Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
YN -> {88d969c0-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\
YN -> {00000000-0000-0000-0000-000000000000} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {219C3416-8CB2-491A-A3C7-D9FCDDC9D600} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {CD67F990-D8E9-11D2-98FE-00C0F0318AFE} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Modified Within 30 Days]
NY ->  2 C:\Users\Justin\AppData\Local\Temp\*.tmp files -> C:\Users\Justin\AppData\Local\Temp\*.tmp
```
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the *Ok* button and Notepad will open with a log of actions taken during the fix. Post that information back here


----------



## justgreene (Jun 21, 2005)

[Registry - Additional Scans - Safe List]
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{88d969c0-f192-11d4-a65f-0040963251e5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ not found.
[Files/Folders - Modified Within 30 Days]
C:\Users\Justin\AppData\Local\Temp\RD281A.tmp deleted successfully.
C:\Users\Justin\AppData\Local\Temp\tmpB664.tmp deleted successfully.
< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 04282013_150512


----------



## eddie5659 (Mar 19, 2001)

Looks good, hows the computer running now?


----------



## justgreene (Jun 21, 2005)

Sorry it took so long to respond. Life...
Anyway, I sit here and type this as the machine sounds like it's going to take off. It's a loud vroom going off every few seconds. We have also had a few times now when we turn the computer on and the screen is just a pixelated mess. Any idea what these 2 things mean? As far as IE, it's better but still can be non-responding but not as much as before.


----------



## eddie5659 (Mar 19, 2001)

My turn to say sorry, been a bit busy with some family stuff I had to do 

As this is a desktop, it sounds like your fans may be full of fluff. This can cause them to work overtime, and may be heating up. Do you have a can of compressed air? If not, have a look on Amazon or your local pc shop for something like this:

http://www.amazon.co.uk/Star-Duster...1991&sr=1-2&keywords=compressed+air+canisters

Then, turn off the computer, unplug it from the mains, and give it time to cool down. Now, depending on the desktop (is it a brand pc like Dell, etc or just a home built one? ) open up the side to reveal the motherboard and fans etc.

All computers are different, mine for example has 8 fans on the case, as its a gaming computer. However, most home pc's just have 1 or 2 fans.

Once you open up, and make sure you're not wearing wooly jumpers that can have static, just hold the case side, look for the dust. Here are some piccy's I've grabbed off Google:

http://smallbiztechnology.com/wp-content/uploads/2012/06/dirty_computer.jpg

http://images.thetechstuff.com/posts/2012/05/fan-dust-cpu-overheating-2018.jpeg

etc, and just blow the dust away using the canister. You'll have to hoover the floor after you're done, as it will be very dusty. Don't use the hoover on the pc 

I've put some links below with some pictures on how to clean, but I tend not to use a brush but its up to you:

http://www.wikihow.com/Clean-the-Inside-of-a-Computer

Ah, this is a good clip, though I don't normally use a rag on mine:






Any questions, please ask


----------

