# Strange HiJackthis entry, AVG Uninstall, & occasional slow start-up



## rcoops72 (Jun 11, 2011)

Working with CookieGal.

Running a 64 Bit System so no GMER log.
Strange 01 entry in the HiJackThis Log.

Here you go. I would like to uninstall AVG last 

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:09:58 PM, on 8/15/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\HsMgr.exe
D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Common Files\aol\1253675026\ee\aolsoftware.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Users\Coop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Coop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Coop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Coop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Coop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Coop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Coop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Coop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Coop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Coop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Coop\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ÿþ1
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1253675026\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Coop\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'Default user')
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/select/asusTek_sys_ctrl3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://vpn.ascensus.com/CACHE/stc/1/binaries/vpnweb.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - D:\Program Files (x86)\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14674 bytes

DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by Coop at 20:13:20 on 2012-08-15
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.4094.1882 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Common Files\aol\1253675026\ee\aolsoftware.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Coop\AppData\Local\Apps\2.0\MLCN6APY.P2O\75YMOLR1.729\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b1384d1fffca2c\CurseClient.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Users\Coop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Coop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Coop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Coop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Coop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Coop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Coop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Coop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Coop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Coop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 : {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Coop\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1253675026\ee\AOLSoftware.exe"
mRun: [CTXFIREG] CTxfiReg.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>] 
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [CtxfiReg] CTXFIREG.exe /FAIL1
StartupFolder: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Coop\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.ascensus.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
TCP: Interfaces\{DF18AE1E-3EA5-4EC6-A01E-508FBAF6A315} : DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: DivX Plus Web Player HTML5 : {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1253675026\ee\AOLSoftware.exe"
mRun-x64: [CTXFIREG] CTxfiReg.exe
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)] 
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
Hosts: 127.0.0.1	www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Coop\AppData\Roaming\Mozilla\Firefox\Profiles\sy8v5ryx.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Users\Coop\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Coop\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Users\Coop\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\System32\nlssrv32.exe [2009-6-7 61440]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-6-17 434864]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdLH6.sys --> C:\Windows\system32\drivers\AtihdLH6.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 cmudaxp;ASUS Xonar DS Audio Interface;C:\Windows\system32\drivers\cmudaxp.sys --> C:\Windows\system32\drivers\cmudaxp.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 250056]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;D:\Program Files (x86)\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-8 113120]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-6-7 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-08-15 23:58:54	2769408	----a-w-	C:\Windows\System32\win32k.sys
2012-08-15 22:43:46	788480	----a-w-	C:\Windows\System32\localspl.dll
2012-08-15 22:43:46	623616	----a-w-	C:\Windows\SysWow64\localspl.dll
2012-08-09 04:00:01	--------	d-----w-	C:\Users\Coop\AppData\Local\Macromedia
2012-08-09 03:59:11	770384	----a-w-	C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-08-09 03:59:11	421200	----a-w-	C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-08-09 03:58:00	--------	d-----w-	C:\Program Files (x86)\Mozilla Maintenance Service
2012-08-09 03:57:52	68576	----a-w-	C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-08-09 03:57:52	573920	----a-w-	C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-08-09 03:57:52	2106216	----a-w-	C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-08-09 03:57:52	1998168	----a-w-	C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-08-09 03:57:52	157608	----a-w-	C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-08-09 03:57:52	113120	----a-w-	C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-07-30 21:52:13	103904	----a-w-	C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-07-30 21:52:13	103904	----a-w-	C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-08-15 00:23:15	70344	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 00:23:15	426184	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-28 03:28:35	2312704	----a-w-	C:\Windows\System32\jscript9.dll
2012-06-28 03:21:17	1392128	----a-w-	C:\Windows\System32\wininet.dll
2012-06-28 03:20:41	1494528	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-06-28 03:16:25	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2012-06-28 03:12:35	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-06-28 00:27:12	1800704	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-06-28 00:19:52	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-06-28 00:18:16	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-06-28 00:12:08	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2012-06-28 00:07:44	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-06-14 22:58:58	476936	----a-w-	C:\Windows\SysWow64\npdeployJava1.dll
2012-06-14 22:58:58	472840	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2012-06-07 00:59:42	1070152	----a-w-	C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-07 00:57:16	122904	----a-w-	C:\Windows\System32\OpenAL32.dll
2012-06-07 00:57:16	109080	----a-w-	C:\Windows\SysWow64\OpenAL32.dll
2012-06-05 16:47:28	1401856	----a-w-	C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27	1248768	----a-w-	C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47	1797120	----a-w-	C:\Windows\System32\msxml6.dll
2012-06-05 16:22:46	1869824	----a-w-	C:\Windows\System32\msxml3.dll
2012-06-04 15:29:59	516480	----a-w-	C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 22:15:31	2622464	----a-w-	C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08	99840	----a-w-	C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13	88576	----a-w-	C:\Windows\SysWow64\wudriver.dll
2012-06-02 19:19:42	186752	----a-w-	C:\Windows\System32\wuwebv.dll
2012-06-02 19:19:42	171904	----a-w-	C:\Windows\SysWow64\wuwebv.dll
2012-06-02 19:15:12	36864	----a-w-	C:\Windows\System32\wuapp.exe
2012-06-02 19:12:20	33792	----a-w-	C:\Windows\SysWow64\wuapp.exe
2012-06-02 00:22:56	347136	----a-w-	C:\Windows\System32\schannel.dll
2012-06-02 00:22:10	254464	----a-w-	C:\Windows\System32\ncrypt.dll
2012-06-02 00:05:11	77312	----a-w-	C:\Windows\SysWow64\secur32.dll
2012-06-02 00:04:25	278528	----a-w-	C:\Windows\SysWow64\schannel.dll
2012-06-02 00:03:42	204288	----a-w-	C:\Windows\SysWow64\ncrypt.dll
.
============= FINISH: 20:14:00.81 ===============


----------



## Cookiegal (Aug 27, 2003)

Download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Under Custom Scans/Fixes type in *Netsvcs*
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## rcoops72 (Jun 11, 2011)

Here you go and it does not look pretty lol

OTL.txt LOG

OTL logfile created on: 8/15/2012 10:53:47 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Coop\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 56.88% Memory free
8.19 Gb Paging File | 5.91 Gb Available in Paging File | 72.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 0.99 Gb Free Space | 1.01% Space Free | Partition Type: NTFS
Drive D: | 405.27 Gb Total Space | 110.50 Gb Free Space | 27.27% Space Free | Partition Type: NTFS
Drive E: | 428.58 Gb Total Space | 81.99 Gb Free Space | 19.13% Space Free | Partition Type: NTFS

Computer Name: COOP-PC | User Name: Coop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/15 22:52:45 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Coop\Desktop\OTL.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/20 00:32:17 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\aol\1253675026\ee\aolsoftware.exe
PRC - [2009/07/10 13:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009/06/17 16:17:05 | 000,434,864 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/06/07 08:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2008/07/11 03:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
PRC - [2008/05/14 18:42:56 | 005,958,656 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/10 20:16:27 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/30 22:25:39 | 000,688,128 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2010/05/30 22:25:39 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2010/05/30 22:25:38 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2010/05/30 22:25:37 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2010/05/30 22:25:37 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2010/05/30 22:25:37 | 000,528,384 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2010/05/30 22:25:37 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2010/05/30 22:25:36 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2010/05/30 22:25:36 | 001,400,832 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2010/05/30 22:25:36 | 000,872,448 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2010/05/30 22:25:36 | 000,462,848 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2010/05/30 22:25:33 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2010/05/30 22:25:32 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2010/05/30 22:25:32 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2010/05/30 22:25:30 | 000,128,512 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2010/05/30 22:25:30 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2010/05/30 22:25:29 | 000,466,944 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2010/05/30 22:25:29 | 000,404,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2010/05/30 22:25:29 | 000,354,816 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2010/05/30 22:25:29 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2010/05/30 22:25:29 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2010/05/30 22:25:28 | 001,564,672 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2010/05/30 22:25:28 | 001,297,408 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2010/05/30 22:25:28 | 000,679,936 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2010/05/30 22:25:28 | 000,339,968 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2010/05/30 22:25:28 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2010/05/30 22:25:28 | 000,261,120 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2010/05/30 22:25:28 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2010/05/30 22:25:28 | 000,171,008 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2010/05/30 22:25:28 | 000,117,760 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2010/05/30 22:25:28 | 000,097,280 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2010/05/30 22:25:28 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2010/05/30 22:25:27 | 000,757,760 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2010/05/30 22:25:27 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2008/07/11 03:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
MOD - [2008/05/14 18:42:56 | 005,958,656 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
MOD - [2008/04/15 10:07:34 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\AsSpindownTimeout.dll
MOD - [2006/01/10 04:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2005/05/11 16:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\pngio.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2011/05/24 23:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:*64bit:* - [2009/09/12 01:40:22 | 002,287,360 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV:*64bit:* - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/14 20:23:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/08 23:59:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/21 13:50:02 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2010/05/28 03:14:56 | 001,044,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/20 00:32:17 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/15 16:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Program Files (x86)\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/17 16:17:05 | 000,434,864 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/06/07 08:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:*64bit:* - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:*64bit:* - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:*64bit:* - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:*64bit:* - [2011/09/21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:*64bit:* - [2011/06/22 16:56:36 | 000,513,080 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:*64bit:* - [2011/06/22 16:53:27 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:*64bit:* - [2011/05/25 00:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:*64bit:* - [2011/05/24 22:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:*64bit:* - [2011/03/30 14:46:30 | 000,111,632 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:*64bit:* - [2010/04/07 15:08:43 | 001,261,568 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:*64bit:* - [2010/03/12 22:56:56 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:*64bit:* - [2009/10/04 02:24:35 | 000,312,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:*64bit:* - [2009/10/04 02:24:34 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:*64bit:* - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:*64bit:* - [2009/08/09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:*64bit:* - [2009/08/05 06:18:34 | 000,057,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E)
DRV:*64bit:* - [2009/06/17 16:02:03 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vpnva64.sys -- (vpnva)
DRV:*64bit:* - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2009/04/11 01:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:*64bit:* - [2009/04/09 17:35:08 | 001,561,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:*64bit:* - [2009/04/09 17:34:54 | 000,118,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:*64bit:* - [2009/04/09 17:34:44 | 000,213,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:*64bit:* - [2009/04/09 17:34:32 | 000,015,896 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:*64bit:* - [2009/04/09 17:34:24 | 000,179,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:*64bit:* - [2009/04/09 17:34:14 | 000,684,312 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:*64bit:* - [2009/04/09 17:34:02 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:*64bit:* - [2009/04/09 17:33:52 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV:*64bit:* - [2009/04/09 17:33:52 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX)
DRV:*64bit:* - [2009/04/09 17:33:36 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV:*64bit:* - [2009/04/09 17:33:36 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT)
DRV:*64bit:* - [2009/04/09 17:33:26 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV:*64bit:* - [2009/04/09 17:33:26 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT)
DRV:*64bit:* - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mcdbus.sys -- (mcdbus)
DRV:*64bit:* - [2008/05/08 02:21:54 | 000,090,512 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:*64bit:* - [2006/11/29 18:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wanatw64.sys -- (wanatw)
DRV:*64bit:* - [2006/11/01 19:23:00 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{DCF78BD1-FC5F-45E6-AAE6-84F1F5C1C24A}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Coop\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Coop\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Coop\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/16 21:58:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/24 20:05:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 20:13:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/27 18:06:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/08 23:59:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/15 19:57:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Coop\AppData\Roaming\Move Networks [2010/03/28 15:52:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/24 20:05:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/08 23:59:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/15 19:57:08 | 000,000,000 | ---D | M]

[2010/01/23 13:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coop\AppData\Roaming\Mozilla\Extensions
[2012/08/08 23:58:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coop\AppData\Roaming\Mozilla\Firefox\Profiles\sy8v5ryx.default\extensions
[2011/05/28 12:44:18 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Users\Coop\AppData\Roaming\Mozilla\Firefox\Profiles\sy8v5ryx.default\extensions\[email protected]
[2011/06/22 16:53:21 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Coop\AppData\Roaming\Mozilla\Firefox\Profiles\sy8v5ryx.default\extensions\[email protected]
[2011/06/22 16:53:12 | 000,002,055 | ---- | M] () -- C:\Users\Coop\AppData\Roaming\Mozilla\Firefox\Profiles\sy8v5ryx.default\searchplugins\daemon-search.xml
[2012/08/09 22:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/09 22:52:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/14 18:59:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/08/08 23:59:11 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2008/11/06 07:42:54 | 000,002,275 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\aolsearch.xml
[2012/08/08 23:57:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/08 23:57:51 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Coop\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Coop\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Coop\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Coop\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Coop\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
CHR - Extension: Skype Click to Call = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
CHR - Extension: AVG Do Not Track = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/01 21:14:55 | 000,443,062 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts:
O2:*64bit:* - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:*64bit:* - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4:*64bit:* - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:*64bit:* - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:*64bit:* - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4:*64bit:* - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4:*64bit:* - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTXFIREG] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1253675026\ee\AOLSoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9:*64bit:* - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:*64bit:* - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:*64bit:* - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:*64bit:* - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.ascensus.com/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Reg Error: Key error.)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF18AE1E-3EA5-4EC6-A01E-508FBAF6A315}: DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
O18:*64bit:* - Protocol\Handler\belarc - No CLSID value found
O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Coop\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Coop\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4bb2626e-a320-11de-b19f-0022152076cf}\Shell\AutoRun\command - "" = Connect.exe
O33 - MountPoints2\{5c40a69b-a7db-11dd-87fb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5c40a69b-a7db-11dd-87fb-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/15 22:52:44 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Coop\Desktop\OTL.exe
[2012/08/15 20:10:52 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Coop\Desktop\dds.com
[2012/08/15 20:00:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 20:00:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/15 20:00:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 20:00:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 20:00:10 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/15 20:00:10 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/15 20:00:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/15 20:00:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 20:00:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 20:00:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/15 20:00:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/15 20:00:09 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 20:00:08 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 18:43:46 | 000,788,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/15 18:43:46 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2012/08/15 18:43:44 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/09 00:00:01 | 000,000,000 | ---D | C] -- C:\Users\Coop\AppData\Local\Macromedia
[2012/08/08 23:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/08/08 23:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/08/01 20:40:23 | 000,000,000 | ---D | C] -- C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2010/03/12 22:56:56 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Coop\AppData\Roaming\pcouffin.sys
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/15 22:52:45 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Coop\Desktop\OTL.exe
[2012/08/15 22:30:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2800502796-835880612-2508068223-1000UA.job
[2012/08/15 22:22:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/15 22:04:32 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 22:04:32 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 20:31:49 | 000,000,709 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/08/15 20:10:58 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/15 20:10:58 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/15 20:10:58 | 000,104,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/15 20:10:53 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Coop\Desktop\dds.com
[2012/08/15 20:04:34 | 000,265,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/15 20:04:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/15 20:03:39 | 001,897,504 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012/08/15 19:57:08 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/15 18:37:27 | 103,922,008 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/14 20:23:15 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/14 20:23:15 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/14 19:31:21 | 000,002,037 | ---- | M] () -- C:\Users\Coop\Desktop\Google Chrome.lnk
[2012/08/14 19:31:21 | 000,001,999 | ---- | M] () -- C:\Users\Coop\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/13 18:35:11 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/12 13:03:27 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/08/12 13:03:27 | 000,001,417 | ---- | M] () -- C:\Users\Coop\Desktop\DivX Movies.lnk
[2012/08/12 13:03:19 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/08/04 12:30:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2800502796-835880612-2508068223-1000Core.job
[2012/08/01 21:14:55 | 000,443,062 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/01 20:40:23 | 000,000,318 | ---- | M] () -- C:\Users\Coop\Desktop\Curse Client.appref-ms
[2012/07/22 02:58:59 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2012/07/17 23:24:25 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/17 18:46:57 | 000,442,703 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120801-211455.backup
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/27 18:05:58 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/05/24 22:28:55 | 000,034,814 | ---- | C] () -- C:\Users\Coop\AppData\Local\dt.dat
[2012/05/16 18:18:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/12 11:38:50 | 000,000,000 | ---- | C] () -- C:\Windows\TMonitor64.INI
[2012/02/09 20:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/14 21:33:40 | 000,040,130 | ---- | C] () -- C:\Users\Coop\AppData\Roaming\UserTile.png
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/19 09:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/24 19:59:29 | 000,223,096 | ---- | C] () -- C:\Windows\hpwins24.dat
[2011/03/17 13:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/07 12:56:00 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010/10/03 20:09:10 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2010/10/03 20:09:09 | 000,000,053 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2010/10/03 20:09:04 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2010/10/03 20:08:55 | 000,083,777 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2010/05/30 20:57:38 | 000,324,369 | ---- | C] () -- C:\Users\Coop\EQ2_000004.jpg
[2010/05/30 20:57:38 | 000,324,111 | ---- | C] () -- C:\Users\Coop\EQ2_000003.jpg
[2010/03/12 22:56:56 | 000,099,384 | ---- | C] () -- C:\Users\Coop\AppData\Roaming\inst.exe
[2010/03/12 22:56:56 | 000,007,859 | ---- | C] () -- C:\Users\Coop\AppData\Roaming\pcouffin.cat
[2010/03/12 22:56:56 | 000,001,167 | ---- | C] () -- C:\Users\Coop\AppData\Roaming\pcouffin.inf
[2009/12/23 01:04:28 | 000,103,784 | ---- | C] () -- C:\Users\Coop\GoToAssistDownloadHelper.exe
[2009/05/09 12:21:47 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/11/01 13:26:14 | 000,001,460 | ---- | C] () -- C:\Users\Coop\AppData\Local\d3d9caps64.dat
[2008/11/01 03:41:47 | 000,135,680 | ---- | C] () -- C:\Users\Coop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/01 02:25:28 | 000,001,356 | ---- | C] () -- C:\Users\Coop\AppData\Local\d3d9caps.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:6387AA6C

< End of report >


----------



## rcoops72 (Jun 11, 2011)

Extras.txt

OTL Extras logfile created on: 8/15/2012 10:53:47 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Coop\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 56.88% Memory free
8.19 Gb Paging File | 5.91 Gb Available in Paging File | 72.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 0.99 Gb Free Space | 1.01% Space Free | Partition Type: NTFS
Drive D: | 405.27 Gb Total Space | 110.50 Gb Free Space | 27.27% Space Free | Partition Type: NTFS
Drive E: | 428.58 Gb Total Space | 81.99 Gb Free Space | 19.13% Space Free | Partition Type: NTFS

Computer Name: COOP-PC | User Name: Coop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 10 F7 BB 86 DA E7 C9 01 [binary data]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0889C544-66C3-4292-925F-78C3D995B9C2}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1187BD3E-09F6-488A-B8DB-96762F5A75EB}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{13A43DAC-D68D-40BC-85DE-C7554DA51B5F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{23EC9A52-CE21-4467-B797-EBE25CEC3A32}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2A74F43F-244A-40CD-A732-407F3CDD62B3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3C49EA49-912B-483F-BEDC-6818E401FCEA}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{4071976F-1899-4D1D-84C1-B9EE705A3750}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{4C939CCE-4273-4549-9466-6F7A0E210167}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{4EF38115-8FDA-443D-99AC-9E58785D0BFD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{516E194B-FD52-4D44-9A30-99F23A5715FE}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{54A59A17-103B-465E-8E54-EC1F16955ED7}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{709FD270-3483-4FB1-B2A7-1F1A52EBE259}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{71B4FF70-E525-488E-8642-B15897DE24D0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{77DBE457-78B2-4B39-8AEC-1EC69E0658BA}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{7A6B807B-C06A-456E-A388-63C9C9AF46A8}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{86F78CFE-7E3C-42E5-AD68-AC351E880C9E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8A2FD07A-C80B-485A-85D7-013F5F24F351}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{9077B2CE-CC0F-4C90-84B9-DCFCB70B8491}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{A7D1CADF-F338-41FD-BFC1-373621DED3D0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{ADD91CBD-BDF2-45B4-9313-F6F1DCFDA003}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B2E37008-E66D-491A-817C-61F69854D9F9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BA452483-C1C7-4714-95F5-E062E6B6A186}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{BB436063-9E6C-4A5B-A43B-669C2F9D41B1}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{BCFCE857-BE78-43E8-9BB6-151AAC032607}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BF27E92E-D0DA-4498-A629-9C15C3211DF6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C52B3C5D-8FD0-413C-A26B-8963D52CE658}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C62070F9-4494-48B9-BE4A-7104015B4E32}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{D8E80626-884D-4175-B667-E269A7AA6B8E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ED106741-2862-4310-87F3-9D1350BEB512}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{F0CA34F0-6E58-4FAF-AC6A-AB762682C34C}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{FEC7B2B5-68B4-485E-897D-BC86B9F789A0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AF73A6-8444-4AB1-B8E3-4806BD9CC998}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{03A040A1-CC0A-4960-B0FE-B3910A43C240}" = dir=in | app=d:\program files (x86)\itunes\itunes.exe | 
"{0530C24D-131A-4761-AB99-ADAE504A5139}" = protocol=17 | dir=in | app=d:\program files (x86)\diablo iii\diablo iii.exe | 
"{05AFE26D-33A5-4E9B-9B26-8F26D0D65EDA}" = protocol=6 | dir=in | app=e:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{09CC2E00-95FA-4F40-9036-6DE399A5B60B}" = protocol=17 | dir=in | app=d:\program files (x86)\games\dragon age\bin_ship\daupdatersvc.service.exe | 
"{09CF1FB6-E801-41B8-A35A-85E58E018899}" = protocol=17 | dir=in | app=d:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | 
"{0A000D39-1E78-40BC-9D0D-05899D7430A9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0BD6A7D6-3B45-4E6F-BF4E-9DC0F71B5D94}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{0CC62BCB-32FD-47DD-BDA4-9CAB41E2B17B}" = protocol=17 | dir=in | app=d:\program files (x86)\games\dragon age\bin_ship\daupdatersvc.service.exe | 
"{0E155B62-C631-4D78-9A67-B9FF28285C4D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1253675026\ee\aolsoftware.exe | 
"{0EF7D325-20B8-4EB2-8377-70CFE306441C}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{0FB5EC7D-A116-44E0-AC0B-A6E7ED640A4F}" = protocol=17 | dir=in | app=d:\program files (x86)\codemasters\dirt2\dirt2_game.exe | 
"{0FF7029F-49E8-4594-B516-B9EEE7823758}" = protocol=17 | dir=in | app=d:\program files (x86)\curse\curseclient.exe | 
"{1000A75E-90B7-497A-BCE2-BF4A2793B680}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{100D99C9-8106-4825-A5B4-E85DD92FAF5D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
"{1193CE61-B123-408E-B6A9-EEFB16BC0897}" = protocol=6 | dir=in | app=d:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | 
"{11DBB979-6363-4610-A76C-1EBF469A3292}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{12101435-85CE-4D61-BD49-E3DDF8BAFD70}" = protocol=17 | dir=in | app=d:\program files (x86)\games\mass effect 2\masseffect2launcher.exe | 
"{17DB6948-67B2-4DD1-B780-E705543B8431}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe | 
"{18B16ED1-F721-4214-B5D9-54F7027491B5}" = protocol=6 | dir=in | app=d:\program files (x86)\games\dragon age\bin_ship\daorigins.exe | 
"{19FEAAB1-2DB9-4E5E-B648-205257E1CFFE}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe | 
"{1A21BF09-4E4F-41AE-9906-025AACB9F819}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{1AE6E978-61B6-4DDA-9A0F-B456C791CB74}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | 
"{206C0083-DB69-4F16-B3EB-26701C85B31C}" = protocol=6 | dir=in | app=d:\program files (x86)\games\mass effect 2\masseffect2launcher.exe | 
"{2204947A-F61F-45D7-B827-3A55D9C77B6A}" = protocol=6 | dir=in | app=d:\program files (x86)\codemasters\dirt2\dirt2_game.exe | 
"{22306820-FF0E-4000-B8BF-686CF243E79A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{22B3C84E-4AF3-413C-AC29-8FEB55D3870F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
"{24123BC6-FE7A-4F65-97D9-4A11B37E79D8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{25206B0E-9867-4512-9887-467BE47AD619}" = protocol=6 | dir=in | app=d:\program files (x86)\curse\curseclient.exe | 
"{2725F45F-358D-49C1-8E27-8EC40997024C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{27ACD9A2-F046-4F19-892C-B1ED5CEEC340}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{282470E0-9FC7-49D6-BF1D-9093F8169E5F}" = protocol=6 | dir=in | app=d:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | 
"{2943B8ED-AD3D-445D-9058-71EF8A13A8A3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe | 
"{2980794B-0FB1-4625-BBBC-E09CFB34D31B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{2AA3FF6C-03A4-40B4-956C-D70B74C8A385}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{2ABC417A-2095-4DFD-A0D1-6731F24978BA}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{2D43A65D-A9CD-40B0-B825-7D5E816390A6}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{2E59A685-2E09-400C-A843-C7422B0060B4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1253675026\ee\aolsoftware.exe | 
"{3014436F-33B6-4CD5-BD1B-3C4594C0F009}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe | 
"{321F9E05-8060-4C07-8262-092064625C78}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe | 
"{32203E59-EEAE-4499-9194-9303CAB8385C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{36669E2A-88E4-4735-AF44-C96E608BAAA2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{381DAE45-153A-4D02-920F-D8A45A5A6DC2}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
"{38AED727-9864-4FDE-AA70-B0EA448B4F82}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{38C8BA34-ED00-4D8D-9BAE-75BDA02A6D74}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{3951BA97-888D-4417-9B80-30A26B071BDF}" = protocol=6 | dir=in | app=d:\program files (x86)\games\mass effect\binaries\masseffect.exe | 
"{3B5B2FDB-D563-4273-AF9E-6119584923BF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe | 
"{3FAF0E23-7A53-4D45-ACC6-01C4BECBAE7B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{40156F4C-5DB0-4F08-BC8A-62645C199C03}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{41B1B3EF-1FA1-457B-AA83-8E656EF9867D}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe | 
"{421E2B00-1FA0-4376-80A0-06C9052D3558}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | 
"{47F21E40-0000-4117-A22C-EFC8317279EA}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{47F31A7D-8E58-44AF-A570-F2502EE6610D}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{4B44F9C7-0137-4308-ACC5-5D5B685BE961}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{4C3DB927-F2E0-4282-A9EB-D2E93ABBBF87}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{4D82B5EB-A7AF-4D45-9020-892E268ABC1A}" = protocol=17 | dir=in | app=d:\program files (x86)\capcom\resident evil 5\re5dx10.exe | 
"{4D983A39-8E8F-4CFE-A55B-26BE223FD402}" = protocol=17 | dir=in | app=d:\program files (x86)\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{56F7BCFE-A011-43E9-A007-72D112A5D406}" = protocol=6 | dir=in | app=c:\program files (x86)\aol 9.1\waol.exe | 
"{5AD75D9B-A233-4E1F-94C0-5A61E75DA94C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5C0621D6-F177-4D5D-AF38-35775639FDB7}" = protocol=6 | dir=in | app=d:\program files (x86)\capcom\resident evil 5\re5dx10.exe | 
"{5D64DAD5-2326-4308-9243-205910519DDE}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{5E7D2EB6-7F85-47D8-958E-DE182286CEB0}" = protocol=6 | dir=in | app=d:\program files (x86)\games\mass effect 2\binaries\masseffect2.exe | 
"{5EB6606B-99B0-4EF7-9036-355AEB6B51DD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5FFF5452-DF5F-4B7E-BE08-68336D951D4D}" = protocol=17 | dir=in | app=e:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{61ACD8AE-CF21-4F5D-A83F-7BEF909C2F45}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{61B09B5E-4D58-424B-B986-0022182BC1C8}" = protocol=17 | dir=in | app=d:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{66C67C56-EDAF-448F-A039-401169E3738D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 
"{67430E6F-FA99-44E2-AD8B-E3455A74F9C7}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{67501646-6068-4E62-9C01-83D3B07D73DA}" = protocol=17 | dir=in | app=c:\program files (x86)\aol 9.1\waol.exe | 
"{68235299-ACED-46C5-996D-D13B2E68D6BA}" = protocol=6 | dir=in | app=d:\program files (x86)\games\mass effect\masseffectlauncher.exe | 
"{6866CB91-D152-47B7-B146-D6D355719B09}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | 
"{6F802A96-82B1-45B0-86CD-F6A1E4F3FF52}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{729D6C9E-4EFC-40A8-A61F-4793DD326361}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{774F863F-1A34-4C26-83E2-3E095E6839A9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{7793B6AB-FA0A-4A75-B550-A18E741400A9}" = protocol=6 | dir=in | app=d:\program files (x86)\diablo iii\diablo iii.exe | 
"{77E675D8-DB0F-49D1-A856-B3317F3FCDF1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{78145C28-56C2-4654-9070-9FFAD135600D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
"{781B10DB-EEE7-4653-8A07-614D46D4A310}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | 
"{808BB3C2-0ADB-4FA5-8F41-73DF06363D57}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{8918564B-9E63-445D-93AA-C4AE53A789B7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 
"{8CF2E716-C1BE-40EA-897A-3214C803FEF0}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{8DCA6DE1-9561-4736-9973-1EA399BF92EE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8E6D2B3E-2406-4573-B975-04841D933DBD}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe | 
"{92081F4E-6A52-4549-BE77-93F41ADE054E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{9386E491-129F-4061-9AC8-204F1EBCB52E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{960834B8-4789-409B-83D0-52FE4B0E5AF9}" = protocol=6 | dir=in | app=d:\program files (x86)\games\dragon age\bin_ship\daupdatersvc.service.exe | 
"{98065CF8-5F67-4362-AA80-720F14D3D3A0}" = protocol=17 | dir=in | app=d:\program files (x86)\capcom\resident evil 5\re5dx9.exe | 
"{997685A8-328B-46FB-8F84-3FC8AEB19E99}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\dirt 3\dirt3.exe | 
"{9EB7CB0B-38AB-473A-B0E0-3CE693D21253}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
"{9EC13B10-9E83-4609-BEA4-82EE021284C9}" = protocol=17 | dir=in | app=d:\program files (x86)\games\mass effect 2\binaries\masseffect2.exe | 
"{A0AA6079-5399-4881-9F6D-7128B661644A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{A20ACA27-8EFA-46F3-8143-4DBDA518B8B1}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe | 
"{A4C0896B-3900-4A82-98C1-AEDD340AA319}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{A50F8351-860B-4134-8FFB-89A2F9674E0D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{A8EDC074-AE57-4653-989D-D58E6423901E}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\dirt 3\dirt3.exe | 
"{AA8DF4A1-EE60-4535-8FA2-91BF82F88362}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
"{ACD4EF23-C407-4527-8CBC-10483FEEC3EB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{B2105CAD-5E22-4C2C-BA28-FC341EF94E76}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{B373CC5C-6E35-4DFE-8B6B-5D825CBA64A3}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{B4712205-82D9-404E-8548-85018AB95C4F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{B63F7010-A122-4B12-B0FA-0BD8D5C4C2A0}" = protocol=6 | dir=in | app=d:\program files (x86)\games\dragon age\daoriginslauncher.exe | 
"{B9E39FC6-3A30-47D0-911C-977A687B1112}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{BE8AF2A8-6354-4B48-9349-CBF0F5FBBCC0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{C380E84B-4EA8-4AE0-95A0-FF790B4F8841}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{C429B572-F5C8-4F9B-81B3-B98B19599124}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{C8453356-3C06-4F6B-95E4-731435FE62C2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{D18AA1C7-767E-42C5-BAA1-371F68E37F7D}" = protocol=17 | dir=in | app=d:\program files (x86)\games\dragon age\bin_ship\daorigins.exe | 
"{D23A9E15-5197-46DB-A1C7-4CA476216601}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{D3119D7D-A0DF-4155-8126-670577EA8CA0}" = protocol=6 | dir=in | app=d:\program files (x86)\games\dragon age\bin_ship\daupdatersvc.service.exe | 
"{D3618065-DD62-4AAB-A8FB-0E134AE1C4C3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{D5A3EA32-D798-4CAF-B256-C733AF9149DE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{D934BA14-3AEA-40AF-BB4C-54A8E97F5006}" = protocol=6 | dir=in | app=d:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | 
"{D971AD95-71D4-4268-AEC0-CF9FE6DC5A37}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{DAEAC230-C9D0-40FF-9BF8-68B50051659F}" = protocol=17 | dir=in | app=d:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | 
"{DE0C7DCB-8D95-4EDB-82B5-D8A4BF5327A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{DF1A3425-A31A-46A6-8C44-C76DBFB7681E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{E70983F6-701A-43C5-90AC-71983BBB92A8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E9FB955B-B105-4F8A-8BF9-161677636D78}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{EAFCA4A2-86F9-4BC3-AF95-C869AC302148}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{ED7B73E8-A2C1-4859-A8EA-DCF2145EA750}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{F10E4E93-9E24-4EDA-9CC1-DF434B5068E4}" = protocol=17 | dir=in | app=d:\program files (x86)\games\dragon age\daoriginslauncher.exe | 
"{F2203BD0-AAE7-4F17-BC57-B17047B5A7D0}" = protocol=6 | dir=in | app=d:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{F23BDED3-FF73-4DE3-A5FF-632B220C4BEF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{F2E841EE-1281-466B-980A-18598B4035E7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F32CCBDC-C27F-4B27-B2B5-BDCCC47AF195}" = protocol=6 | dir=in | app=d:\program files (x86)\capcom\resident evil 5\re5dx9.exe | 
"{F357AE24-802C-4344-B556-412EB1DF35BD}" = protocol=6 | dir=in | app=d:\program files (x86)\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{F49619DC-03A8-4CB3-A6DD-132498A315EB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{F54448C7-DFAA-4347-9CF7-7D279B66C1B7}" = protocol=17 | dir=in | app=d:\program files (x86)\games\mass effect\binaries\masseffect.exe | 
"{F6719E24-FAE6-4192-B067-E3596E3BE78D}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{F80114F1-ADD1-400C-BA67-9B9DCFC7C024}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe | 
"{FAF26080-401F-4AFB-B223-5E95F997C660}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FDC409BA-9A9E-4022-8C1E-919F5627D446}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{FE497806-3C80-494C-B437-A769B5D4F7E0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{FF765D5E-5BB4-40A7-A141-242AEDA4B75B}" = protocol=17 | dir=in | app=d:\program files (x86)\games\mass effect\masseffectlauncher.exe | 
"{FF89E04B-3AD4-4CA7-B932-FEE356B5E871}" = protocol=17 | dir=in | app=d:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | 
"TCP Query User{06DEEE32-EAA0-4CC2-9826-A3ABBC5F390F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{0BB8878B-C603-4A60-9807-90E32FE92834}D:\program files (x86)\sony\everquest ii\everquest2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\sony\everquest ii\everquest2.exe | 
"TCP Query User{18CB6440-2384-4ACF-8F6C-E4CEB8781B77}E:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{1D08AB73-83E4-426B-9B73-014D41E8C013}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe | 
"TCP Query User{1ED6293B-330D-4FCC-8230-B0B3F91A72D1}C:\users\coop\downloads\diablo-iii-8370-enus-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\coop\downloads\diablo-iii-8370-enus-installer-downloader.exe | 
"TCP Query User{21052DE2-3077-48E5-813C-5AAA1F2C3599}C:\users\coop\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\coop\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{23AF4F04-9AA8-4EAA-8438-A724197A5ABE}D:\program files (x86)\games\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=d:\program files (x86)\games\dragon age\bin_ship\daorigins.exe | 
"TCP Query User{25587DF0-D7C6-41F2-8D02-9FA83FD76AA8}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{2E4EB775-0FB7-4AA5-BAD8-2AC89E4CEA88}E:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe | 
"TCP Query User{2EEB69A8-9FAE-479E-8C45-6A3514D6AFD5}D:\program files (x86)\codemasters\dirt2\dirt2_game.exe" = protocol=6 | dir=in | app=d:\program files (x86)\codemasters\dirt2\dirt2_game.exe | 
"TCP Query User{32135E73-D427-4BFA-BB1E-3911705DF95A}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{486E5382-79F0-4526-B2CF-CBAECA16F86F}D:\program files (x86)\sony\everquest ii\eq2voiceservice.exe" = protocol=6 | dir=in | app=d:\program files (x86)\sony\everquest ii\eq2voiceservice.exe | 
"TCP Query User{58D9F4F4-6AF5-437C-8CEA-77EB541E2C51}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"TCP Query User{58EB8216-8E04-4699-B4D8-64E88C0E4223}C:\users\coop\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\coop\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{6BAA55FA-C962-4FEB-9997-65541058A951}E:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{754EECB0-E68B-47AD-87CC-7B71A496DDBD}D:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"TCP Query User{85310A80-4E20-4925-B817-B1F15BEC85AB}D:\program files (x86)\curse\curseclient.exe" = protocol=6 | dir=in | app=d:\program files (x86)\curse\curseclient.exe | 
"TCP Query User{8BA358C7-1D9C-4B1C-A934-A3F733E2D30B}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe | 
"TCP Query User{90D9C15E-A1DF-456B-8F0E-BBEA88C5388C}D:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=d:\program files (x86)\activision\modern warfare 2\iw4mp.exe | 
"TCP Query User{9123B1AD-0A66-48C3-83AE-F5772B83CA2D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{B57F3053-2AF2-4A18-A67D-88C725192730}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{B8B4FC30-E325-4566-8CD3-A04E05C6335D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{B8FB85A8-B402-4382-8471-F5596FD04637}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe | 
"TCP Query User{B961856F-7A83-4F73-B5FF-1930B3F142A2}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"TCP Query User{C6D3CA64-07EF-4BB2-A8F2-D8313F33A4D0}E:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\program files (x86)\world of warcraft\launcher.exe | 
"TCP Query User{C9ED7512-6219-4660-9A9D-66D9D399570A}D:\program files (x86)\sony\everquest ii\eq2voiceservice.exe" = protocol=6 | dir=in | app=d:\program files (x86)\sony\everquest ii\eq2voiceservice.exe | 
"TCP Query User{CD6403E5-1146-4A87-981B-E55176BF756C}E:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\program files (x86)\world of warcraft\launcher.exe | 
"TCP Query User{E739B883-6944-405C-9882-43AEF4101897}D:\program files (x86)\sony\everquest ii\everquest2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\sony\everquest ii\everquest2.exe | 
"UDP Query User{0C08CF52-3DFD-4DDD-9B44-6BBE93D7BDAE}E:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\program files (x86)\world of warcraft\launcher.exe | 
"UDP Query User{185B73EF-2188-47E6-8D76-6D6376C655FF}C:\users\coop\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\coop\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{1C5BB69B-E5B7-42C2-A9DC-8797A820BB55}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{20FEF56F-D34E-4A1D-8D64-6513EBC98ADD}D:\program files (x86)\sony\everquest ii\eq2voiceservice.exe" = protocol=17 | dir=in | app=d:\program files (x86)\sony\everquest ii\eq2voiceservice.exe | 
"UDP Query User{293A11B0-666B-4713-B743-342B3CCCAF44}D:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=d:\program files (x86)\activision\modern warfare 2\iw4mp.exe | 
"UDP Query User{29FFA66C-0E30-4C37-AC73-FDE9711B8D40}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"UDP Query User{49D1313D-C47A-4B8C-98F4-A40993962995}D:\program files (x86)\codemasters\dirt2\dirt2_game.exe" = protocol=17 | dir=in | app=d:\program files (x86)\codemasters\dirt2\dirt2_game.exe | 
"UDP Query User{4A094191-E376-447D-B9C3-25D412946C3D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{4E989A2C-5F2D-422F-BB01-084979B3A0C5}E:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{541763CB-9056-4FF8-91E7-B23A8F87C938}D:\program files (x86)\sony\everquest ii\everquest2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\sony\everquest ii\everquest2.exe | 
"UDP Query User{5DBF17C5-F3CC-4AAE-A447-0A14DE931EA1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{62639472-D70E-42F1-9ED3-9331F7E107EA}E:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe | 
"UDP Query User{665EAE5F-1901-4041-B8E9-674EB8307900}D:\program files (x86)\games\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=d:\program files (x86)\games\dragon age\bin_ship\daorigins.exe | 
"UDP Query User{69370736-1E6B-4581-9059-4FEAC661E46D}C:\users\coop\downloads\diablo-iii-8370-enus-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\coop\downloads\diablo-iii-8370-enus-installer-downloader.exe | 
"UDP Query User{6EA452BF-7374-4544-B388-A16DBDAA5308}C:\users\coop\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\coop\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{77B1942A-6EDF-4C08-9B99-2A41664AE1BD}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{8535DF8C-E9EE-4746-895A-67B83AFC721D}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe | 
"UDP Query User{85D784E1-AA64-4BE2-BD51-6055563B7600}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe | 
"UDP Query User{87C7384C-D28E-4BE9-951A-FDB5C2B2EF86}E:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{98D6B9F7-DC3A-4638-BB20-7487ABE83C1E}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{A76B644C-927A-41CA-BB25-A69F51C8BF43}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{AB66871A-4995-4A31-8299-9563FDB386A9}D:\program files (x86)\curse\curseclient.exe" = protocol=17 | dir=in | app=d:\program files (x86)\curse\curseclient.exe | 
"UDP Query User{ADA03FED-23D2-46B6-8AFE-5ABA213D8541}E:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\program files (x86)\world of warcraft\launcher.exe | 
"UDP Query User{AEC5809E-060E-4255-BA12-C0294A3D12D5}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe | 
"UDP Query User{B0D26D54-CC00-49FF-99B8-96A7AFEF692C}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"UDP Query User{B4232AC3-A5B1-49B1-A83B-2C792EA27B56}D:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"UDP Query User{D18E5E59-0635-41D1-9830-7CB93511DD61}D:\program files (x86)\sony\everquest ii\eq2voiceservice.exe" = protocol=17 | dir=in | app=d:\program files (x86)\sony\everquest ii\eq2voiceservice.exe | 
"UDP Query User{F5CE1C69-1EB1-4481-9F68-63F87674B78F}D:\program files (x86)\sony\everquest ii\everquest2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\sony\everquest ii\everquest2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0+ (r484)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{186D2CCE-DEFE-4188-AB44-62008E9BC3E0}" = O&O Defrag Professional
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{3FD3FC64-DA16-318E-DFD5-57466FF5FEB5}" = ATI Catalyst Install Manager
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7791308C-85FB-43B9-93F2-7DE9CB7D5C4A}" = HP Officejet 6000 E609 Series
"{7CAFBA1E-D090-3F1F-662D-9828FD4D8E4D}" = ccc-utility64
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{86E42509-8029-7678-F522-0636D80CD277}" = ATI AVIVO64 Codecs
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"AVG" = AVG 2012
"CCleaner" = CCleaner
"C-Media Oxygen HD Audio Driver" = ASUS Xonar DS Audio Driver
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.19
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.3.0
"{0B7F7645-F948-98D7-18F7-1C69D7B6ACDB}" = CCC Help Portuguese
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1" = Deus Ex - Human Revolution version 1.0
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{168BEE42-1F65-1AFF-CD77-3DB5A9F91B5E}" = CCC Help Danish
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1B7710D4-9D75-D5E5-4B6D-40F471E70398}" = HydraVision
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2278744E-73C3-38C4-6991-3E1601785913}" = CCC Help Greek
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3454886D-4AB3-BF96-D378-B7F6DCA0A281}" = CCC Help Finnish
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{364B2826-EEB6-A31B-F25B-5CBB78273414}" = CCC Help English
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3EC62F67-DDFA-434C-9610-1FDF71B8F1D4}" = BPDSoftware_Ini
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D397FE-86B1-4234-16AC-9E7DD89A3207}" = CCC Help Norwegian
"{4898D29E-A858-DB50-C7D4-8554066A8DAA}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{50B93225-3F76-F555-27A2-A1EAEC83C527}" = Catalyst Control Center InstallProxy
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent 
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = Six Engine
"{57AC79C8-157E-403A-A8D0-DD74EF71BAE2}" = Catalyst Control Center - Branding
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{59AAB74E-9A5B-D39E-E65D-6CD48DA8055F}" = CCC Help Korean
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.2.0
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5CED4E8D-4508-D84A-2945-285B13852E0B}" = CCC Help French
"{5F64E152-51C1-47B4-BEA8-007D73C7460F}" = Cisco AnyConnect VPN Client
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{61B563AC-F31E-A727-CBEA-F9648B803948}" = CCC Help Italian
"{633E917B-F74E-56D6-B8CF-3A443C260615}" = CCC Help Japanese
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{685C7EBA-82F4-44F8-9514-911A69850DA3}" = Express Gate
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B8364EA-9B85-EF54-6DEC-FC3CE9C55123}" = CCC Help Spanish
"{6C51CF89-2452-B69F-94B3-6BF3FF3A03B1}" = CCC Help Hungarian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71CEED82-6D60-4DB7-A351-3564A87F7C96}" = 6000E609_eDocs
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786EBD1C-CAC0-8900-D77B-5777C5F74395}" = CCC Help Swedish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7E4BB999-4B59-1009-429B-963B6252E6DD}" = CCC Help Turkish
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{81D2FECF-FB01-4120-828B-DB3213440356}" = EverQuest II: The Shadow Odyssey
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8334930A-9405-467B-9498-1EBC1878A09D}" = Catalyst Control Center
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8CC928F6-93A2-D49D-E253-532C2FF053A1}" = Catalyst Control Center Profiles Desktop
"{8CFF08EF-CDF7-C328-AD6B-10BD2E1D1D73}" = CCC Help German
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_EXCEL_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_POWERPOINT_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_POWERPOINT_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_EXCEL_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_POWERPOINT_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_EXCEL_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_POWERPOINT_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_WORD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_EXCEL_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_POWERPOINT_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_WORD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_EXCEL_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_POWERPOINT_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_EXCEL_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_POWERPOINT_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_EXCEL_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_POWERPOINT_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_WORD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91C514E8-C92E-48E4-BDEE-DE3407837194}" = Wolfenstein(TM) 1.2 Patch 
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C5BBDA1-F311-476B-1863-C0A3073CAC86}" = CCC Help Polish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF9CA86D-83FA-C143-F9C8-EAB535B8B78C}" = Catalyst Control Center Localization All
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2ED6DAA-31AA-49E4-BFA1-AF3388D90F7D}" = EverQuest II
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C809442E-31F0-418C-A929-74453B741A7B}" = ProductContext
"{CA6F93FB-A2DE-6CE1-57FC-8139684C07E7}" = CCC Help Chinese Traditional
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CBE7EB3D-FBD9-4c74-8156-082D055C0354}" = BPDSoftware
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D465F44F-29FF-4A7A-A114-427E44C355DE}" = 6000E609n
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DDB68A90-340C-42B9-B42B-D2CBED1B91DC}" = Heroes of Might and Magic V Collector Edition
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E30EE048-574F-5FD3-DA01-1126946E21C1}" = CCC Help Dutch
"{E43ED0A0-C85E-40F0-807C-6A8A9D2FAEF3}_is1" = King's Bounty. The Legend (Remove Only)
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F2F7E361-D336-1338-A453-AB03B4818927}" = CCC Help Czech
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4BD608A-8296-43DA-A400-1E8432AB1304}" = 6000E609_Help
"{F4BF6E6A-5F71-B52B-D738-B0A5C3456FED}" = CCC Help Chinese Standard
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FB686487-C637-4EEF-BCB1-C92463F2CC05}" = Atheros Ethernet Utility
"{FC123EEA-330A-4685-911C-95B8F5E9DE68}" = Thief - Deadly Shadows
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDF1D75A-1F72-6C4F-1103-DC6BF5218AE6}" = CCC Help Russian
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Afterburner" = MSI Afterburner 2.2.1
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Belarc Advisor" = Belarc Advisor 8.1
"BitTorrent" = BitTorrent
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Cisco Connect" = Cisco Connect
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"CurseClient" = Curse Client
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Diablo III" = Diablo III
"DiskAid_is1" = DiskAid 5.3
"DivX Setup" = DivX Setup
"DVDneXtCOPY 4 neXtTech" = DVDneXtCOPY 4 neXtTech
"Elf Bowling Holiday Pack 1.00" = Elf Bowling Holiday Pack 1.00
"EQ2MAP Updater" = EQ2MAP Updater 1.2.8
"EXCEL" = Microsoft Office Excel 2007
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"iCare Data Recovery_is1" = iCare Data Recovery 3.8.4
"ImgBurn" = ImgBurn
"InstallShield_{91C514E8-C92E-48E4-BDEE-DE3407837194}" = Wolfenstein(TM) 1.2 Patch
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"Kings Bounty Armored Princess_is1" = King's Bounty: Crossworlds
"Mafia II_is1" = Mafia II
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"ModPlug Player v1.46_is1" = ModPlug Player
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Plants vs. Zombies" = Plants vs. Zombies
"POWERPOINT" = Microsoft Office PowerPoint 2007
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.93
"SFBM" = SoundFont Bank Manager
"SpeedFan" = SpeedFan (remove only)
"Steam App 440" = Team Fortress 2
"Steam App 44320" = DiRT 3
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Syberia 2 1.00" = Syberia 2 1.00
"SystemRequirementsLab" = System Requirements Lab
"THX_Console_Unicode" = THX Setup Console
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinPokerushr" = WinPoker 6 Shareware
"WinRAR archiver" = WinRAR archiver
"Wizardry 8" = Wizardry 8
"WORD" = Microsoft Office Word 2007
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"ProfitUI Reborn Updater" = ProfitUI Reborn Updater
"SOE-EverQuest II" = EverQuest II

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/15/2012 7:34:24 PM | Computer Name = Coop-PC | Source = Perflib | ID = 1008
Description =

Error - 8/15/2012 7:34:24 PM | Computer Name = Coop-PC | Source = Perflib | ID = 1010
Description =

Error - 8/15/2012 7:34:24 PM | Computer Name = Coop-PC | Source = Perflib | ID = 1008
Description =

Error - 8/15/2012 7:34:24 PM | Computer Name = Coop-PC | Source = Perflib | ID = 1008
Description =

Error - 8/15/2012 7:34:24 PM | Computer Name = Coop-PC | Source = Perflib | ID = 1008
Description =

Error - 8/15/2012 7:34:25 PM | Computer Name = Coop-PC | Source = Perflib | ID = 1008
Description =

Error - 8/15/2012 7:34:25 PM | Computer Name = Coop-PC | Source = Perflib | ID = 1005
Description =

Error - 8/15/2012 7:34:25 PM | Computer Name = Coop-PC | Source = Perflib | ID = 1018
Description =

Error - 8/15/2012 7:34:25 PM | Computer Name = Coop-PC | Source = Perflib | ID = 1008
Description =

Error - 8/15/2012 8:05:16 PM | Computer Name = Coop-PC | Source = WinMgmt | ID = 10
Description =

[ Cisco AnyConnect VPN Client Events ]
Error - 8/8/2012 11:49:12 PM | Computer Name = Coop-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 8/8/2012 11:49:12 PM | Computer Name = Coop-PC | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr:rocessEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service

Error - 8/9/2012 12:17:59 AM | Computer Name = Coop-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 8/9/2012 12:17:59 AM | Computer Name = Coop-PC | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr:rocessEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service

Error - 8/9/2012 12:17:59 AM | Computer Name = Coop-PC | Source = vpnagent | ID = 50331649
Description = Function: WaitForSingleObject Return code: 6 File: .\Agent.cpp Line: 
686 Description: The handle is invalid.

Error - 8/10/2012 7:56:00 AM | Computer Name = Coop-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 8/10/2012 7:56:00 AM | Computer Name = Coop-PC | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr:rocessEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service

Error - 8/14/2012 11:43:08 PM | Computer Name = Coop-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 8/14/2012 11:43:09 PM | Computer Name = Coop-PC | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr:rocessEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service

Error - 8/15/2012 8:02:26 PM | Computer Name = Coop-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

[ Media Center Events ]
Error - 6/9/2009 6:37:34 PM | Computer Name = Coop-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/31/2010 4:45:29 AM | Computer Name = Coop-PC | Source = Mcx2Dvcs | ID = 405
Description =

Error - 5/31/2010 4:47:54 AM | Computer Name = Coop-PC | Source = Mcx2Dvcs | ID = 405
Description =

Error - 5/31/2010 5:11:46 AM | Computer Name = Coop-PC | Source = Mcx2Dvcs | ID = 405
Description =

[ OSession Events ]
Error - 7/2/2010 7:16:43 PM | Computer Name = Coop-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/13/2012 11:52:27 PM | Computer Name = Coop-PC | Source = DCOM | ID = 10010
Description =

Error - 8/14/2012 6:50:13 PM | Computer Name = Coop-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/14/2012 11:42:59 PM | Computer Name = Coop-PC | Source = DCOM | ID = 10010
Description =

Error - 8/15/2012 6:34:29 PM | Computer Name = Coop-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/15/2012 7:57:04 PM | Computer Name = Coop-PC | Source = DCOM | ID = 10005
Description =

Error - 8/15/2012 7:57:04 PM | Computer Name = Coop-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 8/15/2012 7:57:04 PM | Computer Name = Coop-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/15/2012 8:02:00 PM | Computer Name = Coop-PC | Source = DCOM | ID = 10010
Description =

Error - 8/15/2012 8:04:33 PM | Computer Name = Coop-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.128 for the Network Card with network
address 0022152076CF has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 8/15/2012 8:05:17 PM | Computer Name = Coop-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Something's definitely off with the hosts file. We'll try to reset it with this fix.

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:OTL
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/soft...5111/CTPID.cab (Reg Error: Key error.)
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:6387AA6C
:Commands
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


----------



## rcoops72 (Jun 11, 2011)

Cookie - OTl said it needed to reboot the PC, Below is the log it popped up upon the Reboot. My next post will be the new log after a Quick Scan

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\ not found.
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {F6ACF75C-C32C-447B-9BEF-46B766368D29}
C:\Windows\Downloaded Program Files\CTPID.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ not found.
ADS C:\ProgramData\TEMP:6387AA6C deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Coop
->Temp folder emptied: 34168989 bytes
->Temporary Internet Files folder emptied: 54964416 bytes
->Java cache emptied: 164140 bytes
->FireFox cache emptied: 161722943 bytes
->Google Chrome cache emptied: 122982595 bytes
->Flash cache emptied: 9100 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1512084 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 399222 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 359.00 mb

[EMPTYFLASH]

User: Coop
->Flash cache emptied: 0 bytes

User: Default

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.57.0 log created on 08162012_194526

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET5DBD.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET5DEF.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET76AF.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET7B83.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETC390.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETC42F.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETDA78.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETDAB9.tmp scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2012/08/16 19:45:30 | 000,000,098 | ---- | M] () C:\Windows\System32\drivers\etc\Hosts : MD5=F9C056369E96130CEAD3623A430D925F
[2009/06/04 01:40:44 | 000,321,512 | ---- | M] () C:\Windows\SysNative\SET5DBD.tmp : MD5=E230843CD239D560087F63FC19A36D8C
[2009/06/04 01:40:44 | 000,056,509 | ---- | M] () C:\Windows\SysNative\SET5DEF.tmp : MD5=D03903A3D5383386C14B2F0AC28FBF23
[2009/04/09 15:40:58 | 000,321,512 | ---- | M] () C:\Windows\SysNative\SET76AF.tmp : MD5=812D97F14C309BA0A3A1C8F029039072
[2009/04/09 15:40:58 | 000,056,509 | ---- | M] () C:\Windows\SysNative\SET7B83.tmp : MD5=B2E68C0748D931046DB330CEDE7C34F3
[2009/06/04 01:40:44 | 000,321,512 | ---- | M] () C:\Windows\SysNative\SETC390.tmp : MD5=E230843CD239D560087F63FC19A36D8C
[2009/06/04 01:40:44 | 000,056,509 | ---- | M] () C:\Windows\SysNative\SETC42F.tmp : MD5=D03903A3D5383386C14B2F0AC28FBF23
[2009/06/04 01:40:44 | 000,321,512 | ---- | M] () C:\Windows\SysNative\SETDA78.tmp : MD5=E230843CD239D560087F63FC19A36D8C
[2009/06/04 01:40:44 | 000,056,509 | ---- | M] () C:\Windows\SysNative\SETDAB9.tmp : MD5=D03903A3D5383386C14B2F0AC28FBF23

Registry entries deleted on Reboot...


----------



## rcoops72 (Jun 11, 2011)

Log after new Quick Scan run

OTL logfile created on: 8/16/2012 7:52:05 PM - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Coop\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 47.81% Memory free
8.17 Gb Paging File | 5.67 Gb Available in Paging File | 69.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 1.85 Gb Free Space | 1.89% Space Free | Partition Type: NTFS
Drive D: | 405.27 Gb Total Space | 110.50 Gb Free Space | 27.27% Space Free | Partition Type: NTFS
Drive E: | 428.58 Gb Total Space | 81.99 Gb Free Space | 19.13% Space Free | Partition Type: NTFS

Computer Name: COOP-PC | User Name: Coop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/15 22:52:45 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Coop\Desktop\OTL.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/20 05:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/20 00:32:17 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\aol\1253675026\ee\aolsoftware.exe
PRC - [2009/07/10 13:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009/06/17 16:17:05 | 000,434,864 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/06/07 08:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2008/07/11 03:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
PRC - [2008/05/14 18:42:56 | 005,958,656 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/10 20:16:27 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/30 22:25:39 | 000,688,128 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2010/05/30 22:25:39 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2010/05/30 22:25:38 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2010/05/30 22:25:37 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2010/05/30 22:25:37 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2010/05/30 22:25:37 | 000,528,384 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2010/05/30 22:25:37 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2010/05/30 22:25:36 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2010/05/30 22:25:36 | 001,400,832 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2010/05/30 22:25:36 | 000,872,448 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2010/05/30 22:25:36 | 000,462,848 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2010/05/30 22:25:33 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2010/05/30 22:25:32 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2010/05/30 22:25:32 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2010/05/30 22:25:30 | 000,128,512 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2010/05/30 22:25:30 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2010/05/30 22:25:29 | 000,466,944 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2010/05/30 22:25:29 | 000,404,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2010/05/30 22:25:29 | 000,354,816 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2010/05/30 22:25:29 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2010/05/30 22:25:29 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2010/05/30 22:25:28 | 001,564,672 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2010/05/30 22:25:28 | 001,297,408 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2010/05/30 22:25:28 | 000,679,936 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2010/05/30 22:25:28 | 000,339,968 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2010/05/30 22:25:28 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2010/05/30 22:25:28 | 000,261,120 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2010/05/30 22:25:28 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2010/05/30 22:25:28 | 000,171,008 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2010/05/30 22:25:28 | 000,117,760 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2010/05/30 22:25:28 | 000,097,280 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2010/05/30 22:25:28 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2010/05/30 22:25:27 | 000,757,760 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2010/05/30 22:25:27 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2008/07/11 03:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
MOD - [2008/05/14 18:42:56 | 005,958,656 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
MOD - [2006/01/10 04:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2005/05/11 16:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\pngio.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2011/05/24 23:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:*64bit:* - [2009/09/12 01:40:22 | 002,287,360 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV:*64bit:* - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/14 20:23:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/08 23:59:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/21 13:50:02 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2010/05/28 03:14:56 | 001,044,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/20 00:32:17 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/15 16:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Program Files (x86)\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/17 16:17:05 | 000,434,864 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/06/07 08:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:*64bit:* - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:*64bit:* - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:*64bit:* - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:*64bit:* - [2011/09/21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:*64bit:* - [2011/06/22 16:56:36 | 000,513,080 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:*64bit:* - [2011/06/22 16:53:27 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:*64bit:* - [2011/05/25 00:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:*64bit:* - [2011/05/24 22:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:*64bit:* - [2011/03/30 14:46:30 | 000,111,632 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:*64bit:* - [2010/04/07 15:08:43 | 001,261,568 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:*64bit:* - [2010/03/12 22:56:56 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:*64bit:* - [2009/10/04 02:24:35 | 000,312,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:*64bit:* - [2009/10/04 02:24:34 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:*64bit:* - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:*64bit:* - [2009/08/09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:*64bit:* - [2009/08/05 06:18:34 | 000,057,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E)
DRV:*64bit:* - [2009/06/17 16:02:03 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vpnva64.sys -- (vpnva)
DRV:*64bit:* - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2009/04/11 01:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:*64bit:* - [2009/04/09 17:35:08 | 001,561,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:*64bit:* - [2009/04/09 17:34:54 | 000,118,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:*64bit:* - [2009/04/09 17:34:44 | 000,213,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:*64bit:* - [2009/04/09 17:34:32 | 000,015,896 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:*64bit:* - [2009/04/09 17:34:24 | 000,179,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:*64bit:* - [2009/04/09 17:34:14 | 000,684,312 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:*64bit:* - [2009/04/09 17:34:02 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:*64bit:* - [2009/04/09 17:33:52 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV:*64bit:* - [2009/04/09 17:33:52 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX)
DRV:*64bit:* - [2009/04/09 17:33:36 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV:*64bit:* - [2009/04/09 17:33:36 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT)
DRV:*64bit:* - [2009/04/09 17:33:26 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV:*64bit:* - [2009/04/09 17:33:26 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT)
DRV:*64bit:* - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mcdbus.sys -- (mcdbus)
DRV:*64bit:* - [2008/05/08 02:21:54 | 000,090,512 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:*64bit:* - [2006/11/29 18:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wanatw64.sys -- (wanatw)
DRV:*64bit:* - [2006/11/01 19:23:00 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{DCF78BD1-FC5F-45E6-AAE6-84F1F5C1C24A}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: 
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Coop\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Coop\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Coop\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/16 21:58:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/24 20:05:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 20:13:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/27 18:06:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/08 23:59:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/15 19:57:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Coop\AppData\Roaming\Move Networks [2010/03/28 15:52:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/24 20:05:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/08 23:59:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/15 19:57:08 | 000,000,000 | ---D | M]

[2010/01/23 13:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coop\AppData\Roaming\Mozilla\Extensions
[2012/08/08 23:58:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coop\AppData\Roaming\Mozilla\Firefox\Profiles\sy8v5ryx.default\extensions
[2011/05/28 12:44:18 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Users\Coop\AppData\Roaming\Mozilla\Firefox\Profiles\sy8v5ryx.default\extensions\[email protected]
[2011/06/22 16:53:21 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Coop\AppData\Roaming\Mozilla\Firefox\Profiles\sy8v5ryx.default\extensions\[email protected]
[2011/06/22 16:53:12 | 000,002,055 | ---- | M] () -- C:\Users\Coop\AppData\Roaming\Mozilla\Firefox\Profiles\sy8v5ryx.default\searchplugins\daemon-search.xml
[2012/08/09 22:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/09 22:52:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/14 18:59:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/08/08 23:59:11 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2008/11/06 07:42:54 | 000,002,275 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\aolsearch.xml
[2012/08/08 23:57:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/08 23:57:51 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Coop\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Coop\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Coop\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Coop\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Coop\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
CHR - Extension: Skype Click to Call = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
CHR - Extension: AVG Do Not Track = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/16 19:45:30 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:*64bit:* - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:*64bit:* - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4:*64bit:* - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:*64bit:* - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:*64bit:* - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4:*64bit:* - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4:*64bit:* - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTXFIREG] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1253675026\ee\AOLSoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9:*64bit:* - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:*64bit:* - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:*64bit:* - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.ascensus.com/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF18AE1E-3EA5-4EC6-A01E-508FBAF6A315}: DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
O18:*64bit:* - Protocol\Handler\belarc - No CLSID value found
O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Coop\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Coop\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4bb2626e-a320-11de-b19f-0022152076cf}\Shell\AutoRun\command - "" = Connect.exe
O33 - MountPoints2\{5c40a69b-a7db-11dd-87fb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5c40a69b-a7db-11dd-87fb-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/16 19:45:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/16 19:11:59 | 000,000,000 | ---D | C] -- C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2012/08/15 22:52:44 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Coop\Desktop\OTL.exe
[2012/08/15 20:10:52 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Coop\Desktop\dds.com
[2012/08/09 00:00:01 | 000,000,000 | ---D | C] -- C:\Users\Coop\AppData\Local\Macromedia
[2012/08/08 23:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/08/08 23:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2010/03/12 22:56:56 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Coop\AppData\Roaming\pcouffin.sys
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/16 19:54:13 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/16 19:54:13 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/16 19:54:13 | 000,104,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/16 19:48:26 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 19:48:26 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 19:48:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/16 19:48:10 | 001,900,056 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012/08/16 19:45:30 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/16 19:30:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2800502796-835880612-2508068223-1000UA.job
[2012/08/16 19:23:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/16 19:14:44 | 104,052,063 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/16 19:11:59 | 000,000,318 | ---- | M] () -- C:\Users\Coop\Desktop\Curse Client.appref-ms
[2012/08/15 22:52:45 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Coop\Desktop\OTL.exe
[2012/08/15 20:31:49 | 000,000,709 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/08/15 20:10:53 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Coop\Desktop\dds.com
[2012/08/15 20:04:34 | 000,265,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/15 19:57:08 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/14 19:31:21 | 000,002,037 | ---- | M] () -- C:\Users\Coop\Desktop\Google Chrome.lnk
[2012/08/14 19:31:21 | 000,001,999 | ---- | M] () -- C:\Users\Coop\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/13 18:35:11 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/12 13:03:27 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/08/12 13:03:27 | 000,001,417 | ---- | M] () -- C:\Users\Coop\Desktop\DivX Movies.lnk
[2012/08/12 13:03:19 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/08/04 12:30:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2800502796-835880612-2508068223-1000Core.job
[2012/07/22 02:58:59 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2012/07/17 23:24:25 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/27 18:05:58 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/05/24 22:28:55 | 000,034,814 | ---- | C] () -- C:\Users\Coop\AppData\Local\dt.dat
[2012/05/16 18:18:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/12 11:38:50 | 000,000,000 | ---- | C] () -- C:\Windows\TMonitor64.INI
[2012/02/09 20:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/14 21:33:40 | 000,040,130 | ---- | C] () -- C:\Users\Coop\AppData\Roaming\UserTile.png
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/19 09:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/24 19:59:29 | 000,223,096 | ---- | C] () -- C:\Windows\hpwins24.dat
[2011/03/17 13:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/07 12:56:00 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010/10/03 20:09:10 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2010/10/03 20:09:09 | 000,000,053 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2010/10/03 20:09:04 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2010/10/03 20:08:55 | 000,083,777 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2010/05/30 20:57:38 | 000,324,369 | ---- | C] () -- C:\Users\Coop\EQ2_000004.jpg
[2010/05/30 20:57:38 | 000,324,111 | ---- | C] () -- C:\Users\Coop\EQ2_000003.jpg
[2010/03/12 22:56:56 | 000,099,384 | ---- | C] () -- C:\Users\Coop\AppData\Roaming\inst.exe
[2010/03/12 22:56:56 | 000,007,859 | ---- | C] () -- C:\Users\Coop\AppData\Roaming\pcouffin.cat
[2010/03/12 22:56:56 | 000,001,167 | ---- | C] () -- C:\Users\Coop\AppData\Roaming\pcouffin.inf
[2009/12/23 01:04:28 | 000,103,784 | ---- | C] () -- C:\Users\Coop\GoToAssistDownloadHelper.exe
[2009/05/09 12:21:47 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/11/01 13:26:14 | 000,001,460 | ---- | C] () -- C:\Users\Coop\AppData\Local\d3d9caps64.dat
[2008/11/01 03:41:47 | 000,135,680 | ---- | C] () -- C:\Users\Coop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/01 02:25:28 | 000,001,356 | ---- | C] () -- C:\Users\Coop\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2010/10/03 20:09:21 | 000,000,000 | ---D | M] -- C:\Users\Coop\AppData\Roaming\ASUS
[2011/10/03 19:22:25 | 000,000,000 | ---D | M] -- C:\Users\Coop\AppData\Roaming\AVG2012
[2011/06/22 15:58:54 | 000,000,000 | ---D | M] -- C:\Users\Coop\AppData\Roaming\Bioshock
[2011/06/22 17:04:49 | 000,000,000 | ---D | M] -- C:\Users\Coop\AppData\Roaming\Bioshock2
[2012/07/17 23:27:04 | 000,000,000 | ---D | M] -- C:\Users\Coop\AppData\Roaming\BitTorrent
[2009/09/05 12:06:03 | 000,000,000 | ---D | M] -- C:\Users\Coop\AppData\Roaming\Blitware
[2011/07/02 13:24:47 | 000,000,000 | ---D | M] -- C:\Users\Coop\AppData\Roaming\DAEMON Tools Lite
[2012/07/04 19:59:43 | 000,000,000 | ---D | M] -- C:\Users\Coop\AppData\Roaming\DiskAid
[2010/01/23 16:14:27 | 000,000,000 | ---D | M] -- C:\Users\Coop\AppData\Roaming\GetRightToGo
[2010/10/30 02:44:50 | 000,000,000 | ---D | M] -- C:\Users\Coop\AppData\Roaming\GrabIt
[2010/07/22 23:25:28 | 000,000,000 | ---D | M] -- C:\Users\Coop\AppData\Roaming\ImgBurn
[2011/12/10 02:12:02 | 000,000,000 | ---D | M] -- C:\Users\Coop\AppData\Roaming\Might & Magic Heroes VI
[2009/02/25 23:06:40 | 000,000,000 | ---D | M] -- C:\Users\Coop\AppData\Roaming\PKWARE
[2011/06/22 16:07:09 | 000,000,000 | ---D | M] -- C:\Users\Coop\AppData\Roaming\ProfitUI Reborn Updater
[2010/05/30 22:27:33 | 000,000,000 | ---D | M] -- C:\Users\Coop\AppData\Roaming\Skinux
[2011/12/17 18:38:00 | 000,000,000 | ---D | M] -- C:\Users\Coop\AppData\Roaming\Sony Online Entertainment
[2010/03/13 20:07:01 | 000,000,000 | ---D | M] -- C:\Users\Coop\AppData\Roaming\Vso
[2011/06/12 14:55:03 | 000,000,000 | ---D | M] -- C:\Users\Coop\AppData\Roaming\WinPatrol
[2012/07/22 02:58:59 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2012/08/16 19:46:55 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >


----------



## Cookiegal (Aug 27, 2003)

That certainly looks better thant he previous log. 

Please run the following on-line scanner. Note that you must use Internet Explorer to perform the scan.

Note: If you're running a 64-bit system you have to choose the 32-bit option in IE. To do that, go to the Start Menu and right-click the Internet Explorer (32-bit) icon and then select 'Run as administrator' from the right-click menu.

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\EsetOnlineScanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please.


----------



## rcoops72 (Jun 11, 2011)

Scan finished and found and cleaned 2 threats


[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=69133fe2f3b07d449efc19ae3c3550eb
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-17 05:24:22
# local_time=2012-08-17 01:24:22 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 27448922 27448922 0 0
# compatibility_mode=5892 16776574 100 56 86561596 181818090 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=319900
# found=2
# cleaned=2
# scan_time=4877
C:\Users\Coop\Downloads\SoftonicDownloader_for_nvidia-gpu-temp (1).exe	Win32/SoftonicDownloader.D application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Coop\Downloads\SoftonicDownloader_for_nvidia-gpu-temp.exe	Win32/SoftonicDownloader.D application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C


----------



## Cookiegal (Aug 27, 2003)

Sorry for the delay in responding. I must have deleted the e-mail notification by mistake. 

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool (Vista/Windows 7 users - right click to run as administrator) and allow it to download the Avast database.

Click *Scan*.

Upon completion of the scan, click *Save log* then save it to your desktop and post that log in your next reply for review. 
*Note - do NOT attempt any Fix yet. *

You will also notice another file created on the desktop named *MBR.dat*. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.


----------



## rcoops72 (Jun 11, 2011)

Cookie - Here you go. One line on the scan was in red Font

" \Driver\atapi[0xfffffa80048a46c0] -> IRP_MJ_CREATE -> 0xfffffa80047782c0"

Also I freed up 8.67GB last night. Only thing I did was run this scan and my free space is already down to 6.95GB..So strange

BTW just found another 4GBs to delete in that program data hidden folder. It was a cache of some old software I deleted back in 2009. So right now as I type I am at 11.3 GB Free

LOG

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-19 11:12:23
-----------------------------
11:12:23.054 OS Version: Windows x64 6.0.6002 Service Pack 2
11:12:23.054 Number of processors: 2 586 0x1706
11:12:23.055 ComputerName: COOP-PC UserName: Coop
11:12:23.925 Initialize success
11:12:58.435 AVAST engine defs: 12081900
11:13:04.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:13:04.236 Disk 0 Vendor: WDC_WD1001FALS-00J7B0 05.00K05 Size: 953869MB BusType: 3
11:13:04.240 Disk 0 MBR read successfully
11:13:04.241 Disk 0 MBR scan
11:13:04.245 Disk 0 Windows VISTA default MBR code
11:13:04.248 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100000 MB offset 2048
11:13:04.265 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 415000 MB offset 204802048
11:13:04.281 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 438867 MB offset 1054722048
11:13:04.353 Disk 0 scanning C:\Windows\system32\drivers
11:13:13.721 Service scanning
11:13:29.860 Modules scanning
11:13:29.866 Disk 0 trace - called modules:
11:13:29.887 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa80047782c0]<<sptd.sys ataport.SYS pciide.sys 
11:13:30.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f1f790]
11:13:30.222 3 CLASSPNP.SYS[fffffa60011d0c33] -> nt!IofCallDriver -> [0xfffffa80048c2600]
11:13:30.226 5 acpi.sys[fffffa6000babfde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80048b6060]
11:13:30.229 \Driver\atapi[0xfffffa80048a46c0] -> IRP_MJ_CREATE -> 0xfffffa80047782c0
11:13:31.046 AVAST engine scan C:\Windows
11:13:32.994 AVAST engine scan C:\Windows\system32
11:16:29.878 AVAST engine scan C:\Windows\system32\drivers
11:16:49.258 AVAST engine scan C:\Users\Coop
11:27:34.903 AVAST engine scan C:\ProgramData
11:48:51.842 Scan finished successfully
11:50:58.656 Disk 0 MBR has been saved successfully to "C:\Users\Coop\Desktop\MBR.dat"
11:50:58.662 The log file has been saved successfully to "C:\Users\Coop\Desktop\aswMBR.txt"


----------



## Cookiegal (Aug 27, 2003)

Looks like a rootkit infection.

Please go  here and download the *TDSSKiller.exe* to your desktop.

Double-click to TDSSKiller.exe on your desktop to run it.
Click on *Start Scan*
As we don't want to fix anything yet, if any malicious objects are detected, *do NOT select Cure* but select *Skip* instead.
It will produce a log once it finishes in the root drive which should look like this example:

C:\TDSSKiller.<version_date_time>log.txt

Please copy and paste the contents of that log in your next reply.


----------



## rcoops72 (Jun 11, 2011)

Here you go, that was nice and quick

12:10:38.0792 4640 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
12:10:39.0017 4640 ============================================================
12:10:39.0017 4640 Current date / time: 2012/08/19 12:10:39.0017
12:10:39.0017 4640 SystemInfo:
12:10:39.0017 4640 
12:10:39.0017 4640 OS Version: 6.0.6002 ServicePack: 2.0
12:10:39.0017 4640 Product type: Workstation
12:10:39.0017 4640 ComputerName: COOP-PC
12:10:39.0017 4640 UserName: Coop
12:10:39.0017 4640 Windows directory: C:\Windows
12:10:39.0017 4640 System windows directory: C:\Windows
12:10:39.0017 4640 Running under WOW64
12:10:39.0017 4640 Processor architecture: Intel x64
12:10:39.0017 4640 Number of processors: 2
12:10:39.0017 4640 Page size: 0x1000
12:10:39.0017 4640 Boot type: Normal boot
12:10:39.0017 4640 ============================================================
12:10:40.0078 4640 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:10:40.0083 4640 ============================================================
12:10:40.0083 4640 \Device\Harddisk0\DR0:
12:10:40.0090 4640 MBR partitions:
12:10:40.0090 4640 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC350000
12:10:40.0090 4640 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x32A8C000
12:10:40.0090 4640 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3EDDC800, BlocksNum 0x35929800
12:10:40.0090 4640 ============================================================
12:10:40.0120 4640 C: <-> \Device\Harddisk0\DR0\Partition1
12:10:40.0146 4640 D: <-> \Device\Harddisk0\DR0\Partition2
12:10:40.0173 4640 E: <-> \Device\Harddisk0\DR0\Partition3
12:10:40.0173 4640 ============================================================
12:10:40.0173 4640 Initialize success
12:10:40.0173 4640 ============================================================
12:10:44.0163 4308 ============================================================
12:10:44.0163 4308 Scan started
12:10:44.0163 4308 Mode: Manual; 
12:10:44.0163 4308 ============================================================
12:10:44.0975 4308 ================ Scan services =============================
12:10:45.0062 4308 [ adc420616c501b45d26c0fd3ef1e54e4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
12:10:45.0064 4308 ACDaemon - ok
12:10:45.0146 4308 [ 1965aaffab07e3fb03c77f81beba3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
12:10:45.0151 4308 ACPI - ok
12:10:45.0245 4308 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:10:45.0252 4308 AdobeFlashPlayerUpdateSvc - ok
12:10:45.0277 4308 [ f14215e37cf124104575073f782111d2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:10:45.0282 4308 adp94xx - ok
12:10:45.0306 4308 [ 7d05a75e3066861a6610f7ee04ff085c ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:10:45.0310 4308 adpahci - ok
12:10:45.0321 4308 [ 820a201fe08a0c345b3bedbc30e1a77c ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
12:10:45.0323 4308 adpu160m - ok
12:10:45.0336 4308 [ 9b4ab6854559dc168fbb4c24fc52e794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:10:45.0338 4308 adpu320 - ok
12:10:45.0358 4308 [ 0f421175574bfe0bf2f4d8e910a253bb ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:10:45.0359 4308 AeLookupSvc - ok
12:10:45.0397 4308 [ c4f6ce6087760ad70960c9eb130e7943 ] AFD C:\Windows\system32\drivers\afd.sys
12:10:45.0402 4308 AFD - ok
12:10:45.0427 4308 [ f6f6793b7f17b550ecfdbd3b229173f7 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:10:45.0428 4308 agp440 - ok
12:10:45.0446 4308 [ 222cb641b4b8a1d1126f8033f9fd6a00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
12:10:45.0448 4308 aic78xx - ok
12:10:45.0458 4308 [ 5922f4f59b7868f3d74bbbbeb7b825a3 ] ALG C:\Windows\System32\alg.exe
12:10:45.0460 4308 ALG - ok
12:10:45.0472 4308 [ 157d0898d4b73f075ce9fa26b482df98 ] aliide C:\Windows\system32\drivers\aliide.sys
12:10:45.0473 4308 aliide - ok
12:10:45.0488 4308 [ 514089cb4a7df38dc4dd936ade4114d3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:10:45.0491 4308 AMD External Events Utility - ok
12:10:45.0498 4308 [ 970fa5059e61e30d25307b99903e991e ] amdide C:\Windows\system32\drivers\amdide.sys
12:10:45.0500 4308 amdide - ok
12:10:45.0508 4308 [ cdc3632a3a5ea4dbb83e46076a3165a1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:10:45.0509 4308 AmdK8 - ok
12:10:45.0891 4308 [ 9a4b92150a5e259a7159d914cc3a60d7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:10:46.0004 4308 amdkmdag - ok
12:10:46.0027 4308 [ 9deb889d152f9c9dba98be8986084535 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:10:46.0031 4308 amdkmdap - ok
12:10:46.0074 4308 [ 85180cf88c5ebad73b452a43a004ca51 ] AOL ACS C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
12:10:46.0075 4308 AOL ACS - ok
12:10:46.0105 4308 [ 9c37b3fd5615477cb9a0cd116cf43f5c ] Appinfo C:\Windows\System32\appinfo.dll
12:10:46.0106 4308 Appinfo - ok
12:10:46.0147 4308 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:10:46.0148 4308 Apple Mobile Device - ok
12:10:46.0167 4308 [ ba8417d4765f3988ff921f30f630e303 ] arc C:\Windows\system32\drivers\arc.sys
12:10:46.0169 4308 arc - ok
12:10:46.0190 4308 [ 9d41c435619733b34cc16a511e644b11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:10:46.0192 4308 arcsas - ok
12:10:46.0217 4308 [ 8065a7659562005127673ac52898675f ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
12:10:46.0218 4308 AsIO - ok
12:10:46.0232 4308 [ 22d13ff3dafec2a80634752b1eaa2de6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:10:46.0233 4308 AsyncMac - ok
12:10:46.0253 4308 [ e68d9b3a3905619732f7fe039466a623 ] atapi C:\Windows\system32\drivers\atapi.sys
12:10:46.0253 4308 atapi - ok
12:10:46.0297 4308 [ c3941eac6a5cd621f002b12c9ee4857b ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH6.sys
12:10:46.0299 4308 AtiHDAudioService - ok
12:10:46.0317 4308 [ 09149d03629a44f4773e621c432d1d89 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
12:10:46.0321 4308 atksgt - ok
12:10:46.0370 4308 [ 79318c744693ec983d20e9337a2f8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:10:46.0381 4308 AudioEndpointBuilder - ok
12:10:46.0388 4308 [ 79318c744693ec983d20e9337a2f8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:10:46.0391 4308 AudioSrv - ok
12:10:46.0595 4308 [ d67719bcfde5798f5c30d14efed3bcaf ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
12:10:46.0674 4308 AVGIDSAgent - ok
12:10:46.0700 4308 [ 1b2e9fcdc26dc7c81d4131430e2dc936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
12:10:46.0702 4308 AVGIDSDriver - ok
12:10:46.0716 4308 [ 0f293406f64b48d5d2f0d3a1117f3a83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
12:10:46.0717 4308 AVGIDSFilter - ok
12:10:46.0721 4308 [ cffc3a4a638f462e0561cb368b9a7a3a ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
12:10:46.0722 4308 AVGIDSHA - ok
12:10:46.0739 4308 [ 59955b4c288dd2a8b9fd2cd5158355c5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
12:10:46.0743 4308 Avgldx64 - ok
12:10:46.0763 4308 [ a6aec362aae5e2dda7445e7690cb0f33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
12:10:46.0765 4308 Avgmfx64 - ok
12:10:46.0768 4308 [ 645c7f0a0e39758a0024a9b1748273c0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
12:10:46.0770 4308 Avgrkx64 - ok
12:10:46.0788 4308 [ 1bee674ad792b1c63bb0dac5fa724b23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
12:10:46.0793 4308 Avgtdia - ok
12:10:46.0810 4308 [ ea1145debcd508fd25bd1e95c4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
12:10:46.0813 4308 avgwd - ok
12:10:46.0848 4308 [ ffb96c2589ffa60473ead78b39fbde29 ] BFE C:\Windows\System32\bfe.dll
12:10:46.0854 4308 BFE - ok
12:10:46.0895 4308 [ 6d316f4859634071cc25c4fd4589ad2c ] BITS C:\Windows\System32\qmgr.dll
12:10:46.0910 4308 BITS - ok
12:10:46.0934 4308 [ 79feeb40056683f8f61398d81dda65d2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
12:10:46.0935 4308 blbdrive - ok
12:10:46.0993 4308 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:10:47.0005 4308 Bonjour Service - ok
12:10:47.0033 4308 [ 2348447a80920b2493a9b582a23e81e1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:10:47.0035 4308 bowser - ok
12:10:47.0046 4308 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
12:10:47.0047 4308 BrFiltLo - ok
12:10:47.0054 4308 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
12:10:47.0055 4308 BrFiltUp - ok
12:10:47.0073 4308 [ a1b39de453433b115b4ea69ee0343816 ] Browser C:\Windows\System32\browser.dll
12:10:47.0075 4308 Browser - ok
12:10:47.0095 4308 [ f0f0ba4d815be446aa6a4583ca3bca9b ] Brserid C:\Windows\system32\drivers\brserid.sys
12:10:47.0097 4308 Brserid - ok
12:10:47.0110 4308 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
12:10:47.0112 4308 BrSerWdm - ok
12:10:47.0121 4308 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
12:10:47.0122 4308 BrUsbMdm - ok
12:10:47.0131 4308 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
12:10:47.0132 4308 BrUsbSer - ok
12:10:47.0141 4308 [ e0777b34e05f8a82a21856efc900c29f ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:10:47.0142 4308 BTHMODEM - ok
12:10:47.0154 4308 [ b4d787db8d30793a4d4df9feed18f136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:10:47.0156 4308 cdfs - ok
12:10:47.0175 4308 [ c025aa69be3d0d25c7a2e746ef6f94fc ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:10:47.0177 4308 cdrom - ok
12:10:47.0208 4308 [ 5a268127633c7ee2a7fb87f39d748d56 ] CertPropSvc C:\Windows\System32\certprop.dll
12:10:47.0210 4308 CertPropSvc - ok
12:10:47.0224 4308 [ 02ea568d498bbdd4ba55bf3fce34d456 ] circlass C:\Windows\system32\drivers\circlass.sys
12:10:47.0225 4308 circlass - ok
12:10:47.0251 4308 [ 3dca9a18b204939cfb24bea53e31eb48 ] CLFS C:\Windows\system32\CLFS.sys
12:10:47.0256 4308 CLFS - ok
12:10:47.0311 4308 [ 8ee772032e2fe80a924f3b8dd5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:10:47.0313 4308 clr_optimization_v2.0.50727_32 - ok
12:10:47.0343 4308 [ ce07a466201096f021cd09d631b21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:10:47.0345 4308 clr_optimization_v2.0.50727_64 - ok
12:10:47.0375 4308 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:10:47.0382 4308 clr_optimization_v4.0.30319_32 - ok
12:10:47.0421 4308 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:10:47.0424 4308 clr_optimization_v4.0.30319_64 - ok
12:10:47.0432 4308 [ e5d5499a1c50a54b5161296b6afe6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:10:47.0433 4308 cmdide - ok
12:10:47.0489 4308 [ 62b8ec0cb4c2e4afb2207e5a8dde48dc ] cmudaxp C:\Windows\system32\drivers\cmudaxp.sys
12:10:47.0505 4308 cmudaxp - ok
12:10:47.0515 4308 COMMONFX.DLL - ok
12:10:47.0523 4308 [ 7fb8ad01db0eabe60c8a861531a8f431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
12:10:47.0524 4308 Compbatt - ok
12:10:47.0527 4308 COMSysApp - ok
12:10:47.0598 4308 cpuz130 - ok
12:10:47.0623 4308 [ c08063f052308b6f5882482615387f30 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
12:10:47.0624 4308 cpuz135 - ok
12:10:47.0637 4308 [ a8585b6412253803ce8efcbd6d6dc15c ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:10:47.0638 4308 crcdisk - ok
12:10:47.0663 4308 [ 62740b9d2a137e8ced41a9e4239a7a31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:10:47.0666 4308 CryptSvc - ok
12:10:47.0669 4308 CT20XUT - ok
12:10:47.0673 4308 CT20XUT.DLL - ok
12:10:47.0677 4308 CT20XUT.SYS - ok
12:10:47.0690 4308 ctac32k - ok
12:10:47.0694 4308 ctaud2k - ok
12:10:47.0697 4308 CTAUDFX.DLL - ok
12:10:47.0701 4308 CTEAPSFX.DLL - ok
12:10:47.0704 4308 CTEDSPFX.DLL - ok
12:10:47.0708 4308 CTEDSPIO.DLL - ok
12:10:47.0712 4308 CTEDSPSY.DLL - ok
12:10:47.0715 4308 CTERFXFX.DLL - ok
12:10:47.0719 4308 CTEXFIFX - ok
12:10:47.0723 4308 CTEXFIFX.DLL - ok
12:10:47.0726 4308 CTEXFIFX.SYS - ok
12:10:47.0731 4308 CTHWIUT - ok
12:10:47.0735 4308 CTHWIUT.DLL - ok
12:10:47.0738 4308 CTHWIUT.SYS - ok
12:10:47.0741 4308 ctprxy2k - ok
12:10:47.0746 4308 CTSBLFX.DLL - ok
12:10:47.0749 4308 ctsfm2k - ok
12:10:47.0823 4308 [ 914a7156b0c0f10be645a02e13f576b2 ] DAUpdaterSvc D:\Program Files (x86)\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
12:10:47.0834 4308 DAUpdaterSvc - ok
12:10:47.0878 4308 [ cf8b9a3a5e7dc57724a89d0c3e8cf9ef ] DcomLaunch C:\Windows\system32\rpcss.dll
12:10:47.0888 4308 DcomLaunch - ok
12:10:47.0917 4308 [ 8b722ba35205c71e7951cdc4cdbade19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:10:47.0919 4308 DfsC - ok
12:10:48.0022 4308 [ c647f468f7de343df8c143655c5557d4 ] DFSR C:\Windows\system32\DFSR.exe
12:10:48.0087 4308 DFSR - ok
12:10:48.0122 4308 [ 3ed0321127ce70acdaabbf77e157c2a7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
12:10:48.0127 4308 Dhcp - ok
12:10:48.0148 4308 [ b0107e40ecdb5fa692ebf832f295d905 ] disk C:\Windows\system32\drivers\disk.sys
12:10:48.0150 4308 disk - ok
12:10:48.0173 4308 [ 06230f1b721494a6df8d47fd395bb1b0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:10:48.0175 4308 Dnscache - ok
12:10:48.0200 4308 [ 1a7156dd1e850e9914e5e991e3225b94 ] dot3svc C:\Windows\System32\dot3svc.dll
12:10:48.0204 4308 dot3svc - ok
12:10:48.0239 4308 [ 74c02b1717740c3b8039539e23e4b53f ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
12:10:48.0241 4308 Dot4 - ok
12:10:48.0258 4308 [ 08321d1860235bf42cf2854234337aea ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:10:48.0259 4308 Dot4Print - ok
12:10:48.0280 4308 [ 4adccf0124f2b6911d3786a5d0e779e5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
12:10:48.0281 4308 dot4usb - ok
12:10:48.0301 4308 [ 1583b39790db3eaec7edb0cb0140c708 ] DPS C:\Windows\system32\dps.dll
12:10:48.0304 4308 DPS - ok
12:10:48.0323 4308 [ f1a78a98cfc2ee02144c6bec945447e6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:10:48.0324 4308 drmkaud - ok
12:10:48.0359 4308 [ fb9bef3401ee5ecc2603311b9c64f44a ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:10:48.0362 4308 dtsoftbus01 - ok
12:10:48.0402 4308 [ b8e554e502d5123bc111f99d6a2181b4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:10:48.0412 4308 DXGKrnl - ok
12:10:48.0460 4308 [ 264cee7b031a9d6c827f3d0cb031f2fe ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
12:10:48.0462 4308 E1G60 - ok
12:10:48.0482 4308 [ c2303883fd9be49dc36a6400643002ea ] EapHost C:\Windows\System32\eapsvc.dll
12:10:48.0484 4308 EapHost - ok
12:10:48.0510 4308 [ 5f94962be5a62db6e447ff6470c4f48a ] Ecache C:\Windows\system32\drivers\ecache.sys
12:10:48.0513 4308 Ecache - ok
12:10:48.0545 4308 [ 14ce384d2e27b64c256bda4dc39c312d ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:10:48.0549 4308 ehRecvr - ok
12:10:48.0557 4308 [ b93159c1313d66fdfbbe876f5189cd52 ] ehSched C:\Windows\ehome\ehsched.exe
12:10:48.0560 4308 ehSched - ok
12:10:48.0567 4308 [ f5ee2527d74449868e3c3227a59bcd28 ] ehstart C:\Windows\ehome\ehstart.dll
12:10:48.0568 4308 ehstart - ok
12:10:48.0585 4308 [ c4636d6e10469404ab5308d9fd45ed07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:10:48.0590 4308 elxstor - ok
12:10:48.0610 4308 [ a9b18b63a4fd6baab83326706d857fab ] EMDMgmt C:\Windows\system32\emdmgmt.dll
12:10:48.0615 4308 EMDMgmt - ok
12:10:48.0633 4308 [ 7027cf2725f1d37755d6f76e99d3726f ] emupia C:\Windows\system32\drivers\emupia2k.sys
12:10:48.0635 4308 emupia - ok
12:10:48.0679 4308 [ bc3a58e938bb277e46bf4b3003b01abd ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:10:48.0680 4308 ErrDev - ok
12:10:48.0773 4308 [ e12f22b73f153dece721cd45ec05b4af ] EventSystem C:\Windows\system32\es.dll
12:10:48.0818 4308 EventSystem - ok
12:10:48.0857 4308 [ 486844f47b6636044a42454614ed4523 ] exfat C:\Windows\system32\drivers\exfat.sys
12:10:48.0860 4308 exfat - ok
12:10:48.0888 4308 [ 1a4bee34277784619ddaf0422c0c6e23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:10:48.0891 4308 fastfat - ok
12:10:48.0898 4308 [ 81b79b6df71fa1d2c6d688d830616e39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:10:48.0900 4308 fdc - ok
12:10:48.0903 4308 [ bb9267acacd8b7533dd936c34a0cba5e ] fdPHost C:\Windows\system32\fdPHost.dll
12:10:48.0904 4308 fdPHost - ok
12:10:48.0916 4308 [ 300c80931eabbe1db7591c516efe8d0f ] FDResPub C:\Windows\system32\fdrespub.dll
12:10:48.0917 4308 FDResPub - ok
12:10:48.0931 4308 [ 457b7d1d533e4bd62a99aed9c7bb4c59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:10:48.0933 4308 FileInfo - ok
12:10:48.0945 4308 [ d421327fd6efccaf884a54c58e1b0d7f ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:10:48.0946 4308 Filetrace - ok
12:10:48.0950 4308 [ 230923ea2b80f79b0f88d90f87b87ebd ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:10:48.0951 4308 flpydisk - ok
12:10:48.0974 4308 [ e3041bc26d6930d61f42aedb79c91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:10:48.0978 4308 FltMgr - ok
12:10:49.0038 4308 [ be1c5bd1ca7ed015bc6fa1ae67e592c8 ] FontCache C:\Windows\system32\FntCache.dll
12:10:49.0052 4308 FontCache - ok
12:10:49.0079 4308 [ bc5b0be5af3510b0fd8c140ee42c6d3e ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:10:49.0080 4308 FontCache3.0.0.0 - ok
12:10:49.0105 4308 [ 5779b86cd8b32519fbecb136394d946a ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:10:49.0107 4308 Fs_Rec - ok
12:10:49.0119 4308 [ c8e416668d3dc2be3d4fe4c79224997f ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:10:49.0121 4308 gagp30kx - ok
12:10:49.0131 4308 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:10:49.0132 4308 GEARAspiWDM - ok
12:10:49.0160 4308 [ a0e1b575ba8f504968cd40c0faeb2384 ] gpsvc C:\Windows\System32\gpsvc.dll
12:10:49.0170 4308 gpsvc - ok
12:10:49.0258 4308 [ 6e260e60d9e1ba8c5e282397b0be8c32 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
12:10:49.0277 4308 ha20x2k - ok
12:10:49.0300 4308 [ 68e732382b32417ff61fd663259b4b09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:10:49.0304 4308 HdAudAddService - ok
12:10:49.0336 4308 [ f942c5820205f2fb453243edfec82a3d ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:10:49.0348 4308 HDAudBus - ok
12:10:49.0361 4308 [ b4881c84a180e75b8c25dc1d726c375f ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:10:49.0363 4308 HidBth - ok
12:10:49.0374 4308 [ 4e77a77e2c986e8f88f996bb3e1ad829 ] HidIr C:\Windows\system32\drivers\hidir.sys
12:10:49.0380 4308 HidIr - ok
12:10:49.0384 4308 [ 59361d38a297755d46a540e450202b2a ] hidserv C:\Windows\system32\hidserv.dll
12:10:49.0385 4308 hidserv - ok
12:10:49.0399 4308 [ 443bdd2d30bb4f00795c797e2cf99edf ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:10:49.0400 4308 HidUsb - ok
12:10:49.0416 4308 [ b12f367ea39c0795fd57e31242ce1a5a ] hkmsvc C:\Windows\system32\kmsvc.dll
12:10:49.0418 4308 hkmsvc - ok
12:10:49.0433 4308 [ d7109a1e6bd2dfdbcba72a6bc626a13b ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
12:10:49.0434 4308 HpCISSs - ok
12:10:49.0519 4308 [ 97aac45a375168c6a2297beeb9692e31 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
12:10:49.0523 4308 hpqcxs08 - ok
12:10:49.0545 4308 [ 19a4fb67b1c97ea18edff44340973cd9 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
12:10:49.0548 4308 hpqddsvc - ok
12:10:49.0580 4308 [ 1be48b0542c91487bb8a94bf2278f55d ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
12:10:49.0595 4308 HPSLPSVC - ok
12:10:49.0622 4308 [ 098f1e4e5c9cb5b0063a959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:10:49.0631 4308 HTTP - ok
12:10:49.0641 4308 [ da94c854cea5fac549d4e1f6e88349e8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
12:10:49.0642 4308 i2omp - ok
12:10:49.0660 4308 [ cbb597659a2713ce0c9cc20c88c7591f ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:10:49.0662 4308 i8042prt - ok
12:10:49.0673 4308 [ 3e3bf3627d886736d0b4e90054f929f6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
12:10:49.0677 4308 iaStorV - ok
12:10:49.0716 4308 [ 749f5f8cedca70f2a512945325fc489d ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:10:49.0726 4308 idsvc - ok
12:10:49.0735 4308 [ 8c3951ad2fe886ef76c7b5027c3125d3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:10:49.0736 4308 iirsp - ok
12:10:49.0770 4308 [ 0c9ea6e654e7b0471741e343a6c671af ] IKEEXT C:\Windows\System32\ikeext.dll
12:10:49.0775 4308 IKEEXT - ok
12:10:49.0802 4308 [ df797a12176f11b2d301c5b234bb200e ] intelide C:\Windows\system32\drivers\intelide.sys
12:10:49.0803 4308 intelide - ok
12:10:49.0815 4308 [ bfd84af32fa1bad6231c4585cb469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:10:49.0817 4308 intelppm - ok
12:10:49.0836 4308 [ 5624bc1bc5eeb49c0ab76a8114f05ea3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:10:49.0838 4308 IPBusEnum - ok
12:10:49.0858 4308 [ d8aabc341311e4780d6fce8c73c0ad81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:10:49.0860 4308 IpFilterDriver - ok
12:10:49.0887 4308 [ bf0dbfa9792c5c14fa00f61c75116c1b ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:10:49.0890 4308 iphlpsvc - ok
12:10:49.0892 4308 IpInIp - ok
12:10:49.0909 4308 [ 9c2ee2e6e5a7203bfae15c299475ec67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
12:10:49.0910 4308 IPMIDRV - ok
12:10:49.0926 4308 [ b7e6212f581ea5f6ab0c3a6ceeeb89be ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
12:10:49.0928 4308 IPNAT - ok
12:10:49.0953 4308 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:10:49.0963 4308 iPod Service - ok
12:10:49.0973 4308 [ 8c42ca155343a2f11d29feca67faa88d ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:10:49.0974 4308 IRENUM - ok
12:10:49.0992 4308 [ 0672bfcedc6fc468a2b0500d81437f4f ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:10:49.0993 4308 isapnp - ok
12:10:50.0017 4308 [ e4fdf99599f27ec25d2cf6d754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:10:50.0021 4308 iScsiPrt - ok
12:10:50.0030 4308 [ 63c766cdc609ff8206cb447a65abba4a ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
12:10:50.0031 4308 iteatapi - ok
12:10:50.0053 4308 [ 1281fe73b17664631d12f643cbea3f59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
12:10:50.0054 4308 iteraid - ok
12:10:50.0079 4308 [ 8bc914191a15f1aa55d686ebfac81ee7 ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
12:10:50.0081 4308 JRAID - ok
12:10:50.0089 4308 [ 423696f3ba6472dd17699209b933bc26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:10:50.0091 4308 kbdclass - ok
12:10:50.0098 4308 [ dbdf75d51464fbc47d0104ec3d572c05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:10:50.0099 4308 kbdhid - ok
12:10:50.0116 4308 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] KeyIso C:\Windows\system32\lsass.exe
12:10:50.0118 4308 KeyIso - ok
12:10:50.0145 4308 [ 88956ad9fa510848ad176777a6c6c1f5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:10:50.0152 4308 KSecDD - ok
12:10:50.0165 4308 [ 1d419cf43db29396ecd7113d129d94eb ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:10:50.0167 4308 ksthunk - ok
12:10:50.0193 4308 [ 1faf6926f3416d3da05c5b265491bdae ] KtmRm C:\Windows\system32\msdtckrm.dll
12:10:50.0199 4308 KtmRm - ok
12:10:50.0223 4308 [ 073508533e422ce8bcee234eb35ceebf ] L1E C:\Windows\system32\DRIVERS\L1E60x64.sys
12:10:50.0224 4308 L1E - ok
12:10:50.0249 4308 [ 50c7a3cb427e9bb5ed0708a669956ab5 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:10:50.0253 4308 LanmanServer - ok
12:10:50.0282 4308 [ caf86fc1388be1e470f1a7b43e348adb ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:10:50.0285 4308 LanmanWorkstation - ok
12:10:50.0307 4308 [ 5ea407821bb3104c31a705175ab4f309 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
12:10:50.0308 4308 lirsgt - ok
12:10:50.0312 4308 [ 96ece2659b6654c10a0c310ae3a6d02c ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:10:50.0313 4308 lltdio - ok
12:10:50.0341 4308 [ 961ccbd0b1ccb5675d64976fae37d092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:10:50.0345 4308 lltdsvc - ok
12:10:50.0355 4308 [ a47f8080cacc23c91fe823ad19aa5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:10:50.0356 4308 lmhosts - ok
12:10:50.0374 4308 [ acbe1af32d3123e330a07bfbc5ec4a9b ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:10:50.0389 4308 LSI_FC - ok
12:10:50.0418 4308 [ 799ffb2fc4729fa46d2157c0065b3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:10:50.0420 4308 LSI_SAS - ok
12:10:50.0429 4308 [ f445ff1daad8a226366bfaf42551226b ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:10:50.0431 4308 LSI_SCSI - ok
12:10:50.0447 4308 [ 52f87b9cc8932c2a7375c3b2a9be5e3e ] luafv C:\Windows\system32\drivers\luafv.sys
12:10:50.0450 4308 luafv - ok
12:10:50.0474 4308 [ 79d51e7f5926e8ce1b3ebecebae28cff ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
12:10:50.0477 4308 mcdbus - ok
12:10:50.0493 4308 [ 76a58df02bd4ea29f189b82d0bef17f8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:10:50.0495 4308 Mcx2Svc - ok
12:10:50.0511 4308 [ 5c5cd6aaced32fb26c3fb34b3dcf972f ] megasas C:\Windows\system32\drivers\megasas.sys
12:10:50.0512 4308 megasas - ok
12:10:50.0527 4308 [ 859bc2436b076c77c159ed694acfe8f8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
12:10:50.0533 4308 MegaSR - ok
12:10:50.0541 4308 [ 3cbe4995e80e13ccfbc42e5dcf3ac81a ] MMCSS C:\Windows\system32\mmcss.dll
12:10:50.0542 4308 MMCSS - ok
12:10:50.0554 4308 [ 59848d5cc74606f0ee7557983bb73c2e ] Modem C:\Windows\system32\drivers\modem.sys
12:10:50.0555 4308 Modem - ok
12:10:50.0576 4308 [ c247cc2a57e0a0c8c6dccf7807b3e9e5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:10:50.0577 4308 monitor - ok
12:10:50.0580 4308 [ 9367304e5e412b120cf5f4ea14e4e4f1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:10:50.0581 4308 mouclass - ok
12:10:50.0594 4308 [ c2c2bd5c5ce5aaf786ddd74b75d2ac69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:10:50.0595 4308 mouhid - ok
12:10:50.0600 4308 [ 11bc9b1e8801b01f7f6adb9ead30019b ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
12:10:50.0601 4308 MountMgr - ok
12:10:50.0641 4308 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:10:50.0643 4308 MozillaMaintenance - ok
12:10:50.0667 4308 [ f8276eb8698142884498a528dfea8478 ] mpio  C:\Windows\system32\drivers\mpio.sys
12:10:50.0670 4308 mpio - ok
12:10:50.0678 4308 [ c92b9abdb65a5991e00c28f13491dba2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:10:50.0680 4308 mpsdrv - ok
12:10:50.0729 4308 [ 897e3baf68ba406a61682ae39c83900c ] MpsSvc C:\Windows\system32\mpssvc.dll
12:10:50.0738 4308 MpsSvc - ok
12:10:50.0752 4308 [ 3c200630a89ef2c0864d515b7a75802e ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
12:10:50.0754 4308 Mraid35x - ok
12:10:50.0776 4308 [ 7c1de4aa96dc0c071611f9e7de02a68d ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:10:50.0779 4308 MRxDAV - ok
12:10:50.0792 4308 [ 1485811b320ff8c7edad1caebb1c6c2b ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:10:50.0795 4308 mrxsmb - ok
12:10:50.0821 4308 [ 3b929a60c833fc615fd97fba82bc7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:10:50.0825 4308 mrxsmb10 - ok
12:10:50.0840 4308 [ c64ab3e1f53b4f5b5bb6d796b2d7bec3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:10:50.0842 4308 mrxsmb20 - ok
12:10:50.0854 4308 [ 1ac860612b85d8e85ee257d372e39f4d ] msahci C:\Windows\system32\drivers\msahci.sys
12:10:50.0855 4308 msahci - ok
12:10:50.0867 4308 [ 264bbb4aaf312a485f0e44b65a6b7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:10:50.0870 4308 msdsm - ok
12:10:50.0885 4308 [ 7ec02ce772f068ed0beafa3da341a9bc ] MSDTC C:\Windows\System32\msdtc.exe
12:10:50.0888 4308 MSDTC - ok
12:10:50.0906 4308 [ 704f59bfc4512d2bb0146aec31b10a7c ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:10:50.0908 4308 Msfs - ok
12:10:50.0920 4308 [ 00ebc952961664780d43dca157e79b27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:10:50.0922 4308 msisadrv - ok
12:10:50.0942 4308 [ 366b0c1f4478b519c181e37d43dcda32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:10:50.0945 4308 MSiSCSI - ok
12:10:50.0950 4308 msiserver - ok
12:10:50.0970 4308 [ 0ea73e498f53b96d83dbfca074ad4cf8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:10:50.0971 4308 MSKSSRV - ok
12:10:50.0996 4308 [ 52e59b7e992a58e740aa63f57edbae8b ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:10:50.0997 4308 MSPCLOCK - ok
12:10:51.0008 4308 [ 49084a75bae043ae02d5b44d02991bb2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:10:51.0010 4308 MSPQM - ok
12:10:51.0035 4308 [ dc6ccf440cdede4293db41c37a5060a5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:10:51.0039 4308 MsRPC - ok
12:10:51.0066 4308 [ 855796e59df77ea93af46f20155bf55b ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:10:51.0078 4308 mssmbios - ok
12:10:51.0088 4308 [ 86d632d75d05d5b7c7c043fa3564ae86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:10:51.0089 4308 MSTEE - ok
12:10:51.0116 4308 [ 6936198f2cc25b39cf5262436c80df46 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
12:10:51.0117 4308 MTsensor - ok
12:10:51.0125 4308 [ 0cc49f78d8aca0877d885f149084e543 ] Mup C:\Windows\system32\Drivers\mup.sys
12:10:51.0127 4308 Mup - ok
12:10:51.0138 4308 [ a5b10c845e7538c60c0f5d87a57cb3f5 ] napagent C:\Windows\system32\qagentRT.dll
12:10:51.0145 4308 napagent - ok
12:10:51.0166 4308 [ 2007b826c4acd94ae32232b41f0842b9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:10:51.0169 4308 NativeWifiP - ok
12:10:51.0205 4308 [ 65950e07329fcee8e6516b17c8d0abb6 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:10:51.0215 4308 NDIS - ok
12:10:51.0221 4308 [ 64df698a425478e321981431ac171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:10:51.0222 4308 NdisTapi - ok
12:10:51.0231 4308 [ 8baa43196d7b5bb972c9a6b2bbf61a19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:10:51.0232 4308 Ndisuio - ok
12:10:51.0256 4308 [ f8158771905260982ce724076419ef19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:10:51.0258 4308 NdisWan - ok
12:10:51.0264 4308 [ 9cb77ed7cb72850253e973a2d6afdf49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:10:51.0266 4308 NDProxy - ok
12:10:51.0298 4308 [ 2334dc48997ba203b794df3ee70521db ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:10:51.0300 4308 Net Driver HPZ12 - ok
12:10:51.0313 4308 [ a499294f5029a7862adc115bda7371ce ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:10:51.0314 4308 NetBIOS - ok
12:10:51.0336 4308 [ fc2c792ebddc8e28df939d6a92c83d61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
12:10:51.0339 4308 netbt - ok
12:10:51.0350 4308 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] Netlogon C:\Windows\system32\lsass.exe
12:10:51.0351 4308 Netlogon - ok
12:10:51.0370 4308 [ 9b63b29defc0f3115a559d2597bf5d75 ] Netman C:\Windows\System32\netman.dll
12:10:51.0380 4308 Netman - ok
12:10:51.0392 4308 [ 7846d0136cc2b264926a73047ba7688a ] netprofm C:\Windows\System32\netprofm.dll
12:10:51.0397 4308 netprofm - ok
12:10:51.0417 4308 [ 74751dda198165947fd7454d83f49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:10:51.0420 4308 NetTcpPortSharing - ok
12:10:51.0434 4308 [ 4ac08bd6af2df42e0c3196d826c8aea7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:10:51.0435 4308 nfrd960 - ok
12:10:51.0452 4308 [ f145bf4c4668e7e312069f81ef847cfc ] NlaSvc C:\Windows\System32\nlasvc.dll
12:10:51.0456 4308 NlaSvc - ok
12:10:51.0468 4308 nlsX86cc - ok
12:10:51.0483 4308 [ b298874f8e0ea93f06ec40aa8d146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:10:51.0485 4308 Npfs - ok
12:10:51.0494 4308 [ acb62baa1c319b17752553df3026eeeb ] nsi C:\Windows\system32\nsisvc.dll
12:10:51.0496 4308 nsi - ok
12:10:51.0508 4308 [ 1523af19ee8b030ba682f7a53537eaeb ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:10:51.0509 4308 nsiproxy - ok
12:10:51.0557 4308 [ bac869dfb98e499ba4d9bb1fb43270e1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:10:51.0578 4308 Ntfs - ok
12:10:51.0592 4308 [ dd5d684975352b85b52e3fd5347c20cb ] Null C:\Windows\system32\drivers\Null.sys
12:10:51.0593 4308 Null - ok
12:10:51.0614 4308 [ 2c040b7ada5b06f6facadac8514aa034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:10:51.0617 4308 nvraid - ok
12:10:51.0631 4308 [ f7ea0fe82842d05eda3efdd376dbfdba ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:10:51.0633 4308 nvstor - ok
12:10:51.0649 4308 [ 19067ca93075ef4823e3938a686f532f ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:10:51.0651 4308 nv_agp - ok
12:10:51.0655 4308 NwlnkFlt - ok
12:10:51.0658 4308 NwlnkFwd - ok
12:10:51.0724 4308 [ 6ff0f6c590e92ff1dc559b3b1b3b1b11 ] O&O Defrag C:\Program Files\OO Software\Defrag\oodag.exe
12:10:51.0766 4308 O&O Defrag - ok
12:10:51.0834 4308 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:10:51.0840 4308 odserv - ok
12:10:51.0872 4308 [ b5b1ce65ac15bbd11c0619e3ef7cfc28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
12:10:51.0874 4308 ohci1394 - ok
12:10:51.0908 4308 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:10:51.0910 4308 ose - ok
12:10:51.0913 4308 ossrv - ok
12:10:51.0948 4308 [ 9ae31d2e1d15c10d91318e0ec149ceac ] p2pimsvc C:\Windows\system32\p2psvc.dll
12:10:51.0959 4308 p2pimsvc - ok
12:10:51.0981 4308 [ 9ae31d2e1d15c10d91318e0ec149ceac ] p2psvc C:\Windows\system32\p2psvc.dll
12:10:51.0987 4308 p2psvc - ok
12:10:52.0006 4308 [ aecd57f94c887f58919f307c35498ea0 ] Parport C:\Windows\system32\drivers\parport.sys
12:10:52.0014 4308 Parport - ok
12:10:52.0034 4308 [ b43751085e2abe389da466bc62a4b987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:10:52.0036 4308 partmgr - ok
12:10:52.0056 4308 [ 9ab157b374192ff276c1628fbdba2b0e ] PcaSvc C:\Windows\System32\pcasvc.dll
12:10:52.0058 4308 PcaSvc - ok
12:10:52.0085 4308 [ 47ab1e0fc9d0e12bb53ba246e3a0906d ] pci C:\Windows\system32\drivers\pci.sys
12:10:52.0088 4308 pci - ok
12:10:52.0101 4308 [ 2657f6c0b78c36d95034be109336e382 ] pciide C:\Windows\system32\drivers\pciide.sys
12:10:52.0103 4308 pciide - ok
12:10:52.0116 4308 [ 037661f3d7c507c9993b7010ceee6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:10:52.0119 4308 pcmcia - ok
12:10:52.0153 4308 [ af7ce12c4f3dc8cb2b07685c916bbcfe ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
12:10:52.0155 4308 pcouffin - ok
12:10:52.0180 4308 [ 58865916f53592a61549b04941bfd80d ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:10:52.0189 4308 PEAUTH - ok
12:10:52.0251 4308 [ 0ed8727ea0172860f47258456c06caea ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:10:52.0253 4308 PerfHost - ok
12:10:52.0299 4308 [ e9e68c1a0f25cf4a7ac966eea74ee89e ] pla C:\Windows\system32\pla.dll
12:10:52.0317 4308 pla - ok
12:10:52.0346 4308 [ fe6b0f59215c9fd9f9d26539c58c8b82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:10:52.0352 4308 PlugPlay - ok
12:10:52.0357 4308 [ ac78df349f0e4cfb8b667c0cfff83cce ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:10:52.0360 4308 Pml Driver HPZ12 - ok
12:10:52.0363 4308 PnkBstrA - ok
12:10:52.0382 4308 [ 9ae31d2e1d15c10d91318e0ec149ceac ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
12:10:52.0388 4308 PNRPAutoReg - ok
12:10:52.0399 4308 [ 9ae31d2e1d15c10d91318e0ec149ceac ] PNRPsvc C:\Windows\system32\p2psvc.dll
12:10:52.0405 4308 PNRPsvc - ok
12:10:52.0460 4308 [ 89a5560671c2d8b4a4b51f3e1aa069d8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:10:52.0474 4308 PolicyAgent - ok
12:10:52.0499 4308 [ 23386e9952025f5f21c368971e2e7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:10:52.0501 4308 PptpMiniport - ok
12:10:52.0515 4308 [ 5080e59ecee0bc923f14018803aa7a01 ] Processor C:\Windows\system32\drivers\processr.sys
12:10:52.0516 4308 Processor - ok
12:10:52.0544 4308 [ e058ce4fc2449d8bfa14739c83b7ff2a ] ProfSvc C:\Windows\system32\profsvc.dll
12:10:52.0553 4308 ProfSvc - ok
12:10:52.0566 4308 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] ProtectedStorage C:\Windows\system32\lsass.exe
12:10:52.0568 4308 ProtectedStorage - ok
12:10:52.0589 4308 [ c5ab7f0809392d0da027f4a2a81bfa31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
12:10:52.0591 4308 PSched - ok
12:10:52.0619 4308 [ 0b83f4e681062f3839be2ec1d98fd94a ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:10:52.0635 4308 ql2300 - ok
12:10:52.0649 4308 [ e1c80f8d4d1e39ef9595809c1369bf2a ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:10:52.0652 4308 ql40xx - ok
12:10:52.0668 4308 [ 90574842c3da781e279061a3eff91f07 ] QWAVE C:\Windows\system32\qwave.dll
12:10:52.0673 4308 QWAVE - ok
12:10:52.0680 4308 [ e8d76edab77ec9c634c27b8eac33adc5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:10:52.0682 4308 QWAVEdrv - ok
12:10:52.0750 4308 [ a55e7d0d873b2c97585b3b5926ac6ade ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
12:10:52.0753 4308 RapiMgr - ok
12:10:52.0759 4308 [ 1013b3b663a56d3ddd784f581c1bd005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:10:52.0760 4308 RasAcd - ok
12:10:52.0778 4308 [ b2ae18f847d07f0044404ddf7cb04497 ] RasAuto C:\Windows\System32\rasauto.dll
12:10:52.0781 4308 RasAuto - ok
12:10:52.0801 4308 [ ac7bc4d42a7e558718dfdec599bbfc2c ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:10:52.0803 4308 Rasl2tp - ok
12:10:52.0816 4308 [ 3ad83e4046c43be510de681588acb8af ] RasMan C:\Windows\System32\rasmans.dll
12:10:52.0822 4308 RasMan - ok
12:10:52.0842 4308 [ 4517fbf8b42524afe4ede1de102aae3e ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:10:52.0843 4308 RasPppoe - ok
12:10:52.0868 4308 [ c6a593b51f34c33e5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:10:52.0870 4308 RasSstp - ok
12:10:52.0896 4308 [ 322db5c6b55e8d8ee8d6f358b2aaabb1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:10:52.0901 4308 rdbss - ok
12:10:52.0915 4308 [ 603900cc05f6be65ccbf373800af3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:10:52.0916 4308 RDPCDD - ok
12:10:52.0936 4308 [ c045d1fb111c28df0d1be8d4bda22c06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
12:10:52.0940 4308 rdpdr - ok
12:10:52.0944 4308 [ cab9421daf3d97b33d0d055858e2c3ab ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:10:52.0945 4308 RDPENCDD - ok
12:10:52.0966 4308 [ ae4bd9e1c33d351d8e607fc81f15160c ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:10:52.0970 4308 RDPWD - ok
12:10:52.0994 4308 [ c612b9557da73f70d41f8a6fbc8e5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:10:52.0997 4308 RemoteAccess - ok
12:10:53.0021 4308 [ 44b9d8ec2f3ef3a0efb00857af70d861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:10:53.0025 4308 RemoteRegistry - ok
12:10:53.0042 4308 [ f46c457840d4b7a4daafee739ce04102 ] RpcLocator C:\Windows\system32\locator.exe
12:10:53.0043 4308 RpcLocator - ok
12:10:53.0082 4308 [ cf8b9a3a5e7dc57724a89d0c3e8cf9ef ] RpcSs C:\Windows\system32\rpcss.dll
12:10:53.0088 4308 RpcSs - ok
12:10:53.0105 4308 [ 22a9cb08b1a6707c1550c6bf099aae73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:10:53.0126 4308 rspndr - ok
12:10:53.0130 4308 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] SamSs C:\Windows\system32\lsass.exe
12:10:53.0131 4308 SamSs - ok
12:10:53.0133 4308 SASKUTIL - ok
12:10:53.0153 4308 [ cd9c693589c60ad59bbbcfb0e524e01b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:10:53.0155 4308 sbp2port - ok
12:10:53.0177 4308 [ fd1cdcf108d5ef3366f00d18b70fb89b ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:10:53.0180 4308 SCardSvr - ok
12:10:53.0213 4308 [ 0f838c811ad295d2a4489b9993096c63 ] Schedule C:\Windows\system32\schedsvc.dll
12:10:53.0225 4308 Schedule - ok
12:10:53.0249 4308 [ 5a268127633c7ee2a7fb87f39d748d56 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:10:53.0250 4308 SCPolicySvc - ok
12:10:53.0259 4308 [ 4ff71b076a7760fe75ea5ae2d0ee0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:10:53.0262 4308 SDRSVC - ok
12:10:53.0273 4308 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:10:53.0275 4308 secdrv - ok
12:10:53.0280 4308 [ 5acdcbc67fcf894a1815b9f96d704490 ] seclogon C:\Windows\system32\seclogon.dll
12:10:53.0282 4308 seclogon - ok
12:10:53.0295 4308 [ 90973a64b96cd647ff81c79443618eed ] SENS C:\Windows\System32\sens.dll
12:10:53.0297 4308 SENS - ok
12:10:53.0308 4308 [ 2449316316411d65bd2c761a6ffb2ce2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:10:53.0309 4308 Serenum - ok
12:10:53.0327 4308 [ 4b438170be2fc8e0bd35ee87a960f84f ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:10:53.0329 4308 Serial - ok
12:10:53.0342 4308 [ a842f04833684bceea7336211be478df ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:10:53.0343 4308 sermouse - ok
12:10:53.0362 4308 [ a8e4a4407a09f35dccc3771af590b0c4 ] SessionEnv C:\Windows\system32\sessenv.dll
12:10:53.0365 4308 SessionEnv - ok
12:10:53.0389 4308 [ 14d4b4465193a87c127933978e8c4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:10:53.0391 4308 sffdisk - ok
12:10:53.0400 4308 [ 7073aee3f82f3d598e3825962aa98ab2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:10:53.0401 4308 sffp_mmc - ok
12:10:53.0417 4308 [ 35e59ebe4a01a0532ed67975161c7b82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:10:53.0419 4308 sffp_sd - ok
12:10:53.0435 4308 [ 6b7838c94135768bd455cbdc23e39e5f ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:10:53.0436 4308 sfloppy - ok
12:10:53.0459 4308 [ 4c5aee179da7e1ee9a9ccb9da289af34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:10:53.0464 4308 SharedAccess - ok
12:10:53.0494 4308 [ 56793271ecdedd350c5add305603e963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:10:53.0499 4308 ShellHWDetection - ok
12:10:53.0512 4308 [ 7a5de502aeb719d4594c6471060a78b3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
12:10:53.0514 4308 SiSRaid2 - ok
12:10:53.0525 4308 [ 3a2f769fab9582bc720e11ea1dfb184d ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:10:53.0527 4308 SiSRaid4 - ok
12:10:53.0622 4308 [ f07af60b152221472fbdb2fecec4896d ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:10:53.0641 4308 SkypeUpdate - ok
12:10:53.0772 4308 [ a9a27a8e257b45a604fdad4f26fe7241 ] slsvc C:\Windows\system32\SLsvc.exe
12:10:53.0805 4308 slsvc - ok
12:10:53.0871 4308 [ fd74b4b7c2088e390a30c85a896fc3af ] SLUINotify C:\Windows\system32\SLUINotify.dll
12:10:53.0911 4308 SLUINotify - ok
12:10:53.0960 4308 [ 290b6f6a0ec4fcdfc90f5cb6d7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:10:53.0979 4308 Smb - ok
12:10:54.0013 4308 [ f8f47f38909823b1af28d60b96340cff ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:10:54.0030 4308 SNMPTRAP - ok
12:10:54.0054 4308 [ 5f9785e7535f8f602cb294a54962c9e7 ] speedfan C:\Windows\syswow64\speedfan.sys
12:10:54.0056 4308 speedfan - ok
12:10:54.0067 4308 [ 386c3c63f00a7040c7ec5e384217e89d ] spldr C:\Windows\system32\drivers\spldr.sys
12:10:54.0068 4308 spldr - ok
12:10:54.0095 4308 [ f66ff751e7efc816d266977939ef5dc3 ] Spooler C:\Windows\System32\spoolsv.exe
12:10:54.0101 4308 Spooler - ok
12:10:54.0143 4308 [ 4b3f898dc1378ced2f35d04e5b0ce0df ] sptd C:\Windows\System32\Drivers\sptd.sys
12:10:54.0144 4308 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 4b3f898dc1378ced2f35d04e5b0ce0df
12:10:54.0144 4308 sptd ( LockedFile.Multi.Generic ) - warning
12:10:54.0144 4308 sptd - detected LockedFile.Multi.Generic (1)
12:10:54.0295 4308 [ 880a57fccb571ebd063d4dd50e93e46d ] srv C:\Windows\system32\DRIVERS\srv.sys
12:10:54.0316 4308 srv - ok
12:10:54.0342 4308 [ a1ad14a6d7a37891fffeca35ebbb0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:10:54.0344 4308 srv2 - ok
12:10:54.0377 4308 [ 4bed62f4fa4d8300973f1151f4c4d8a7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:10:54.0379 4308 srvnet - ok
12:10:54.0390 4308 [ 192c74646ec5725aef3f80d19ff75f6a ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:10:54.0394 4308 SSDPSRV - ok
12:10:54.0402 4308 [ 2ee3fa0308e6185ba64a9a7f2e74332b ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:10:54.0406 4308 SstpSvc - ok
12:10:54.0416 4308 Steam Client Service - ok
12:10:54.0451 4308 [ 15825c1fbfb8779992cb65087f316af5 ] stisvc C:\Windows\System32\wiaservc.dll
12:10:54.0460 4308 stisvc - ok
12:10:54.0480 4308 [ 8a851ca908b8b974f89c50d2e18d4f0c ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:10:54.0481 4308 swenum - ok
12:10:54.0505 4308 [ 6de37f4de19d4efd9c48c43addbc949a ] swprv C:\Windows\System32\swprv.dll
12:10:54.0513 4308 swprv - ok
12:10:54.0530 4308 [ 2f26a2c6fc96b29beff5d8ed74e6625b ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
12:10:54.0531 4308 Symc8xx - ok
12:10:54.0537 4308 [ a909667976d3bccd1df813fed517d837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
12:10:54.0539 4308 Sym_hi - ok
12:10:54.0552 4308 [ 36887b56ec2d98b9c362f6ae4de5b7b0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
12:10:54.0554 4308 Sym_u3 - ok
12:10:54.0589 4308 [ 92d7a8b0f87b036f17d25885937897a6 ] SysMain C:\Windows\system32\sysmain.dll
12:10:54.0607 4308 SysMain - ok
12:10:54.0627 4308 [ 005ce42567f9113a3bccb3b20073b029 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:10:54.0630 4308 TabletInputService - ok
12:10:54.0658 4308 [ cc2562b4d55e0b6a4758c65407f63b79 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:10:54.0664 4308 TapiSrv - ok
12:10:54.0670 4308 [ cdbe8d7c1e201b911cdc346d06617fb5 ] TBS C:\Windows\System32\tbssvc.dll
12:10:54.0674 4308 TBS - ok
12:10:54.0723 4308 [ 46d448e9117464e4d3bbf36d7e3fa48e ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:10:54.0752 4308 Tcpip - ok
12:10:54.0771 4308 [ 46d448e9117464e4d3bbf36d7e3fa48e ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
12:10:54.0779 4308 Tcpip6 - ok
12:10:54.0832 4308 [ c7e72a4071ee0200e3c075dacfb2b334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:10:54.0848 4308 tcpipreg - ok
12:10:54.0864 4308 [ 1d8bf4aaa5fb7a2761475781dc1195bc ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:10:54.0865 4308 TDPIPE - ok
12:10:54.0874 4308 [ 7f7e00cdf609df657f4cda02dd1c9bb1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:10:54.0875 4308 TDTCP - ok
12:10:54.0893 4308 [ 458919c8c42e398dc4802178d5ffee27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:10:54.0895 4308 tdx - ok
12:10:54.0904 4308 [ 8c19678d22649ec002ef2282eae92f98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:10:54.0905 4308 TermDD - ok
12:10:54.0933 4308 [ 5cdd30bc217082dac71a9878d9bfd566 ] TermService C:\Windows\System32\termsrv.dll
12:10:54.0943 4308 TermService - ok
12:10:54.0961 4308 [ 56793271ecdedd350c5add305603e963 ] Themes C:\Windows\system32\shsvcs.dll
12:10:54.0964 4308 Themes - ok
12:10:54.0974 4308 [ 3cbe4995e80e13ccfbc42e5dcf3ac81a ] THREADORDER C:\Windows\system32\mmcss.dll
12:10:54.0975 4308 THREADORDER - ok
12:10:55.0016 4308 [ f4689f05af472a651a7b1b7b02d200e7 ] TrkWks C:\Windows\System32\trkwks.dll
12:10:55.0038 4308 TrkWks - ok
12:10:55.0083 4308 [ 66328b08ef5a9305d8ede36b93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:10:55.0084 4308 TrustedInstaller - ok
12:10:55.0100 4308 [ 9e5409cd17c8bef193aad498f3bc2cb8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:10:55.0102 4308 tssecsrv - ok
12:10:55.0121 4308 [ 89ec74a9e602d16a75a4170511029b3c ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
12:10:55.0122 4308 tunmp - ok
12:10:55.0153 4308 [ 30a9b3f45ad081bffc3bcaa9c812b609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:10:55.0155 4308 tunnel - ok
12:10:55.0164 4308 [ fec266ef401966311744bd0f359f7f56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:10:55.0166 4308 uagp35 - ok
12:10:55.0187 4308 [ faf2640a2a76ed03d449e443194c4c34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:10:55.0192 4308 udfs - ok
12:10:55.0200 4308 [ 060507c4113391394478f6953a79eedc ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:10:55.0202 4308 UI0Detect - ok
12:10:55.0212 4308 [ 4ec9447ac3ab462647f60e547208ca00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:10:55.0214 4308 uliagpkx - ok
12:10:55.0233 4308 [ 697f0446134cdc8f99e69306184fbbb4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
12:10:55.0238 4308 uliahci - ok
12:10:55.0248 4308 [ 31707f09846056651ea2c37858f5ddb0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
12:10:55.0250 4308 UlSata - ok
12:10:55.0267 4308 [ 85e5e43ed5b48c8376281bab519271b7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
12:10:55.0270 4308 ulsata2 - ok
12:10:55.0283 4308 [ 46e9a994c4fed537dd951f60b86ad3f4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:10:55.0285 4308 umbus - ok
12:10:55.0295 4308 [ 7093799ff80e9deca0680d2e3535be60 ] upnphost C:\Windows\System32\upnphost.dll
12:10:55.0302 4308 upnphost - ok
12:10:55.0324 4308 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
12:10:55.0325 4308 USBAAPL64 - ok
12:10:55.0347 4308 [ c6ba890de6e41857fbe84175519cae7d ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:10:55.0349 4308 usbaudio - ok
12:10:55.0370 4308 [ 07e3498fc60834219d2356293da0fecc ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:10:55.0377 4308 usbccgp - ok
12:10:55.0392 4308 [ 9247f7e0b65852c1f6631480984d6ed2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:10:55.0394 4308 usbcir - ok
12:10:55.0413 4308 [ 827e44de934a736ea31e91d353eb126f ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:10:55.0415 4308 usbehci - ok
12:10:55.0438 4308 [ bb35cd80a2ececfadc73569b3d70c7d1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:10:55.0442 4308 usbhub - ok
12:10:55.0462 4308 [ eba14ef0c07cec233f1529c698d0d154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:10:55.0463 4308 usbohci - ok
12:10:55.0488 4308 [ 28b693b6d31e7b9332c1bdcefef228c1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:10:55.0489 4308 usbprint - ok
12:10:55.0507 4308 [ b854c1558fca0c269a38663e8b59b581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:10:55.0509 4308 USBSTOR - ok
12:10:55.0518 4308 [ b2872cbf9f47316abd0e0c74a1aba507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:10:55.0519 4308 usbuhci - ok
12:10:55.0537 4308 [ 1e36bb1a3c5aaf2aa9fa9a126df8c16c ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
12:10:55.0552 4308 usb_rndisx - ok
12:10:55.0578 4308 [ d76e231e4850bb3f88a3d9a78df191e3 ] UxSms C:\Windows\System32\uxsms.dll
12:10:55.0581 4308 UxSms - ok
12:10:55.0605 4308 [ 84bb306b7863883018d7f3eb0c453bd5 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
12:10:55.0607 4308 VClone - ok
12:10:55.0634 4308 [ 294945381dfa7ce58cecf0a9896af327 ] vds C:\Windows\System32\vds.exe
12:10:55.0642 4308 vds - ok
12:10:55.0654 4308 [ 916b94bcf1e09873fff2d5fb11767bbc ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:10:55.0655 4308 vga - ok
12:10:55.0671 4308 [ b83ab16b51feda65dd81b8c59d114d63 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:10:55.0672 4308 VgaSave - ok
12:10:55.0686 4308 [ 8294b6c3fdb6c33f24e150de647ecdaa ] viaide C:\Windows\system32\drivers\viaide.sys
12:10:55.0688 4308 viaide - ok
12:10:55.0708 4308 [ 2b7e885ed951519a12c450d24535dfca ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:10:55.0710 4308 volmgr - ok
12:10:55.0737 4308 [ cec5ac15277d75d9e5dec2e1c6eaf877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:10:55.0743 4308 volmgrx - ok
12:10:55.0766 4308 [ 5280aada24ab36b01a84a6424c475c8d ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:10:55.0770 4308 volsnap - ok
12:10:55.0774 4308 vpnva - ok
12:10:55.0785 4308 [ a68f455ed2673835209318dd61bfbb0e ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:10:55.0788 4308 vsmraid - ok
12:10:55.0836 4308 [ b75232dad33bfd95bf6f0a3e6bff51e1 ] VSS C:\Windows\system32\vssvc.exe
12:10:55.0855 4308 VSS - ok
12:10:55.0936 4308 [ f14a7de2ea41883e250892e1e5230a9a ] W32Time C:\Windows\system32\w32time.dll
12:10:55.0949 4308 W32Time - ok
12:10:55.0967 4308 [ fef8fe5923fead2cee4dfabfce3393a7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:10:55.0969 4308 WacomPen - ok
12:10:55.0995 4308 [ b8e7049622300d20ba6d8be0c47c0cfd ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
12:10:55.0997 4308 Wanarp - ok
12:10:56.0002 4308 [ b8e7049622300d20ba6d8be0c47c0cfd ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:10:56.0003 4308 Wanarpv6 - ok
12:10:56.0024 4308 [ eceb715bece47e101ddec06b11126066 ] wanatw C:\Windows\system32\DRIVERS\wanatw64.sys
12:10:56.0025 4308 wanatw - ok
12:10:56.0041 4308 [ 8bda6db43aa54e8bb5e0794541ddc209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
12:10:56.0046 4308 WcesComm - ok
12:10:56.0100 4308 [ b4e4c37d0aa6100090a53213ee2bf1c1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:10:56.0109 4308 wcncsvc - ok
12:10:56.0128 4308 [ ea4b369560e986f19d93f45a881484ac ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:10:56.0131 4308 WcsPlugInService - ok
12:10:56.0145 4308 [ 0c17a0816f65b89e362e682ad5e7266e ] Wd C:\Windows\system32\drivers\wd.sys
12:10:56.0147 4308 Wd - ok
12:10:56.0173 4308 [ d02e7e4567da1e7582fbf6a91144b0df ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:10:56.0184 4308 Wdf01000 - ok
12:10:56.0197 4308 [ c5efda73ebfca8b02a094898de0a9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:10:56.0200 4308 WdiServiceHost - ok
12:10:56.0204 4308 [ c5efda73ebfca8b02a094898de0a9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:10:56.0207 4308 WdiSystemHost - ok
12:10:56.0222 4308 [ 3e6d05381cf35f75ebb055544a8ed9ac ] WebClient C:\Windows\System32\webclnt.dll
12:10:56.0227 4308 WebClient - ok
12:10:56.0246 4308 [ 8d40bc587993f876658bf9fb0f7d3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:10:56.0251 4308 Wecsvc - ok
12:10:56.0264 4308 [ 9c980351d7e96288ea0c23ae232bd065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:10:56.0267 4308 wercplsupport - ok
12:10:56.0282 4308 [ 66b9ecebc46683f47edc06333c075fef ] WerSvc C:\Windows\System32\WerSvc.dll
12:10:56.0285 4308 WerSvc - ok
12:10:56.0298 4308 WinDefend - ok
12:10:56.0303 4308 WinHttpAutoProxySvc - ok
12:10:56.0398 4308 [ d2e7296ed1bd26d8db2799770c077a02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:10:56.0401 4308 Winmgmt - ok
12:10:56.0454 4308 [ 6cbb0c68f13b9c2ec1b16f5fa5e7c869 ] WinRM C:\Windows\system32\WsmSvc.dll
12:10:56.0488 4308 WinRM - ok
12:10:56.0680 4308 [ ec339c8115e91baed835957e9a677f16 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:10:56.0704 4308 Wlansvc - ok
12:10:57.0019 4308 [ 98f138897ef4246381d197cb81846d62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:10:57.0052 4308 wlidsvc - ok
12:10:57.0108 4308 [ e18aebaaa5a773fe11aa2c70f65320f5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:10:57.0109 4308 WmiAcpi - ok
12:10:57.0133 4308 [ 21fa389e65a852698b6a1341f36ee02d ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:10:57.0137 4308 wmiApSrv - ok
12:10:57.0140 4308 WMPNetworkSvc - ok
12:10:57.0154 4308 [ cbc156c913f099e6680d1df9307db7a8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:10:57.0159 4308 WPCSvc - ok
12:10:57.0183 4308 [ 490a18b4e4d53dc10879deaa8e8b70d9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:10:57.0187 4308 WPDBusEnum - ok
12:10:57.0218 4308 [ 5e2401b3fc1089c90e081291357371a9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
12:10:57.0219 4308 WpdUsb - ok
12:10:57.0405 4308 [ 991e2c2cf3bc204c2bb2ee1476149e4e ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:10:57.0418 4308 WPFFontCache_v0400 - ok
12:10:57.0430 4308 [ 8a900348370e359b6bff6a550e4649e1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:10:57.0431 4308 ws2ifsl - ok
12:10:57.0455 4308 [ 9ea3e6d0ef7a5c2b9181961052a4b01a ] wscsvc C:\Windows\System32\wscsvc.dll
12:10:57.0458 4308 wscsvc - ok
12:10:57.0462 4308 WSearch - ok
12:10:57.0784 4308 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:10:57.0819 4308 wuauserv - ok
12:10:57.0843 4308 [ 501a65252617b495c0f1832f908d54d8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:10:57.0845 4308 WUDFRd - ok
12:10:57.0860 4308 [ 6cbd51ff913c851d56ed9dc7f2a27dde ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:10:57.0864 4308 wudfsvc - ok
12:10:57.0873 4308 ================ Scan global ===============================
12:10:57.0890 4308 (060dc3a7a9a2626031eb23d90151428d) C:\Windows\system32\basesrv.dll
12:10:57.0918 4308 (aa137104cdfc81818a309cde32abb74a) C:\Windows\system32\winsrv.dll
12:10:57.0932 4308 (aa137104cdfc81818a309cde32abb74a) C:\Windows\system32\winsrv.dll
12:10:57.0965 4308 (934e0b7d77ff78c18d9f8891221b6de3) C:\Windows\system32\services.exe
12:10:57.0971 4308 [Global] - ok
12:10:57.0971 4308 ================ Scan MBR ==================================
12:10:57.0977 4308 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:10:58.0279 4308 \Device\Harddisk0\DR0 - ok
12:10:58.0279 4308 ================ Scan VBR ==================================
12:10:58.0281 4308 Boot (0x1200) (30f399e457e7e178781c7f5e994e4b0a) \Device\Harddisk0\DR0\Partition1
12:10:58.0282 4308 \Device\Harddisk0\DR0\Partition1 - ok
12:10:58.0294 4308 Boot (0x1200) (020fbfe9b55100a249106e83960f4926) \Device\Harddisk0\DR0\Partition2
12:10:58.0295 4308 \Device\Harddisk0\DR0\Partition2 - ok
12:10:58.0310 4308 Boot (0x1200) (e3528eef4d379e638676efc968276a1d) \Device\Harddisk0\DR0\Partition3
12:10:58.0312 4308 \Device\Harddisk0\DR0\Partition3 - ok
12:10:58.0312 4308 ============================================================
12:10:58.0312 4308 Scan finished
12:10:58.0312 4308 ============================================================
12:10:58.0320 0400 Detected object count: 1
12:10:58.0320 0400 Actual detected object count: 1
12:11:09.0919 0400 sptd ( LockedFile.Multi.Generic ) - skipped by user
12:11:09.0920 0400 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
12:12:09.0395 1352 Deinitialize success


----------



## rcoops72 (Jun 11, 2011)

Looks OK based on this data I found, but you are the expert 

Name:	sptd

Filename:	sptd.sys

Command:	System32\Drivers\sptd.sys

Description:	
Driver used by the CD Rom emulation program, Daemon Tools Version 4. There have been some reports of problems with this driver.


----------



## Cookiegal (Aug 27, 2003)

Yes, I knew that driver belonged to Daemon Tools and it's what's probably giving a false reading in aswmbr. it was acpi.sys I was worried about. We can disable the sptd driver to see for sure. I'm attaching a DisableSptd.zip file. Save it to your desktop. Unzip it (extract the file) and double-click the DisableSptd.reg file and allow it to merge into the registry.

Then reboot the machine and run aswmbr again and post the new log.


----------



## rcoops72 (Jun 11, 2011)

New log and .DAT after Reg file allowed and reboot.

Nothing in red this time

LOG

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-19 12:42:53
-----------------------------
12:42:53.204 OS Version: Windows x64 6.0.6002 Service Pack 2
12:42:53.204 Number of processors: 2 586 0x1706
12:42:53.205 ComputerName: COOP-PC UserName: Coop
12:42:55.465 Initialize success
12:43:16.068 AVAST engine defs: 12081900
12:43:28.666 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:43:28.667 Disk 0 Vendor: WDC_WD1001FALS-00J7B0 05.00K05 Size: 953869MB BusType: 3
12:43:28.687 Disk 0 MBR read successfully
12:43:28.688 Disk 0 MBR scan
12:43:28.691 Disk 0 Windows VISTA default MBR code
12:43:28.705 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100000 MB offset 2048
12:43:28.722 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 415000 MB offset 204802048
12:43:28.738 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 438867 MB offset 1054722048
12:43:28.784 Disk 0 scanning C:\Windows\system32\drivers
12:43:43.101 Service scanning
12:44:02.776 Modules scanning
12:44:02.782 Disk 0 trace - called modules:
12:44:02.793 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys 
12:44:02.798 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e0f790]
12:44:02.801 3 CLASSPNP.SYS[fffffa6000dcbc33] -> nt!IofCallDriver -> [0xfffffa8004894520]
12:44:02.805 5 acpi.sys[fffffa60008f5fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004890940]
12:44:04.400 AVAST engine scan C:\Windows
12:44:07.750 AVAST engine scan C:\Windows\system32
12:47:12.690 AVAST engine scan C:\Windows\system32\drivers
12:47:30.982 AVAST engine scan C:\Users\Coop
12:58:09.757 AVAST engine scan C:\ProgramData
13:01:05.458 Scan finished successfully
13:01:54.006 Disk 0 MBR has been saved successfully to "C:\Users\Coop\Desktop\MBR.dat"
13:01:54.011 The log file has been saved successfully to "C:\Users\Coop\Desktop\aswMBR.txt"


----------



## rcoops72 (Jun 11, 2011)

Just an update on free drive space.

About 30 mins ago I was at
"BTW just found another 4GBs to delete in that program data hidden folder. It was a cache of some old software I deleted back in 2009. So right now as I type I am at 11.3 GB Free"

Now I am down to 10.2 GB


----------



## Cookiegal (Aug 27, 2003)

That looks good now. 

Please describe what specific problems you're having with the computer.


----------



## rcoops72 (Jun 11, 2011)

Cookie - Cool thank you. Right now just the Free space issue on my C Drive. Every time I seem to delete old stuff (Files) I do not need it frees up space then Gigs disappear..Two recent examples

11.3GB free to 10.2GB without doing anything other than a reboot.
The other day 1.59Gb to 100 MB without doing anything either.

Also wondering if you can help me uninstall AVG 2012 and 100% clean it from my system and install Microsoft security essentials.


----------



## Cookiegal (Aug 27, 2003)

Sure. We can uinstall AVG but let's wait until we do a bit more troubleshooting.

Please download Malwarebytes' Anti-Malware from *Here*.

Double Click *mbam-setup.exe* to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.
Extra Note:

*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.*


----------



## rcoops72 (Jun 11, 2011)

Thank you CookieGal

Here you go:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.19.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Coop :: COOP-PC [administrator]

8/19/2012 6:32:41 PM
mbam-log-2012-08-19 (18-32-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194707
Time elapsed: 2 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## rcoops72 (Jun 11, 2011)

Ran Combofix with AVG Disabled.
Combofix rebooted PC prior to finishing

Here is the log:

ComboFix 12-08-18.03 - Coop 08/19/2012 23:14:04.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2473 [GMT -4:00]
Running from: c:\users\Coop\Desktop\puppy.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Coop\AppData\Roaming\inst.exe
c:\users\Coop\GoToAssistDownloadHelper.exe
c:\users\Public\sdelevURL.tmp
c:\windows\gvcasinos.ini
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-20 to 2012-08-20 )))))))))))))))))))))))))))))))
.
.
2012-08-20 03:19 . 2012-08-20 03:19	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-19 22:31 . 2011-07-08 11:55	41272	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-08-19 22:31 . 2012-08-19 22:32	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-18 18:34 . 2012-08-18 18:34	--------	d-----w-	c:\program files (x86)\Cisco Systems
2012-08-16 23:45 . 2012-08-16 23:45	--------	d-----w-	C:\_OTL
2012-08-15 23:58 . 2012-07-04 14:33	2769408	----a-w-	c:\windows\system32\win32k.sys
2012-08-15 22:43 . 2012-05-11 16:34	788480	----a-w-	c:\windows\system32\localspl.dll
2012-08-15 22:43 . 2012-05-11 15:57	623616	----a-w-	c:\windows\SysWow64\localspl.dll
2012-08-15 22:43 . 2012-06-29 16:20	648192	----a-w-	c:\windows\system32\netapi32.dll
2012-08-09 04:00 . 2012-08-09 04:00	--------	d-----w-	c:\users\Coop\AppData\Local\Macromedia
2012-08-09 03:59 . 2012-08-09 03:59	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-08-09 03:59 . 2012-08-09 03:59	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-08-09 03:58 . 2012-08-10 01:38	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-08-09 03:57 . 2012-08-09 03:59	68576	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-08-09 03:57 . 2012-08-09 03:59	573920	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-08-09 03:57 . 2012-08-09 03:59	157608	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-08-09 03:57 . 2012-08-09 03:59	113120	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-08-09 03:57 . 2012-08-09 03:57	2106216	----a-w-	c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-08-09 03:57 . 2012-08-09 03:57	1998168	----a-w-	c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-07-30 21:52 . 2012-07-30 21:52	103904	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-07-30 21:52 . 2012-07-30 21:52	103904	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 22:40 . 2006-11-02 12:35	62134624	----a-w-	c:\windows\system32\mrt.exe
2012-08-15 00:23 . 2012-04-06 17:21	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 00:23 . 2011-06-05 15:03	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2011-06-12 00:15	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-14 22:58 . 2012-06-14 22:59	476936	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-06-14 22:58 . 2010-05-20 03:48	472840	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-06-08 17:59 . 2012-07-11 23:03	12899840	----a-w-	c:\windows\system32\shell32.dll
2012-06-07 00:59 . 2012-06-07 00:59	1070152	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-07 00:57 . 2008-11-01 06:52	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2012-06-07 00:57 . 2008-11-01 06:52	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2012-06-05 16:47 . 2012-07-11 23:03	1401856	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-06-05 16:47 . 2012-07-11 23:03	1248768	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-06-05 16:22 . 2012-07-11 23:03	1797120	----a-w-	c:\windows\system32\msxml6.dll
2012-06-05 16:22 . 2012-07-11 23:03	1869824	----a-w-	c:\windows\system32\msxml3.dll
2012-06-04 15:29 . 2012-07-11 23:03	516480	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-21 22:35	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 22:35	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 22:35	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 22:35	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 22:35	35864	----a-w-	c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-21 22:35	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 22:35	577048	----a-w-	c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-21 22:35	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 22:35	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-21 22:35	88576	----a-w-	c:\windows\SysWow64\wudriver.dll
2012-06-02 19:19 . 2012-06-21 22:35	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 19:19 . 2012-06-21 22:35	171904	----a-w-	c:\windows\SysWow64\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 22:35	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 19:12 . 2012-06-21 22:35	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2012-06-02 00:22 . 2012-07-11 23:03	347136	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 00:22 . 2012-07-11 23:03	254464	----a-w-	c:\windows\system32\ncrypt.dll
2012-06-02 00:05 . 2012-07-11 23:03	77312	----a-w-	c:\windows\SysWow64\secur32.dll
2012-06-02 00:04 . 2012-07-11 23:03	278528	----a-w-	c:\windows\SysWow64\schannel.dll
2012-06-02 00:03 . 2012-07-11 23:03	204288	----a-w-	c:\windows\SysWow64\ncrypt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"HostManager"="c:\program files (x86)\Common Files\AOL\1253675026\ee\AOLSoftware.exe" [2010-03-08 41800]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-7-19 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk *\0OODBS\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 00:23]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2800502796-835880612-2508068223-1000Core.job
- c:\users\Coop\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-01 08:33]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2800502796-835880612-2508068223-1000UA.job
- c:\users\Coop\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-01 08:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-12 3832064]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2009-12-08 8151040]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.ascensus.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Coop\AppData\Roaming\Mozilla\Firefox\Profiles\sy8v5ryx.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-CTXFIREG - CTxfiReg.exe
Wow6432Node-HKLM-Run-CTxfiHlp - CTXFIHLP.EXE
Wow6432Node-HKU-Default-Run-CtxfiReg - CTXFIREG.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\adobe\SHOCKW~1\UNWISE.EXE
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:23,a1,9d,9e,80,85,25,86,ca,43,1b,ac,ff,bd,98,83,e7,ed,ec,db,a6,c2,7b,
44,e1,27,cb,8c,f6,76,4f,d3,bc,fe,e9,9e,56,3a,a2,80,33,5d,d7,86,27,97,c0,7f,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:47,f2,14,40,40,f2,99,3f,81,c8,88,8f,c8,b5,c1,a5,12,49,24,2e,b7,
02,3d,36,18,1e,46,7f,5e,4c,89,cf,12,90,ef,4a,cc,29,8a,6a,d9,68,51,b4,d5,11,\
"rkeysecu"=hex:f9,75,26,55,ef,e1,3d,43,d3,6f,26,0c,24,b1,fc,f5
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="5BC6B0A72B9A16DBDBC6E06861CDBD6E3FB785C1F72C820E50681D03326DD34291991926987AD2018215280BD7EEE38E8A900281215FC331DCE2CC9E217AB52FFA868E640BF73B9FC4EF30BE2CCA620B15B490C70EBA1C5CEE77A5E2B6B5A7A0BFB8B1A3668510972ADE800771443396672541FB28AD5DB43247E1BCC93B75CF4A0F05F4908EB458FE1E87BB41B07376CD1D0B5C561B807694A8A06EB519110ECA1A743FF6EE3467531B178738D9E5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA6A0AC4980AC7933A2D97226D213B55575DECACEE4FD8E43CCEC75FE9EE1F516FD134321C731380D7A3D9E58417730A124DB790B285780535BB2DAAC91E209B25F36C6088B8635F700FAF1A87F771BB49F36C6C7524167857E4439D462D717665E5169824C3E0302F6829CEB05C3C4A73034FDC5C2C0583BB3C9B62236F1224A4F8DCCC311DF319CA69BDD7D5DD3E7E4B1E19D282CDD5DF98BB1B02105EC201F17584CE1B77342E06A542C9EEC203400950ED7F7142370692DA8B5C31A04FBC32FE27257F0072E07AF0031EFE7A9CE295E4C12A2D621865650A68ADE95F693BF27228082C0ABDDEE7CB44AF9D7F04FB9A5726876A2EA8133C361252C6A8C393C21CFEAA50179321D664C09A99B7E42AD979D2A2A7A983C92E6D431C8618CB087D2E7DA67DD867EB598E4B2CCE45B27A473ABD65435460330AF428E3695C2B61386AC2CD1587387065360C116B71771638F4027F27C12166628AD51D9F60078761B23EE53455F8AFB6865619E70450A50D1428665D0A1AB386DDEC07DC81B17E88393E7BF4DF2B5A9405DF661BA7ACD7938DC90EF049AEC49AF6157CE246AA9CA448B90CA6C55AC475777143D99D10A0C527F1ABABCA8F6623587C6DD73CABA1CF7DC9411753405AFBAA5057462EA85DDC45DA853F5FD59F057E37022779D46044E1C54900BC34BE08D9DC5313EE877E546EC77A9FD4C9A0602CDEC72C3C6404C87A265AA27B6FD7E89D9897E2D718A412569F31278CAB2D4B8E2080E40B08E62FC8D0F2715C70F4F7718B3C9FD2EE0AE4252C2C55CB610B90F824095284589D795BECE2F78B5E7BD39DA5FE658CF0D928F6BB75F73CE91AEAE51C90F0B77806350D9D45243C161D83FE7580EB508187495BA5FDF5CD68F5555B78C63CE3BB5DEC1488582C02FCBD392C9A25AE20DFC80728CF62C8B964F72D36123602888DEC78E3879160BCA6985CC4EF14C041A2C07D4EEF18D46D8106F103E5D36A45D2540709A7CC714E0F0E9208830450C6E89FA81B576AEA86E82D90282BFFB23B9A88D36A39035A1430F9D4DCD7B8DC64BEDF4D0785F219F2A4B60B727002AD8A1F89B42CD69E0CA4761E52C38A451D078A430AF"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ASUS\Six Engine\SixEngine.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\windows\SysWOW64\nlssrv32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\AVG\AVG2012\avgcfgex.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-08-19 23:26:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-20 03:26
.
Pre-Run: 10,325,757,952 bytes free
Post-Run: 11,749,687,296 bytes free
.
- - End Of File - - 0BA0ECFA43D14F75A21B708F5AE95ED7


----------



## Cookiegal (Aug 27, 2003)

I assume you added these to the Trusted Zone intentionally?

Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com

I would remove them. It shouldn't be necessary to have sites in the Trusted Zone. Doing so allows them to bypass security measures on the computer.

Open Notepad and copy and paste the text in the code box below into it:


```
RegNull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*


----------



## rcoops72 (Jun 11, 2011)

I only recall adding these two:

Trusted Zone: soe.com
Trusted Zone: sony.com

I had to add them to get the SOE (Sony Everquest 2) Login updater to work in Vista. But since I do not play anymore, we can remove them.

New log in next post once it finishes


----------



## Cookiegal (Aug 27, 2003)

rcoops72 said:


> I only recall adding these two:
> 
> Trusted Zone: soe.com
> Trusted Zone: sony.com
> ...


That shouldn't have been necessary. It could be a security program or other settings that were blocking it.


----------



## rcoops72 (Jun 11, 2011)

Ok is it as easy as removing it from my browser's options sections?

Also combofix running a really long time. I now have a black screen but there is a combofix blue box with the words please wait. Hard drive light is only blinking here and there? Should I let it continue?


----------



## Cookiegal (Aug 27, 2003)

I would let it continue a bit longer.


----------



## rcoops72 (Jun 11, 2011)

Still going. I am going to bed  thank you and if it is stuck in 6 hours when I get up I will kill and re run tomorrow night with the same .txt unless you direct otherwise
Have a good night


----------



## Cookiegal (Aug 27, 2003)

Were you able to complete it or try it again?


----------



## rcoops72 (Jun 11, 2011)

Hey cookie sorry finally have time at work to post. It did not finish it must have been stuck. I clicked the x to close the window and my desktop loaded and I shut down the PC. Should I try tonight with the same CFScript.txt


----------



## Cookiegal (Aug 27, 2003)

Yes please but try running it in safe mode this time.


----------



## rcoops72 (Jun 11, 2011)

Cookie - OK I ran in normal mode, not safe mode, figured I would give it another shot

During the process it said the following file was infected C:\Windows\syswow64\userinit.exe and that it was looking for a replacement file. It then reported back it could not find one.

LOG:

ComboFix 12-08-21.02 - Coop 08/21/2012 19:26:30.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2488 [GMT -4:00]
Running from: c:\users\Coop\Desktop\puppy.exe
Command switches used :: c:\users\Coop\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\userinit.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))
.
.
2012-08-21 23:58 . 2012-08-21 23:58	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-08-21 23:58 . 2012-08-21 23:58	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-19 22:31 . 2011-07-08 11:55	41272	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-08-19 22:31 . 2012-08-19 22:32	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-18 18:34 . 2012-08-18 18:34	--------	d-----w-	c:\program files (x86)\Cisco Systems
2012-08-16 23:45 . 2012-08-16 23:45	--------	d-----w-	C:\_OTL
2012-08-15 23:58 . 2012-07-04 14:33	2769408	----a-w-	c:\windows\system32\win32k.sys
2012-08-15 22:43 . 2012-05-11 16:34	788480	----a-w-	c:\windows\system32\localspl.dll
2012-08-15 22:43 . 2012-05-11 15:57	623616	----a-w-	c:\windows\SysWow64\localspl.dll
2012-08-15 22:43 . 2012-06-29 16:20	648192	----a-w-	c:\windows\system32\netapi32.dll
2012-08-09 04:00 . 2012-08-09 04:00	--------	d-----w-	c:\users\Coop\AppData\Local\Macromedia
2012-08-09 03:59 . 2012-08-09 03:59	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-08-09 03:59 . 2012-08-09 03:59	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-08-09 03:58 . 2012-08-10 01:38	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-08-09 03:57 . 2012-08-09 03:59	68576	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-08-09 03:57 . 2012-08-09 03:59	573920	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-08-09 03:57 . 2012-08-09 03:59	157608	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-08-09 03:57 . 2012-08-09 03:59	113120	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-08-09 03:57 . 2012-08-09 03:57	2106216	----a-w-	c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-08-09 03:57 . 2012-08-09 03:57	1998168	----a-w-	c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-07-30 21:52 . 2012-07-30 21:52	103904	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-07-30 21:52 . 2012-07-30 21:52	103904	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 22:40 . 2006-11-02 12:35	62134624	----a-w-	c:\windows\system32\mrt.exe
2012-08-15 00:23 . 2012-04-06 17:21	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 00:23 . 2011-06-05 15:03	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2011-06-12 00:15	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-14 22:58 . 2012-06-14 22:59	476936	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-06-14 22:58 . 2010-05-20 03:48	472840	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-06-08 17:59 . 2012-07-11 23:03	12899840	----a-w-	c:\windows\system32\shell32.dll
2012-06-07 00:59 . 2012-06-07 00:59	1070152	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-07 00:57 . 2008-11-01 06:52	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2012-06-07 00:57 . 2008-11-01 06:52	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2012-06-05 16:47 . 2012-07-11 23:03	1401856	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-06-05 16:47 . 2012-07-11 23:03	1248768	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-06-05 16:22 . 2012-07-11 23:03	1797120	----a-w-	c:\windows\system32\msxml6.dll
2012-06-05 16:22 . 2012-07-11 23:03	1869824	----a-w-	c:\windows\system32\msxml3.dll
2012-06-04 15:29 . 2012-07-11 23:03	516480	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-21 22:35	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 22:35	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 22:35	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 22:35	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 22:35	35864	----a-w-	c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-21 22:35	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 22:35	577048	----a-w-	c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-21 22:35	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 22:35	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-21 22:35	88576	----a-w-	c:\windows\SysWow64\wudriver.dll
2012-06-02 19:19 . 2012-06-21 22:35	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 19:19 . 2012-06-21 22:35	171904	----a-w-	c:\windows\SysWow64\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 22:35	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 19:12 . 2012-06-21 22:35	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2012-06-02 00:22 . 2012-07-11 23:03	347136	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 00:22 . 2012-07-11 23:03	254464	----a-w-	c:\windows\system32\ncrypt.dll
2012-06-02 00:05 . 2012-07-11 23:03	77312	----a-w-	c:\windows\SysWow64\secur32.dll
2012-06-02 00:04 . 2012-07-11 23:03	278528	----a-w-	c:\windows\SysWow64\schannel.dll
2012-06-02 00:03 . 2012-07-11 23:03	204288	----a-w-	c:\windows\SysWow64\ncrypt.dll
.
.
((((((((((((((((((((((((((((( [email protected]_03.21.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2012-08-18 15:22	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-08-21 22:50	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-23 22:57 . 2012-08-21 22:50	49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-23 22:57 . 2012-08-18 15:22	49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-08-21 22:50	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2012-08-18 15:22	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-08-22 00:01	77866 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-01 17:27 . 2012-08-22 00:01	28036 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2800502796-835880612-2508068223-1000_UserData.bin
- 2012-08-20 03:21 . 2012-08-20 03:21	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-21 23:59 . 2012-08-21 23:59	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-20 03:21 . 2012-08-20 03:21	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-21 23:59 . 2012-08-21 23:59	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 15:45 . 2012-08-22 00:01	133912 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 12:46 . 2012-08-19 22:10	604502 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-08-21 22:55	604502 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-08-21 22:55	104202 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-08-19 22:10	104202 c:\windows\system32\perfc009.dat
- 2010-11-05 02:50 . 2012-08-20 03:20	245732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-11-05 02:50 . 2012-08-21 23:58	245732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-01-23 00:15 . 2012-08-21 23:58	2343656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-02-19 06:49 . 2012-08-21 23:58	7628120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2800502796-835880612-2508068223-1000-8192.dat
- 2011-02-19 06:49 . 2012-08-20 03:20	7628120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2800502796-835880612-2508068223-1000-8192.dat
- 2011-06-22 20:02 . 2012-08-18 19:21	4410528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2800502796-835880612-2508068223-1000-4096.dat
+ 2011-06-22 20:02 . 2012-08-21 03:29	4410528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2800502796-835880612-2508068223-1000-4096.dat
+ 2011-06-22 01:45 . 2012-08-21 03:29	2476521 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2800502796-835880612-2508068223-1000-12288.dat
- 2011-06-22 01:45 . 2012-08-20 03:20	2476521 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2800502796-835880612-2508068223-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"HostManager"="c:\program files (x86)\Common Files\AOL\1253675026\ee\AOLSoftware.exe" [2010-03-08 41800]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-8-20 0]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-7-19 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk *\0OODBS\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 00:23]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2800502796-835880612-2508068223-1000Core.job
- c:\users\Coop\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-01 08:33]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2800502796-835880612-2508068223-1000UA.job
- c:\users\Coop\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-01 08:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-12 3832064]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2009-12-08 8151040]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.ascensus.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Coop\AppData\Roaming\Mozilla\Firefox\Profiles\sy8v5ryx.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:23,a1,9d,9e,80,85,25,86,ca,43,1b,ac,ff,bd,98,83,e7,ed,ec,db,a6,c2,7b,
44,e1,27,cb,8c,f6,76,4f,d3,bc,fe,e9,9e,56,3a,a2,80,33,5d,d7,86,27,97,c0,7f,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:47,f2,14,40,40,f2,99,3f,81,c8,88,8f,c8,b5,c1,a5,12,49,24,2e,b7,
02,3d,36,18,1e,46,7f,5e,4c,89,cf,12,90,ef,4a,cc,29,8a,6a,d9,68,51,b4,d5,11,\
"rkeysecu"=hex:f9,75,26,55,ef,e1,3d,43,d3,6f,26,0c,24,b1,fc,f5
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="5BC6B0A72B9A16DBDBC6E06861CDBD6E3FB785C1F72C820E50681D03326DD34291991926987AD2018215280BD7EEE38E8A900281215FC331DCE2CC9E217AB52FFA868E640BF73B9FC4EF30BE2CCA620B15B490C70EBA1C5CEE77A5E2B6B5A7A0BFB8B1A3668510972ADE800771443396672541FB28AD5DB43247E1BCC93B75CF4A0F05F4908EB458FE1E87BB41B07376CD1D0B5C561B807694A8A06EB519110ECA1A743FF6EE3467531B178738D9E5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA6A0AC4980AC7933A2D97226D213B55575DECACEE4FD8E43CCEC75FE9EE1F516FD134321C731380D7A3D9E58417730A124DB790B285780535BB2DAAC91E209B25F36C6088B8635F700FAF1A87F771BB49F36C6C7524167857E4439D462D717665E5169824C3E0302F6829CEB05C3C4A73034FDC5C2C0583BB3C9B62236F1224A4F8DCCC311DF319CA69BDD7D5DD3E7E4B1E19D282CDD5DF98BB1B02105EC201F17584CE1B77342E06A542C9EEC203400950ED7F7142370692DA8B5C31A04FBC32FE27257F0072E07AF0031EFE7A9CE295E4C12A2D621865650A68ADE95F693BF27228082C0ABDDEE7CB44AF9D7F04FB9A5726876A2EA8133C361252C6A8C393C21CFEAA50179321D664C09A99B7E42AD979D2A2A7A983C92E6D431C8618CB087D2E7DA67DD867EB598E4B2CCE45B27A473ABD65435460330AF428E3695C2B61386AC2CD1587387065360C116B71771638F4027F27C12166628AD51D9F60078761B23EE53455F8AFB6865619E70450A50D1428665D0A1AB386DDEC07DC81B17E88393E7BF4DF2B5A9405DF661BA7ACD7938DC90EF049AEC49AF6157CE246AA9CA448B90CA6C55AC475777143D99D10A0C527F1ABABCA8F6623587C6DD73CABA1CF7DC9411753405AFBAA5057462EA85DDC45DA853F5FD59F057E37022779D46044E1C54900BC34BE08D9DC5313EE877E546EC77A9FD4C9A0602CDEC72C3C6404C87A265AA27B6FD7E89D9897E2D718A412569F31278CAB2D4B8E2080E40B08E62FC8D0F2715C70F4F7718B3C9FD2EE0AE4252C2C55CB610B90F824095284589D795BECE2F78B5E7BD39DA5FE658CF0D928F6BB75F73CE91AEAE51C90F0B77806350D9D45243C161D83FE7580EB508187495BA5FDF5CD68F5555B78C63CE3BB5DEC1488582C02FCBD392C9A25AE20DFC80728CF62C8B964F72D36123602888DEC78E3879160BCA6985CC4EF14C041A2C07D4EEF18D46D8106F103E5D36A45D2540709A7CC714E0F0E9208830450C6E89FA81B576AEA86E82D90282BFFB23B9A88D36A39035A1430F9D4DCD7B8DC64BEDF4D0785F219F2A4B60B727002AD8A1F89B42CD69E0CA4761E52C38A451D078A430AF"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ASUS\Six Engine\SixEngine.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\windows\SysWOW64\nlssrv32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\AOL Desktop 9.6\waol.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\AVG\AVG2012\avgcfgex.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\AOL Desktop 9.6\shellmon.exe
.
**************************************************************************
.
Completion time: 2012-08-21 20:04:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-22 00:04
ComboFix2.txt 2012-08-20 03:26
.
Pre-Run: 10,359,468,032 bytes free
Post-Run: 11,179,118,592 bytes free
.
- - End Of File - - 5692020DFC48CC06099816F620C79C50


----------



## Cookiegal (Aug 27, 2003)

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
userinit.*
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## rcoops72 (Jun 11, 2011)

Cookie - Here you go.

FYI Now when I reboot my machine:
My Gadgets no longer appear
90% of all of my start up items in the bottom right bar do not load. (I now only see Network, Volume, and Six Engine MB performance icon along with date and time).

Here is the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 18:33 on 22/08/2012 by Coop
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "userinit.*"
C:\Windows\erdnt\cache64\userinit.exe	--a---- 28160 bytes	[03:24 20/08/2012]	[02:49 21/01/2008] A0AB2BB9A92293D9CE66E252719AB5FE
C:\Windows\erdnt\cache86\userinit.exe	--a---- 25088 bytes	[03:24 20/08/2012]	[02:50 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9
C:\Windows\System32\userinit.exe	--a---- 25088 bytes	[02:50 21/01/2008]	[02:50 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9
C:\Windows\System32\en-US\userinit.exe.mui	--a---- 4096 bytes	[15:13 02/11/2006]	[15:13 02/11/2006] F058F2BAE89E70B2A79D5EB820092EEB
C:\Windows\SysWOW64\userinit.exe	--a---- 25088 bytes	[02:50 21/01/2008]	[02:50 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9
C:\Windows\SysWOW64\en-US\userinit.exe.mui	--a---- 4096 bytes	[15:13 02/11/2006]	[15:13 02/11/2006] F058F2BAE89E70B2A79D5EB820092EEB
C:\Windows\winsxs\amd64_microsoft-windows-userinit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_e9d87fb38dc4f328\userinit.exe.mui	--a---- 3584 bytes	[15:13 02/11/2006]	[15:13 02/11/2006] 7A820F1B24D266DE11444D6C8FA8AC8A
C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe	--a---- 28160 bytes	[02:49 21/01/2008]	[02:49 21/01/2008] A0AB2BB9A92293D9CE66E252719AB5FE
C:\Windows\winsxs\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8db9e42fd56781f2\userinit.exe.mui	--a---- 4096 bytes	[15:13 02/11/2006]	[15:13 02/11/2006] F058F2BAE89E70B2A79D5EB820092EEB
C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe	--a---- 25088 bytes	[02:50 21/01/2008]	[02:50 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9

-= EOF =-


----------



## rcoops72 (Jun 11, 2011)

Cookie another update for you..Now my browsers are not working  The only webpage which seems to be working is this one.

Need your help 

Example Page loads and freezes

http://www.cbssports.com/mlb/scoreboard


----------



## Cookiegal (Aug 27, 2003)

Please run the 64-bit version of SystemLook with the same script you ran before:

http://jpshortstuff.247fixes.com/SystemLook_x64.exe


----------



## Cookiegal (Aug 27, 2003)

Also, please do this:

Please go to *VirusTotal* and upload the following file for scanning.

Click *Browse*
Copy and paste the contents of the following code box into the text box next to *File name:* then click *Open* 

```
C:\Windows\SysWOW64\userinit.exe
```

Click *Send File*
If confronted with two options, choose *Reanalyse file now*
Wait for the scan to finish and then copy and paste the URL from your browser address bar in your next reply please.


----------



## rcoops72 (Jun 11, 2011)

SystemLock 64 Log

SystemLook 30.07.11 by jpshortstuff
Log created at 20:22 on 22/08/2012 by Coop
Administrator - Elevation successful

========== filefind ==========

Searching for "userinit.*"
C:\Windows\erdnt\cache64\userinit.exe	--a---- 28160 bytes	[03:24 20/08/2012]	[02:49 21/01/2008] A0AB2BB9A92293D9CE66E252719AB5FE
C:\Windows\erdnt\cache86\userinit.exe	--a---- 25088 bytes	[03:24 20/08/2012]	[02:50 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9
C:\Windows\System32\userinit.exe	--a---- 28160 bytes	[02:49 21/01/2008]	[02:49 21/01/2008] A0AB2BB9A92293D9CE66E252719AB5FE
C:\Windows\System32\en-US\userinit.exe.mui	--a---- 3584 bytes	[15:13 02/11/2006]	[15:13 02/11/2006] 7A820F1B24D266DE11444D6C8FA8AC8A
C:\Windows\SysWOW64\userinit.exe	--a---- 25088 bytes	[02:50 21/01/2008]	[02:50 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9
C:\Windows\SysWOW64\en-US\userinit.exe.mui	--a---- 4096 bytes	[15:13 02/11/2006]	[15:13 02/11/2006] F058F2BAE89E70B2A79D5EB820092EEB
C:\Windows\winsxs\amd64_microsoft-windows-userinit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_e9d87fb38dc4f328\userinit.exe.mui	--a---- 3584 bytes	[15:13 02/11/2006]	[15:13 02/11/2006] 7A820F1B24D266DE11444D6C8FA8AC8A
C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe	--a---- 28160 bytes	[02:49 21/01/2008]	[02:49 21/01/2008] A0AB2BB9A92293D9CE66E252719AB5FE
C:\Windows\winsxs\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8db9e42fd56781f2\userinit.exe.mui	--a---- 4096 bytes	[15:13 02/11/2006]	[15:13 02/11/2006] F058F2BAE89E70B2A79D5EB820092EEB
C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe	--a---- 25088 bytes	[02:50 21/01/2008]	[02:50 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9

-= EOF =-


----------



## rcoops72 (Jun 11, 2011)

Please go to VirusTotal and upload the following file for scanning. LINK

https://www.virustotal.com/file/75e...9fd5250af8738364e6fb45db/analysis/1345681520/


----------



## rcoops72 (Jun 11, 2011)

Just some examples of what is happening with the browsers:

I click to run IE..it opens and the screen remains WHITE blank but www.google.com is in the address bar
I click Firefox and the PRG goes to the bottom of my toolbar like I have it minimized but when I click it nothing
Google chrome has worked for This site, netflix, and that virus site, but not for any others that have any sort of JAVA or other stuff it just locks up.

This all happened after afresh reboot take the first one after Combofix ran yesterday. I am sure you know what is going one. One thing at a time, but I wanted to update you


----------



## rcoops72 (Jun 11, 2011)

Screen Shot of my Vista 64 Desktop JPEG under File Limit 

1) Gadgets Missing
2) Startup items Missing (Maybe this is causing the issues with certain exes and Browsers)


----------



## Cookiegal (Aug 27, 2003)

Did that happen after the initial run or after running the CFscipt?

I may have to check with the developer to see what happened.

I'm not feeling well at the moment and am going to bed but will continue this in the morning.


----------



## rcoops72 (Jun 11, 2011)

No problem. 

Please feel better!

It happen after the second time I ran ComboFix with the CFScript. The first attempt froze and after 9 hours I stopped it.

If this helps it also removed a program I had and placed "The Internet" IE ICON on my desktop which I deleted.

Talk to you tomorrow and feel better


----------



## Cookiegal (Aug 27, 2003)

I was mistaken to have you run that script in ComboFix as doing so has altered the permissions which led to the problems you're encountering. I apologize for this oversight. 

To fix it, I'll need you to go into the registry. Are you familiar with the registry at all?


----------



## rcoops72 (Jun 11, 2011)

No problem this happens 

Yup I have played around via regedit


----------



## Cookiegal (Aug 27, 2003)

Please navigate to this key in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\*Classes*

Right-click the *Classes *key and select "*permissions*" and then click on "*Advanced*" and at the bottom, put a check in the box beside both of the following options, then click "*Apply*" and "*OK*".

*Inherit from parent the permission entries that apply to child objects. Include these with entries explicitly defined here.

Replace permission entries on all child objects with entries shown here that apply to child objects.*

Now please do the same for this key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\*Windows CE Services*

After you've done the above please reboot the machine and let me know how things are.


----------



## rcoops72 (Jun 11, 2011)

I will be able to Perform this at 645 pm est 
Thanks


----------



## Cookiegal (Aug 27, 2003)

OK. Thanks.


----------



## rcoops72 (Jun 11, 2011)

I made the change to both keys and each time after I clicked APPLY a box said

Registry Editor could not set security in the key currently selected, or some of its sub keys

I rebooted and same desktop (no gadgets or start up items) and issues (browsers dead or will not run most pages). 

I checked the items you wanted me to update and box boxes remain unchecked.

FYI I really need those browsers back by 8pm Friday night so I can prep for my fantasy football drafts


----------



## Cookiegal (Aug 27, 2003)

Did you click on OK when you got that error message?

Try again but this time just try checking the first option:

*Inherit from parent the permission entries that apply to child objects. Include these with entries explicitly defined here.*

and leave the other blank for now.


----------



## rcoops72 (Jun 11, 2011)

Yup I clicked OK and then the pop up disappeared.

When I first load up the Advanced page the top box is checked (Inherit from parent the permission entries that apply to child objects. Include these with entries explicitly defined here._

The bottom box (Replace permission entries on all child objects with entries shown here that apply to child objects.) is not.

should I unchecked the top box and recheck?


----------



## Cookiegal (Aug 27, 2003)

I thought you said in your previous post that both boxes were not checked?

Can you post a screenshot of the first permissions screen (before clicking on Advanced) and then one of The Advanced screen?


----------



## rcoops72 (Jun 11, 2011)

I made the change to both keys and each time after I clicked APPLY a box said

Sorry I meant both as in CLASSES and Windows CE Services

I will get those screen prints posted right away


----------



## Cookiegal (Aug 27, 2003)

OK. Thanks. I have asked for advice again from my colleagues as well.


----------



## Cookiegal (Aug 27, 2003)

When trying to change the permissions are you running regedit as administrator?


----------



## rcoops72 (Jun 11, 2011)

yes, I right click on regedit and select run as administrator and then click Continue to the popup which confirms I want to run it 

Maybe try the system restore that Combo Fix created prior to the run? If it did?


----------



## rcoops72 (Jun 11, 2011)

Here you go.


----------



## Cookiegal (Aug 27, 2003)

Can you also click on the "Owner" tab on the Advanced screen and post that screenshot?


----------



## rcoops72 (Jun 11, 2011)

Here you go


----------



## Cookiegal (Aug 27, 2003)

Can you log into the Administrator account and try to make the changes from there?


----------



## rcoops72 (Jun 11, 2011)

Never tried that. As I read I understand it is hidden by default when you install Vista 64. Do you know how to access it?

It does not show itself during my boot up..I boot right to the desktop, no welcome page with a choice of a user

If I log off I only see the Coop account at the welcome screen


----------



## rcoops72 (Jun 11, 2011)

OK I got it to work I forgot to run CMD as Adm

net user administrator /active:yes

Trying now after re log


----------



## rcoops72 (Jun 11, 2011)

OK I "UnHide" the Administrator account with the above CMD command.

I rebooted and logged in as ADMIN

I ran REGEDIT as ADMIN

Same error after I checked the second box in the advanced tab

Maybe a system restore prior to COMBOFIX running the other day? ( I see one from 8/20/2012 at 11:45PM EST)

I cannot attach the screen print since only firfox and IE are under ADMIN account for some resean and they do not load up. They load but go right to a white blank page which is locked up. Only option is the click the X to close the window.


----------



## rcoops72 (Jun 11, 2011)

Some Sample Screen shots of browser issues to maybe help you out.


----------



## Cookiegal (Aug 27, 2003)

I would not recommend doing a system restore, at least not at this point in time. Because ComboFix creates a backup of the registry using erdnt which we may be able to go back to. For now though, I don't want to try anything else until I hear from those who are helping me, one of whom is the developer of ComboFix but he's offline so we may have to wait until tomorrow morning. I'm really sorry for the inconvenience but I'm confident we'll get it fixed.


----------



## rcoops72 (Jun 11, 2011)

No problem, I understand. I just need to get the browsers up and running so I can print some stuff Friday night for Sat morning.

I hope those screen prints of the browsers and my desktop help. Does he have an idea what the issue is, just curious?

Just to go over what happened again for you.

1) Ran Combofix no issues
2) Ran Combiofx with the CFScript.txt pc rebooted and COMBOFIX screen (Blue) just said please wait, desktop was Black. I let it sit there for 9+ hours. when I woke up I clicked the X in the COMBOFIX box and my desktop appeared normal. I shut the PC down.
3) Ran Combofix with CFScript.txt PC rebooted and did not notice anything strange, 
4) Next day bootup Issue was noticed

VISTA Gadgets missing not loaded
All Startup items listed in my MSCONFIG with checks under stsrtup not loading
Browser issues pictured above. 

I will add the firefox screen shot as well.


----------



## rcoops72 (Jun 11, 2011)

Firefox


----------



## rcoops72 (Jun 11, 2011)

MSCONFIG stuff not loading


----------



## Cookiegal (Aug 27, 2003)

rcoops72 said:


> Does he have an idea what the issue is, just curious?


Yes, it's a permissions issue. The CFScript I had you run changed some permissions in the registry which is causing the issues but it was my error and no fault of ComboFix. 

Thank you for the screenshots, they are very helpful and thank you for your patience as well.


----------



## rcoops72 (Jun 11, 2011)

BTW I hope you are feeling better as well! 

I will be up for another 3 hours and will look for new posts if you do get in touch with them.

No worries I have confidence in you


----------



## Cookiegal (Aug 27, 2003)

rcoops72 said:


> BTW I hope you are feeling better as well!
> 
> I will be up for another 3 hours and will look for new posts if you do get in touch with them.
> 
> No worries I have confidence in you


Thanks. Yesterday I was feeling nauseous but I do feel better tonight.


----------



## rcoops72 (Jun 11, 2011)

Oh just an FYI I am working from home tomorrow so I can bounce back and forth if you are around.


----------



## Cookiegal (Aug 27, 2003)

Please take a look at what system restore points are available (but do NOT do a system restore). Please just report back the dates and times that are available from August 19th and 20th.


----------



## rcoops72 (Jun 11, 2011)

Morning Cookie

Here you go:


----------



## Cookiegal (Aug 27, 2003)

Let's try to restore to the bottom one on that list (from August 20th) that says "install:ComboFix created restore point". I believe this one got created when running the CFScript but before making any changes.

Be sure to do this in normal Windows mode (*NOT* safe mode) because a system restore done in safe mode cannot be undone if it doesn't solve the problem or makes things worse.

Reboot the machine after doing the system restore and let me know how things are.


----------



## rcoops72 (Jun 11, 2011)

Ok I have a 1030 call I have to get on but I should be able to try this in 15-20 mins ok


----------



## Cookiegal (Aug 27, 2003)

OK so I'll take advantage and take the dog for a walk as well.


----------



## rcoops72 (Jun 11, 2011)

w00t!!! System Restore was 100% Successful! THANK YOU!

Everything is back to normal..All browsers work, nothing lost and Gadgets are back

Thank you! I am set for tonight.

So where were we lol??

Oh maybe that userinit.exe file if it was a false positive?
And need to do a 100% clean uninstall of AVG and install of Microsoft Security Ess.


----------



## Cookiegal (Aug 27, 2003)

Glad to hear that. :up: Sorry, I ran into some people and was gone longer than expected. 

I believe the userinit.exe detection was false because of what occurred but we can upload it to be checked for sure.

Go to the forum *here* and upload this (these) file(s):

*C:\Windows\syswow64\userinit.exe *

Here are the directions for uploading the file:

Just register to create an account then click "New Topic", fill in the needed details and post a link to your thread here. Click the "Browse" button. Navigate to the file on your computer. When the file is listed in the window click "Post" to upload the file.


----------



## rcoops72 (Jun 11, 2011)

File uploaded


----------



## Cookiegal (Aug 27, 2003)

Thanks. Would you like to go ahead with the AVG uninstall now?

Are there other system issues that need to be addressed first?


----------



## rcoops72 (Jun 11, 2011)

Hard drive space on my C drive seems stable and is not disappearing anymore. this is good

Yes let's uninstall avg


----------



## Cookiegal (Aug 27, 2003)

OK, so first, make sure all Windows are closed then uninstall it via the Control Panel. Then reboot the machine.

Then download and run the removal tool (the one for 64-bit operating systems):

http://www.avg.com/ca-en/utilities

The utility will probably prompt you to reboot the machine, if not, reboot when it's finished.

Then please run OTL again as you did before (see instructions in post no.2 ) and post the log.


----------



## Cookiegal (Aug 27, 2003)

Forgot to mention to install MSE after as you don't want to go without protection.


----------



## rcoops72 (Jun 11, 2011)

thanks doing this now. Can you post link for MSE 64 Bit


----------



## rcoops72 (Jun 11, 2011)

Wow avg is not friendly I right clicked avg in control panel and selected uninstall. As soon as I did my of went into power save mode monitor **** down and the only option I had was to reboot.
After reboot pc still looks ok. You ever hear of that happening lol


----------



## rcoops72 (Jun 11, 2011)

Ok this time it appears to be working


----------



## rcoops72 (Jun 11, 2011)

Found the 64bit version.
Steps 1 & 2 & 3 complete rebooting PC now after MSE INSTALL

Then will run OTL


----------



## rcoops72 (Jun 11, 2011)

OTL.txt

OTL logfile created on: 8/24/2012 1:08:56 PM - Run 3
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Coop\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 58.84% Memory free
8.20 Gb Paging File | 6.15 Gb Available in Paging File | 74.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 12.19 Gb Free Space | 12.48% Space Free | Partition Type: NTFS
Drive D: | 405.27 Gb Total Space | 111.32 Gb Free Space | 27.47% Space Free | Partition Type: NTFS
Drive E: | 428.58 Gb Total Space | 82.34 Gb Free Space | 19.21% Space Free | Partition Type: NTFS

Computer Name: COOP-PC | User Name: Coop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/15 22:52:45 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Coop\Desktop\OTL.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/20 05:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/20 00:32:17 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\aol\1253675026\ee\aolsoftware.exe
PRC - [2009/07/10 13:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009/06/07 08:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2008/07/11 03:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
PRC - [2008/05/14 18:42:56 | 005,958,656 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/10 20:16:27 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/30 22:25:39 | 000,688,128 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2010/05/30 22:25:39 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2010/05/30 22:25:38 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2010/05/30 22:25:37 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2010/05/30 22:25:37 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2010/05/30 22:25:37 | 000,528,384 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2010/05/30 22:25:37 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2010/05/30 22:25:36 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2010/05/30 22:25:36 | 001,400,832 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2010/05/30 22:25:36 | 000,872,448 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2010/05/30 22:25:36 | 000,462,848 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2010/05/30 22:25:33 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2010/05/30 22:25:32 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2010/05/30 22:25:32 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2010/05/30 22:25:30 | 000,128,512 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2010/05/30 22:25:30 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2010/05/30 22:25:29 | 000,466,944 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2010/05/30 22:25:29 | 000,404,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2010/05/30 22:25:29 | 000,354,816 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2010/05/30 22:25:29 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2010/05/30 22:25:29 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2010/05/30 22:25:28 | 001,564,672 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2010/05/30 22:25:28 | 001,297,408 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2010/05/30 22:25:28 | 000,679,936 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2010/05/30 22:25:28 | 000,339,968 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2010/05/30 22:25:28 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2010/05/30 22:25:28 | 000,261,120 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2010/05/30 22:25:28 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2010/05/30 22:25:28 | 000,171,008 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2010/05/30 22:25:28 | 000,117,760 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2010/05/30 22:25:28 | 000,097,280 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2010/05/30 22:25:28 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2010/05/30 22:25:27 | 000,757,760 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2010/05/30 22:25:27 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2008/07/11 03:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
MOD - [2008/05/14 18:42:56 | 005,958,656 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
MOD - [2008/04/15 10:07:34 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\AsSpindownTimeout.dll
MOD - [2006/01/10 04:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2005/05/11 16:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\pngio.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:*64bit:* - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:*64bit:* - [2011/05/24 23:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:*64bit:* - [2009/09/12 01:40:22 | 002,287,360 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV:*64bit:* - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/14 20:23:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/08 23:59:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/21 13:50:02 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/05/28 03:14:56 | 001,044,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/20 00:32:17 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/15 16:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Program Files (x86)\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/07 08:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:*64bit:* - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:*64bit:* - [2011/09/21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:*64bit:* - [2011/06/22 16:56:36 | 000,513,080 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:*64bit:* - [2011/06/22 16:53:27 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:*64bit:* - [2011/05/25 00:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:*64bit:* - [2011/05/24 22:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:*64bit:* - [2011/03/30 14:46:30 | 000,111,632 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:*64bit:* - [2010/04/07 15:08:43 | 001,261,568 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:*64bit:* - [2010/03/12 22:56:56 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:*64bit:* - [2009/10/04 02:24:35 | 000,312,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:*64bit:* - [2009/10/04 02:24:34 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:*64bit:* - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:*64bit:* - [2009/08/09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:*64bit:* - [2009/08/05 06:18:34 | 000,057,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E)
DRV:*64bit:* - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2009/04/11 01:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:*64bit:* - [2009/04/09 17:35:08 | 001,561,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:*64bit:* - [2009/04/09 17:34:54 | 000,118,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:*64bit:* - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mcdbus.sys -- (mcdbus)
DRV:*64bit:* - [2008/05/08 02:21:54 | 000,090,512 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:*64bit:* - [2006/11/29 18:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wanatw64.sys -- (wanatw)
DRV:*64bit:* - [2006/11/01 19:23:00 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{DCF78BD1-FC5F-45E6-AAE6-84F1F5C1C24A}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Coop\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Coop\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Coop\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/24 20:05:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/27 18:06:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/08 23:59:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/15 19:57:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Coop\AppData\Roaming\Move Networks [2010/03/28 15:52:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/24 20:05:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/08 23:59:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/15 19:57:08 | 000,000,000 | ---D | M]

[2010/01/23 13:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coop\AppData\Roaming\Mozilla\Extensions
[2012/08/08 23:58:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coop\AppData\Roaming\Mozilla\Firefox\Profiles\sy8v5ryx.default\extensions
[2011/05/28 12:44:18 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Users\Coop\AppData\Roaming\Mozilla\Firefox\Profiles\sy8v5ryx.default\extensions\[email protected]
[2011/06/22 16:53:21 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Coop\AppData\Roaming\Mozilla\Firefox\Profiles\sy8v5ryx.default\extensions\[email protected]
[2011/06/22 16:53:12 | 000,002,055 | ---- | M] () -- C:\Users\Coop\AppData\Roaming\Mozilla\Firefox\Profiles\sy8v5ryx.default\searchplugins\daemon-search.xml
[2012/08/18 14:21:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/14 18:59:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/08/08 23:59:11 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2008/11/06 07:42:54 | 000,002,275 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\aolsearch.xml
[2012/08/08 23:57:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/08 23:57:51 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Coop\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Coop\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Coop\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Coop\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Coop\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/19 23:21:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:*64bit:* - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:*64bit:* - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:*64bit:* - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:*64bit:* - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4:*64bit:* - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4:*64bit:* - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1253675026\ee\AOLSoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:*64bit:* - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:*64bit:* - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.ascensus.com/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF18AE1E-3EA5-4EC6-A01E-508FBAF6A315}: DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
O18:*64bit:* - Protocol\Handler\belarc - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Coop\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Coop\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/24 12:47:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/08/24 12:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/24 12:46:49 | 000,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/08/20 19:11:14 | 000,000,000 | --SD | C] -- C:\puppy
[2012/08/19 23:21:48 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/08/19 23:12:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/19 23:12:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/19 23:12:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/19 23:12:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/19 23:12:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/19 20:32:33 | 004,734,695 | R--- | C] (Swearware) -- C:\Users\Coop\Desktop\puppy.exe
[2012/08/19 18:31:37 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2012/08/19 18:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/19 18:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/19 12:09:44 | 002,208,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Coop\Desktop\tdsskiller.exe
[2012/08/19 11:11:26 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Coop\Desktop\aswMBR.exe
[2012/08/18 14:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2012/08/18 14:20:25 | 000,000,000 | ---D | C] -- C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/08/16 19:45:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/16 19:11:59 | 000,000,000 | ---D | C] -- C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2012/08/15 22:52:44 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Coop\Desktop\OTL.exe
[2012/08/15 20:10:52 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Coop\Desktop\dds.com
[2012/08/15 20:00:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 20:00:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/15 20:00:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 20:00:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 20:00:10 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/15 20:00:10 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/15 20:00:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/15 20:00:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 20:00:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 20:00:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/15 20:00:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/15 20:00:09 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 20:00:08 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 18:43:46 | 000,788,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/15 18:43:46 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2012/08/15 18:43:44 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/09 00:00:01 | 000,000,000 | ---D | C] -- C:\Users\Coop\AppData\Local\Macromedia
[2012/08/08 23:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/08/08 23:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2010/03/12 22:56:56 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Coop\AppData\Roaming\pcouffin.sys
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/24 12:56:09 | 000,706,952 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/24 12:56:09 | 000,606,630 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/24 12:56:09 | 000,105,230 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/24 12:49:24 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/24 12:49:24 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/24 12:49:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/24 12:49:03 | 001,916,644 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012/08/24 12:47:51 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/24 12:47:33 | 000,721,800 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/24 12:22:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/24 11:30:18 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2800502796-835880612-2508068223-1000UA.job
[2012/08/22 20:39:38 | 002,460,382 | ---- | M] () -- C:\Users\Coop\Documents\Desktop No Gadgets or Startup items.zip
[2012/08/20 22:08:36 | 000,000,000 | ---- | M] () -- C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012/08/20 19:10:33 | 004,734,695 | R--- | M] (Swearware) -- C:\Users\Coop\Desktop\puppy.exe
[2012/08/19 23:21:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/19 20:33:07 | 000,000,709 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/08/19 18:53:52 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/19 18:32:10 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/19 13:02:13 | 000,000,561 | ---- | M] () -- C:\Users\Coop\Desktop\MBR.zip
[2012/08/19 13:01:54 | 000,000,512 | ---- | M] () -- C:\Users\Coop\Desktop\MBR.dat
[2012/08/19 12:39:09 | 000,000,285 | ---- | M] () -- C:\Users\Coop\Desktop\DisableSptd.zip
[2012/08/19 12:32:38 | 000,000,238 | ---- | M] () -- C:\Users\Coop\Desktop\DisableSptd.reg
[2012/08/19 12:30:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2800502796-835880612-2508068223-1000Core.job
[2012/08/19 12:09:47 | 002,208,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Coop\Desktop\tdsskiller.exe
[2012/08/19 11:12:03 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Coop\Desktop\aswMBR.exe
[2012/08/18 14:35:42 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/18 14:20:26 | 000,001,099 | ---- | M] () -- C:\Users\Coop\Desktop\Revo Uninstaller.lnk
[2012/08/16 19:11:59 | 000,000,318 | ---- | M] () -- C:\Users\Coop\Desktop\Curse Client.appref-ms
[2012/08/15 22:52:45 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Coop\Desktop\OTL.exe
[2012/08/15 20:10:53 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Coop\Desktop\dds.com
[2012/08/15 20:04:34 | 000,265,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/15 19:57:08 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/14 20:23:15 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/14 20:23:15 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/14 19:31:21 | 000,002,037 | ---- | M] () -- C:\Users\Coop\Desktop\Google Chrome.lnk
[2012/08/14 19:31:21 | 000,001,999 | ---- | M] () -- C:\Users\Coop\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/12 13:03:27 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/08/12 13:03:27 | 000,001,417 | ---- | M] () -- C:\Users\Coop\Desktop\DivX Movies.lnk
[2012/08/12 13:03:19 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/24 12:47:51 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/08/24 12:47:44 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/24 12:47:33 | 000,721,800 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/22 20:39:37 | 002,460,382 | ---- | C] () -- C:\Users\Coop\Documents\Desktop No Gadgets or Startup items.zip
[2012/08/20 22:06:04 | 000,000,000 | ---- | C] () -- C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012/08/19 23:12:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/19 23:12:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/19 23:12:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/19 23:12:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/19 23:12:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/19 18:32:10 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/19 13:01:54 | 000,000,512 | ---- | C] () -- C:\Users\Coop\Desktop\MBR.dat
[2012/08/19 12:39:08 | 000,000,285 | ---- | C] () -- C:\Users\Coop\Desktop\DisableSptd.zip
[2012/08/19 12:32:38 | 000,000,238 | ---- | C] () -- C:\Users\Coop\Desktop\DisableSptd.reg
[2012/08/19 11:52:36 | 000,000,561 | ---- | C] () -- C:\Users\Coop\Desktop\MBR.zip
[2012/08/18 14:34:31 | 000,002,010 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
[2012/07/27 18:05:58 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/05/24 22:28:55 | 000,034,814 | ---- | C] () -- C:\Users\Coop\AppData\Local\dt.dat
[2012/05/16 18:18:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/12 11:38:50 | 000,000,000 | ---- | C] () -- C:\Windows\TMonitor64.INI
[2012/02/09 20:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/14 21:33:40 | 000,040,130 | ---- | C] () -- C:\Users\Coop\AppData\Roaming\UserTile.png
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/19 09:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/24 19:59:29 | 000,223,096 | ---- | C] () -- C:\Windows\hpwins24.dat
[2011/03/17 13:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/07 12:56:00 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010/10/03 20:09:10 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2010/10/03 20:09:09 | 000,000,053 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2010/10/03 20:09:04 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2010/10/03 20:08:55 | 000,083,777 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2010/05/30 20:57:38 | 000,324,369 | ---- | C] () -- C:\Users\Coop\EQ2_000004.jpg
[2010/05/30 20:57:38 | 000,324,111 | ---- | C] () -- C:\Users\Coop\EQ2_000003.jpg
[2010/03/12 22:56:56 | 000,007,859 | ---- | C] () -- C:\Users\Coop\AppData\Roaming\pcouffin.cat
[2010/03/12 22:56:56 | 000,001,167 | ---- | C] () -- C:\Users\Coop\AppData\Roaming\pcouffin.inf
[2009/05/09 12:21:47 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/11/01 13:26:14 | 000,001,460 | ---- | C] () -- C:\Users\Coop\AppData\Local\d3d9caps64.dat
[2008/11/01 03:41:47 | 000,135,680 | ---- | C] () -- C:\Users\Coop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/01 02:25:28 | 000,001,356 | ---- | C] () -- C:\Users\Coop\AppData\Local\d3d9caps.dat

< End of report >


----------



## rcoops72 (Jun 11, 2011)

CookieGal - The program only popped up the OTL.txt not the extra.txt

I do have an extra.txt on my desktop where the OTL.exe is and it is on old one from 

"OTL Extras logfile created on: 8/15/2012 10:53:47 PM - Run 1"

Should I delete both .txt files and run the scan again


----------



## dvk01 (Dec 14, 2002)

Cookiegal said:


> Glad to hear that. :up: Sorry, I ran into some people and was gone longer than expected.
> 
> I believe the userinit.ext detection was false because of what occurred but we can upload it to be checked for sure.
> 
> ...


The userinit.exe uploaded to spykiller forum is the legitimate Vista version with the correct MD5 & SH1A # so hasn't been altered at all


----------



## rcoops72 (Jun 11, 2011)

dvk01 Thank you!


----------



## Cookiegal (Aug 27, 2003)

dvk01 said:


> The userinit.exe uploaded to spykiller forum is the legitimate Vista version with the correct MD5 & SH1A # so hasn't been altered at all


I was 99.99999% sure of that but wanted to be 100% sure. Thanks for checking it out for us Derek.


----------



## Cookiegal (Aug 27, 2003)

rcoops72 said:


> Wow avg is not friendly I right clicked avg in control panel and selected uninstall. As soon as I did my of went into power save mode monitor **** down and the only option I had was to reboot.
> After reboot pc still looks ok. You ever hear of that happening lol


I've never heard of that happening but AVG does have its hooks deep in the system.


----------



## rcoops72 (Jun 11, 2011)

Should I rescan to see if an extra.txt file pops up? 

I will delete the other two files on my desktop prior


----------



## Cookiegal (Aug 27, 2003)

rcoops72 said:


> Should I rescan to see if an extra.txt file pops up?
> 
> I will delete the other two files on my desktop prior


No, I think we can do without the extra log. I'm reviewing the entire thread to see if anything else needs to be done.


----------



## Cookiegal (Aug 27, 2003)

The only thing I see left from AVG is a Chrome extension:

CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plug ins/avgnpss.dll

Can you get rid of that in the browser? If not, we can use OTL to remove it.

Also, please read the following about the Daemon Tools Toolbar which I recommend uninstalling:

http://www.systemlookup.com/CLSID/29780-DTToolbar_dll_DTToolbar64_dll.html

You can delete these two files from your desktop (they were created after running aswmbr for backup purposes and are no longer needed).

C:\Users\Coop\Desktop\MBR.zip
C:\Users\Coop\Desktop\MBR.dat

Your Adobe Reader is an older version and should be updated to the latest one to patch any vulnerabilities.

Everything else looks fine.

If you want, we can use SystemLook to do some searches for other AVG remnants.


----------



## rcoops72 (Jun 11, 2011)

OK I uninstalled the Toolbar thank you. I would never use it anyway.

Funny the plugin does not exist in the Chrome settings.

let me update Adobe and then yes lets run System Look for AVG Remnants.

Thanks


----------



## rcoops72 (Jun 11, 2011)

Sorry Also after I clicked to make Google Chrome my default browser two desktop.ini loaded to my desktop lol

Here is what is inside them...Can I delete them no idea why they are on my desktop

[.ShellClassInfo]
[email protected]%SystemRoot%\system32\shell32.dll,-21799

[.ShellClassInfo]
[email protected]%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

[LocalizedFileNames]


----------



## Cookiegal (Aug 27, 2003)

They are only there because files have been unhidden for now. These should be left alone. They will be hidden again when we finish up. 

Please run SystemLook again.


Copy the content of the following code box into the main text field:

```
:filefind
*avg*
:folderfind
*avg*
:regfind 
avg
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## rcoops72 (Jun 11, 2011)

Hey Cookie I have to run out for about 35 mins...I will be able to run this once I get back ok. Sorry I have to go pickup my Daughter from Daycare.


----------



## Cookiegal (Aug 27, 2003)

That's alright. I have to start dinner and then won't be available until later on.


----------



## rcoops72 (Jun 11, 2011)

Back and Here is the SYSTEMLOOK Log:

SystemLook 30.07.11 by jpshortstuff
Log created at 18:53 on 24/08/2012 by Coop
Administrator - Elevation successful

========== filefind ==========

Searching for "*avg*"
C:\Program Files (x86)\Spybot - Search & Destroy\LCULIYVTSDZELAVGM.scr	--a---- 5365592 bytes	[16:48 26/04/2009]	[20:31 26/01/2009] 0477C2F9171599CA5BC3307FDFBA8D89
C:\ProgramData\avg9\Log\avgcfg.log.lock	--a---- 0 bytes	[00:12 11/11/2009]	[00:12 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgcfgex.log.lock	--a---- 0 bytes	[06:46 28/11/2009]	[06:46 28/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgchjw.log.1	--a---- 1024200 bytes	[00:15 11/11/2009]	[17:39 26/11/2010] 8B8A1BC559C505B0E807AEE48EF76ABD
C:\ProgramData\avg9\Log\avgchjw.log.10	--a---- 1024092 bytes	[00:15 11/11/2009]	[22:50 26/10/2010] B596AC22FE1E0EFEA60971087312171C
C:\ProgramData\avg9\Log\avgchjw.log.2	--a---- 1024170 bytes	[00:15 11/11/2009]	[03:36 24/11/2010] 79121A0110A31A9CA7E53C25866DA09F
C:\ProgramData\avg9\Log\avgchjw.log.3	--a---- 1024510 bytes	[00:15 11/11/2009]	[14:57 20/11/2010] 29B7A8B41884CF2CB92E88A8EB612048
C:\ProgramData\avg9\Log\avgchjw.log.4	--a---- 1024394 bytes	[00:15 11/11/2009]	[05:19 16/11/2010] 3A38B218F269B900B451F02603D07C92
C:\ProgramData\avg9\Log\avgchjw.log.5	--a---- 1024022 bytes	[00:15 11/11/2009]	[01:54 13/11/2010] 714E0D2DD0CB4E5FB95DF3A3768BBD0F
C:\ProgramData\avg9\Log\avgchjw.log.6	--a---- 1024256 bytes	[00:15 11/11/2009]	[03:26 08/11/2010] B340CBAE1845434C5ACFB81FC6707309
C:\ProgramData\avg9\Log\avgchjw.log.7	--a---- 1024026 bytes	[00:15 11/11/2009]	[06:11 06/11/2010] DA0671B1AF56715B38DD3BEF7E26E257
C:\ProgramData\avg9\Log\avgchjw.log.8	--a---- 1024186 bytes	[00:15 11/11/2009]	[23:50 01/11/2010] EBC147A7946644E8593B591817DAACC4
C:\ProgramData\avg9\Log\avgchjw.log.9	--a---- 1024082 bytes	[00:15 11/11/2009]	[13:05 30/10/2010] 25B1565A6B99E5008EFB71C5B67E6826
C:\ProgramData\avg9\Log\avgchjw.log.lock	--a---- 0 bytes	[00:15 11/11/2009]	[00:15 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgchjwsrv.log.1	--a---- 1024434 bytes	[00:15 11/11/2009]	[15:05 14/11/2010] 1C1407917819CE0C9A7D4E966105E081
C:\ProgramData\avg9\Log\avgchjwsrv.log.2	--a---- 1024120 bytes	[00:15 11/11/2009]	[11:52 06/10/2010] 6576C6872ADADCDDEE7C72424FE25050
C:\ProgramData\avg9\Log\avgchjwsrv.log.3	--a---- 1024006 bytes	[00:15 11/11/2009]	[15:46 10/09/2010] AE269ACDF67BFE1F799AA6AC1AC9202F
C:\ProgramData\avg9\Log\avgchjwsrv.log.4	--a---- 1024064 bytes	[00:15 11/11/2009]	[16:03 16/08/2010] C1F5D3B33E87AF4A525C8914AF51531A
C:\ProgramData\avg9\Log\avgchjwsrv.log.5	--a---- 1024200 bytes	[00:15 11/11/2009]	[13:24 21/07/2010] B548249E65D3CF55C68B4A25ACEFE9E7
C:\ProgramData\avg9\Log\avgchjwsrv.log.6	--a---- 1024274 bytes	[00:15 11/11/2009]	[13:26 07/06/2010] D59E64D0B0353344935C4C7CF1C44381
C:\ProgramData\avg9\Log\avgchjwsrv.log.7	--a---- 1024086 bytes	[00:15 11/11/2009]	[22:44 07/05/2010] 8E579AC59D657C8D17393D62725B37CF
C:\ProgramData\avg9\Log\avgchjwsrv.log.8	--a---- 1024006 bytes	[00:15 11/11/2009]	[16:32 13/04/2010] 2C6AC64AD65E5E0F1BADFA52C174C2CC
C:\ProgramData\avg9\Log\avgchjwsrv.log.9	--a---- 1024152 bytes	[00:15 11/11/2009]	[04:00 21/12/2009] 4792B69CED759649E69A74F9809706FF
C:\ProgramData\avg9\Log\avgchjwsrv.log.lock	--a---- 0 bytes	[00:15 11/11/2009]	[00:15 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgcore.log.1	--a---- 1024352 bytes	[00:12 11/11/2009]	[00:16 23/11/2010] D5F62BFB424C133C76D6578584DA7643
C:\ProgramData\avg9\Log\avgcore.log.10	--a---- 1025014 bytes	[00:12 11/11/2009]	[15:45 01/08/2010] 68F62176DA90BCFECA1014BA8171A86C
C:\ProgramData\avg9\Log\avgcore.log.2	--a---- 1024204 bytes	[00:12 11/11/2009]	[17:36 06/11/2010] 239712AACE1C55F80AB86A38B7362464
C:\ProgramData\avg9\Log\avgcore.log.3	--a---- 1024232 bytes	[00:12 11/11/2009]	[00:16 29/10/2010] 5D730FA7D9608E5E89182DA7F247F938
C:\ProgramData\avg9\Log\avgcore.log.4	--a---- 1024150 bytes	[00:12 11/11/2009]	[16:39 09/10/2010] F0FCF711AA57E72335E1DD07B086ECE4
C:\ProgramData\avg9\Log\avgcore.log.5	--a---- 1024042 bytes	[00:12 11/11/2009]	[02:15 30/09/2010] F1455053CBC009D64F0254B5B3C2EC34
C:\ProgramData\avg9\Log\avgcore.log.6	--a---- 1024098 bytes	[00:12 11/11/2009]	[14:36 15/09/2010] 71FB4F13B486253B50D427B64CE485B9
C:\ProgramData\avg9\Log\avgcore.log.7	--a---- 1024314 bytes	[00:12 11/11/2009]	[21:31 01/09/2010] 84B1782FA3F932E48689BAD27E999EA9
C:\ProgramData\avg9\Log\avgcore.log.8	--a---- 1024214 bytes	[00:12 11/11/2009]	[03:36 25/08/2010] 54F67893075EFB1C82CAE44BB30FA95A
C:\ProgramData\avg9\Log\avgcore.log.9	--a---- 1024236 bytes	[00:12 11/11/2009]	[15:25 10/08/2010] 838EE111F1AC30D233D8F29DD419A509
C:\ProgramData\avg9\Log\avgcore.log.lock	--a---- 0 bytes	[00:12 11/11/2009]	[00:12 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgfrw.log.lock	--a---- 0 bytes	[00:12 11/11/2009]	[00:12 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgldr.log.lock	--a---- 0 bytes	[00:15 11/11/2009]	[00:15 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avglng.log.1	--a---- 1024098 bytes	[12:47 19/04/2010]	[03:19 26/06/2010] 7C18562D5E89C871A96C55DF635BA8D2
C:\ProgramData\avg9\Log\avglng.log.lock	--a---- 0 bytes	[00:12 11/11/2009]	[00:12 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgrs.log.1	--a---- 1024270 bytes	[00:15 11/11/2009]	[23:40 24/11/2010] 8C21EF298266D14C783EC96D4628D2C9
C:\ProgramData\avg9\Log\avgrs.log.10	--a---- 1024038 bytes	[00:15 11/11/2009]	[12:13 11/10/2010] 30170651B821A6C17A215F5BC8FA314A
C:\ProgramData\avg9\Log\avgrs.log.2	--a---- 1024062 bytes	[00:15 11/11/2009]	[15:57 19/11/2010] BAC2CB8CF936D5B0A3F6A8BA70FAE0BF
C:\ProgramData\avg9\Log\avgrs.log.3	--a---- 1024024 bytes	[00:15 11/11/2009]	[04:50 14/11/2010] B039B2241A0E1C9EB81974A22F74EC16
C:\ProgramData\avg9\Log\avgrs.log.4	--a---- 1024104 bytes	[00:15 11/11/2009]	[03:13 10/11/2010] BBEC90012888D1845D81A8070B5F5E12
C:\ProgramData\avg9\Log\avgrs.log.5	--a---- 1024262 bytes	[00:15 11/11/2009]	[23:00 05/11/2010] 4E6EEC52D359FFCDE45B1ABEDDC072B1
C:\ProgramData\avg9\Log\avgrs.log.6	--a---- 1024180 bytes	[00:15 11/11/2009]	[23:25 29/10/2010] 7B75388AC8656DB17187952834DE4F42
C:\ProgramData\avg9\Log\avgrs.log.7	--a---- 1024522 bytes	[00:15 11/11/2009]	[10:26 23/10/2010] EA0EB689C431A16B7252B3D3DA8BCD06
C:\ProgramData\avg9\Log\avgrs.log.8	--a---- 1024102 bytes	[00:15 11/11/2009]	[15:08 17/10/2010] DA460D6DBF4E18E07A47ED3CE35D5B0B
C:\ProgramData\avg9\Log\avgrs.log.9	--a---- 1024144 bytes	[00:15 11/11/2009]	[22:39 14/10/2010] 4D5C13C9B66DAE1C33D64E1C624C8820
C:\ProgramData\avg9\Log\avgrs.log.lock	--a---- 0 bytes	[00:15 11/11/2009]	[00:15 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgscan.log.lock	--a---- 0 bytes	[14:23 29/11/2009]	[14:23 29/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgsched.log.1	--a---- 1024382 bytes	[00:15 11/11/2009]	[17:48 27/11/2010] A1855A3DD08DE44C4D1FC3BD10D7F10E
C:\ProgramData\avg9\Log\avgsched.log.10	--a---- 1024156 bytes	[00:15 11/11/2009]	[00:46 06/09/2010] F34AA087D0433A17686E3AA3C6969A5B
C:\ProgramData\avg9\Log\avgsched.log.2	--a---- 1024038 bytes	[00:15 11/11/2009]	[19:47 19/11/2010] 3980747CFED08AC4595D337EDDA0C66C
C:\ProgramData\avg9\Log\avgsched.log.3	--a---- 1024008 bytes	[00:15 11/11/2009]	[23:36 09/11/2010] 72CEEF2D8EC213FB6850BB3C30588ECD
C:\ProgramData\avg9\Log\avgsched.log.4	--a---- 1024134 bytes	[00:15 11/11/2009]	[13:33 31/10/2010] 8716599795FBE27E53F09E37BC4BC0F9
C:\ProgramData\avg9\Log\avgsched.log.5	--a---- 1024132 bytes	[00:15 11/11/2009]	[23:11 19/10/2010] C690D8C5E6092CDC5D62742087FE279F
C:\ProgramData\avg9\Log\avgsched.log.6	--a---- 1024262 bytes	[00:15 11/11/2009]	[20:03 10/10/2010] F17A6BF6F02753E1083E0D9FF4246048
C:\ProgramData\avg9\Log\avgsched.log.7	--a---- 1024254 bytes	[00:15 11/11/2009]	[22:36 27/09/2010] 9785586DB76C30B5E83553EFA247882A
C:\ProgramData\avg9\Log\avgsched.log.8	--a---- 1024060 bytes	[00:15 11/11/2009]	[16:35 18/09/2010] C3A0AFAAECE40908F0CFD1CFF93C29C7
C:\ProgramData\avg9\Log\avgsched.log.9	--a---- 1024126 bytes	[00:15 11/11/2009]	[13:07 12/09/2010] 45D9A7F19ADD2391064D96328C2FB8EE
C:\ProgramData\avg9\Log\avgsched.log.lock	--a---- 0 bytes	[00:15 11/11/2009]	[00:15 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgsrm.log.lock	--a---- 0 bytes	[00:16 11/11/2009]	[00:16 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgtdi.log.lock	--a---- 0 bytes	[00:15 11/11/2009]	[00:15 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgui.log.1	--a---- 1024064 bytes	[00:16 11/11/2009]	[03:42 23/11/2010] 78849AEF3C1F56B7D69F08E53C9C60E4
C:\ProgramData\avg9\Log\avgui.log.2	--a---- 1024046 bytes	[00:16 11/11/2009]	[11:49 08/08/2010] 687D9645592D5FBC20F28275C028F3FD
C:\ProgramData\avg9\Log\avgui.log.3	--a---- 1024316 bytes	[00:16 11/11/2009]	[12:49 02/06/2010] 67A2A017FF973DCEBE255F1F5536F730
C:\ProgramData\avg9\Log\avgui.log.4	--a---- 1024526 bytes	[00:16 11/11/2009]	[05:05 28/11/2009] D420A4D9A7CDF3AECD08CBD433508CE1
C:\ProgramData\avg9\Log\avgui.log.lock	--a---- 0 bytes	[00:16 11/11/2009]	[00:16 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgupd.log.lock	--a---- 0 bytes	[00:17 11/11/2009]	[00:17 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgwd.log.1	--a---- 1024278 bytes	[00:15 11/11/2009]	[23:38 18/11/2010] 4D4C73FA0CADDB7E68F0C05E03C0821A
C:\ProgramData\avg9\Log\avgwd.log.10	--a---- 1024066 bytes	[00:15 11/11/2009]	[19:30 18/08/2010] 13297A534A80025AFD0E0CAE5150D90B
C:\ProgramData\avg9\Log\avgwd.log.2	--a---- 1024110 bytes	[00:15 11/11/2009]	[07:05 06/11/2010] EC939B7CD975878E74ED5E9BBD216357
C:\ProgramData\avg9\Log\avgwd.log.3	--a---- 1024160 bytes	[00:15 11/11/2009]	[13:19 22/10/2010] 30872987E9AD87D2A34D75F5BE57488F
C:\ProgramData\avg9\Log\avgwd.log.4	--a---- 1024274 bytes	[00:15 11/11/2009]	[12:13 11/10/2010] DD6FCFA5B70A45D29F86222D0F5D4545
C:\ProgramData\avg9\Log\avgwd.log.5	--a---- 1024148 bytes	[00:15 11/11/2009]	[03:26 29/09/2010] 237C7C7307FF2720894BC2E149EDA90A
C:\ProgramData\avg9\Log\avgwd.log.6	--a---- 1024062 bytes	[00:15 11/11/2009]	[07:45 19/09/2010] 351F3E8C1F51E20ACB4758EF9351F018
C:\ProgramData\avg9\Log\avgwd.log.7	--a---- 1024284 bytes	[00:15 11/11/2009]	[02:27 13/09/2010] 61714C33F44483D36FBEC4A582647B5F
C:\ProgramData\avg9\Log\avgwd.log.8	--a---- 1024204 bytes	[00:15 11/11/2009]	[00:46 06/09/2010] 2A7E756CF5E4EC30C99CE849957F4C52
C:\ProgramData\avg9\Log\avgwd.log.9	--a---- 1024052 bytes	[00:15 11/11/2009]	[12:04 26/08/2010] 4D2B2AF8F7659494A1637AEB528E19C7
C:\ProgramData\avg9\Log\avgwd.log.lock	--a---- 0 bytes	[00:15 11/11/2009]	[00:15 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgwdsvc.log.lock	--a---- 0 bytes	[00:15 11/11/2009]	[00:15 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\MFAData\SelfUpd\avg.snu	--a---- 150 bytes	[23:18 03/10/2011]	[19:17 06/05/2011] B8FB047A5AF76A55F50D018E8263AD47
C:\ProgramData\MFAData\SelfUpd\avgabout.dll	--a---- 1227616 bytes	[23:18 03/10/2011]	[09:39 13/04/2011] 4AAAF56222E0ACC070DDBA038998D6C8
C:\ProgramData\MFAData\SelfUpd\avgamnot.dll	--a---- 476000 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] DE81240BD5476BB8AA2261349AB32FF8
C:\ProgramData\MFAData\SelfUpd\avgapia.dll	--a---- 7962976 bytes	[23:18 03/10/2011]	[05:33 18/08/2011] EA3BBE6503E33E9046046C77A7B0964C
C:\ProgramData\MFAData\SelfUpd\avgapix.dll	--a---- 4193632 bytes	[23:18 03/10/2011]	[05:33 18/08/2011] FD5AB675C3C308AE767032502B6BF881
C:\ProgramData\MFAData\SelfUpd\avgar_us.chm	--a---- 35871 bytes	[23:18 03/10/2011]	[22:49 13/05/2011] 72D8535164BAF188D07ADC06AA8D4DC8
C:\ProgramData\MFAData\SelfUpd\avgatend.stp	--a---- 32 bytes	[23:18 03/10/2011]	[23:18 03/10/2011] 34C50B69C2B299929457A85A8E030F38
C:\ProgramData\MFAData\SelfUpd\avgatupd.stp	--a---- 32 bytes	[23:18 03/10/2011]	[23:18 03/10/2011] 34C50B69C2B299929457A85A8E030F38
C:\ProgramData\MFAData\SelfUpd\avgcclia.dll	--a---- 683360 bytes	[23:18 03/10/2011]	[07:00 28/03/2011] 2E6F4C1F13031C7B2AC1F3A75DB59A96
C:\ProgramData\MFAData\SelfUpd\avgcclix.dll	--a---- 450912 bytes	[23:18 03/10/2011]	[07:00 28/03/2011] E175A3A80D3626A3EB01A378D758DF8C
C:\ProgramData\MFAData\SelfUpd\avgcerta.dll	--a---- 1139040 bytes	[23:18 03/10/2011]	[09:32 08/02/2011] E842BEEE8B100CE128C1EC70B462E078
C:\ProgramData\MFAData\SelfUpd\avgcertx.dll	--a---- 867168 bytes	[23:18 03/10/2011]	[09:32 08/02/2011] 1E9839FD8F51E4836A219ABCBDCBEA6B
C:\ProgramData\MFAData\SelfUpd\avgcfga.dll	--a---- 1997152 bytes	[23:18 03/10/2011]	[18:03 22/08/2011] FE2F942ED460F8C8E8B8F84A0CF82FD6
C:\ProgramData\MFAData\SelfUpd\avgcfgex.exe	--a---- 580960 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 525C1BB5EB4F216714DF6348E68B8822
C:\ProgramData\MFAData\SelfUpd\avgcfgx.dll --a---- 1128800 bytes	[23:18 03/10/2011]	[18:03 22/08/2011] F564B7BE14C719D12C53B902B840CF2A
C:\ProgramData\MFAData\SelfUpd\avgchcla.dll	--a---- 354144 bytes	[23:18 03/10/2011]	[09:32 08/02/2011] 33BAC6BB9AE471B8F1CB54337BE6D03D
C:\ProgramData\MFAData\SelfUpd\avgchclx.dll	--a---- 246112 bytes	[23:18 03/10/2011]	[09:32 08/02/2011] DB359D68D8B5D7E1C0A1961916BBA905
C:\ProgramData\MFAData\SelfUpd\avgchjwa.dll	--a---- 763232 bytes	[23:18 03/10/2011]	[23:07 27/05/2011] BB63418C7269D1327ED2B95D13F76B4C
C:\ProgramData\MFAData\SelfUpd\avgchsva.exe	--a---- 1147232 bytes	[23:18 03/10/2011]	[18:13 23/05/2011] B737DB264CB1B5FFA2A886E3B940434A
C:\ProgramData\MFAData\SelfUpd\avgclita.dll	--a---- 467808 bytes	[23:18 03/10/2011]	[05:32 18/08/2011] 98A243951E968F19B27CD6CDB7EAA436
C:\ProgramData\MFAData\SelfUpd\avgclitx.dll	--a---- 334688 bytes	[23:18 03/10/2011]	[05:32 18/08/2011] F71ECAB18972467500609A8FA4E98F33
C:\ProgramData\MFAData\SelfUpd\avgcmgr.exe	--a---- 1559392 bytes	[23:18 03/10/2011]	[09:56 20/04/2011] CAE3131129F253979E879C84D72D57A0
C:\ProgramData\MFAData\SelfUpd\avgcorea.dll	--a---- 6833504 bytes	[23:18 03/10/2011]	[14:49 04/08/2011] 4D2E9212286A186D02A53E1C663F73F5
C:\ProgramData\MFAData\SelfUpd\avgcorex.dll	--a---- 4992352 bytes	[23:18 03/10/2011]	[14:49 04/08/2011] 9DF80626266AABD12D03744ED6BF8361
C:\ProgramData\MFAData\SelfUpd\avgcrema.exe	--a---- 4191584 bytes	[23:18 03/10/2011]	[14:49 04/08/2011] F4D19B0666EC9E951BA195B4A6B77400
C:\ProgramData\MFAData\SelfUpd\avgcsla.dll	--a---- 2750792 bytes	[23:18 03/10/2011]	[00:10 10/05/2011] 56CE2720D770B285B2DCA2CAC31646D6
C:\ProgramData\MFAData\SelfUpd\avgcslx.dll	--a---- 1854280 bytes	[23:18 03/10/2011]	[00:09 10/05/2011] B01E5E3CFB0CE27CBEF9011EB09A0A71
C:\ProgramData\MFAData\SelfUpd\avgcsrva.exe	--a---- 519008 bytes	[23:18 03/10/2011]	[07:00 28/03/2011] 2CDA4753B39225BA3F71A0F915280ACB
C:\ProgramData\MFAData\SelfUpd\avgcsrvx.exe	--a---- 351072 bytes	[23:18 03/10/2011]	[07:00 28/03/2011] 2FE694541C5D0D2A874CCC222BBFC7D0
C:\ProgramData\MFAData\SelfUpd\avgdg_us.chm	--a---- 33696 bytes	[23:18 03/10/2011]	[22:49 13/05/2011] AC89AEEF6438CAA9228B416CFB1BFA9D
C:\ProgramData\MFAData\SelfUpd\avgdiagex.exe	--a---- 3833696 bytes	[23:18 03/10/2011]	[05:33 18/08/2011] 71C940B4D31A803CF42D2C384BF72711
C:\ProgramData\MFAData\SelfUpd\avgdumpa.exe	--a---- 416608 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] B148FBC8DE10EEE067547291003B06A3
C:\ProgramData\MFAData\SelfUpd\avgdumpx.exe	--a---- 278880 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 7425F9710FA02197E4C616293D5FBE83
C:\ProgramData\MFAData\SelfUpd\avgemca.exe	--a---- 1687904 bytes	[23:18 03/10/2011]	[20:05 16/03/2011] 0FFF051E4327DF1508CBF9EE098DEAB6
C:\ProgramData\MFAData\SelfUpd\avgfree_us.mht	--a---- 33415 bytes	[23:18 03/10/2011]	[20:28 09/02/2011] 74B3413588725D11329736614F2B8002
C:\ProgramData\MFAData\SelfUpd\avgf_us.chm	--a---- 336574 bytes	[23:18 03/10/2011]	[22:49 13/05/2011] 90F897D16E9641AE534308C8C67B7069
C:\ProgramData\MFAData\SelfUpd\avgidpsdkx.dll	--a---- 2547040 bytes	[23:18 03/10/2011]	[11:55 10/02/2011] 8F2E5F841DF279C41FA011E8F2E945BC
C:\ProgramData\MFAData\SelfUpd\avgidp_us.chm	--a---- 42609 bytes	[23:18 03/10/2011]	[22:49 13/05/2011] D1F2BCB64D624D74CCE74C4356B10CBE
C:\ProgramData\MFAData\SelfUpd\avglnga.dll	--a---- 374112 bytes	[23:18 03/10/2011]	[21:39 18/04/2011] 1353B18A8755C1B736FC11BA6B6C7D37
C:\ProgramData\MFAData\SelfUpd\avglngx.dll	--a---- 246624 bytes	[23:18 03/10/2011]	[21:39 18/04/2011] 199F9ADDB1C1E633169B9F6CB40D7724
C:\ProgramData\MFAData\SelfUpd\avgloga.dll	--a---- 1178464 bytes	[23:18 03/10/2011]	[09:52 21/02/2011] 865A55BC96244466A0A094AEB5D3D0E9
C:\ProgramData\MFAData\SelfUpd\avglogx.dll	--a---- 796512 bytes	[23:18 03/10/2011]	[09:52 21/02/2011] 3FA61EF87E49FFACE4ED58C4F1A98EB1
C:\ProgramData\MFAData\SelfUpd\avglscanx.exe	--a---- 218464 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] DE1C35CB89C0B800DE6ED82C438039CB
C:\ProgramData\MFAData\SelfUpd\avgls_us.chm	--a---- 90010 bytes	[23:18 03/10/2011]	[22:49 13/05/2011] 90953BE9027779AFCC7CEA00EEE4A5BA
C:\ProgramData\MFAData\SelfUpd\avgmfapx.exe	--a---- 5587808 bytes	[23:18 03/10/2011]	[23:18 03/10/2011] D90D7337C35636EA0E737CBD7410FC33
C:\ProgramData\MFAData\SelfUpd\avgmfarx.dll	--a---- 1757024 bytes	[23:18 03/10/2011]	[23:18 03/10/2011] 7147662E245DBE82EAB807C22EA34D25
C:\ProgramData\MFAData\SelfUpd\avgmtrapx.dll	--a---- 1045344 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] EFC07F5DD54A4659369534FF4A60DC88
C:\ProgramData\MFAData\SelfUpd\avgmvfla.dll	--a---- 220512 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] A2D996E9AD50408F3A6B38FFACDB2E0B
C:\ProgramData\MFAData\SelfUpd\avgmvflx.dll	--a---- 154464 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 350CB5AAB7EC0F562D8A90AEDD70BFE5
C:\ProgramData\MFAData\SelfUpd\avgmwdef_us.mht	--a---- 30255 bytes	[23:18 03/10/2011]	[02:27 26/08/2010] 62D68860E68478AD7A61B02247A4BCB0
C:\ProgramData\MFAData\SelfUpd\avgnsa.exe	--a---- 1817440 bytes	[23:18 03/10/2011]	[07:10 09/09/2011] 7A7A90C3FF65DD7E970229BF98A27D41
C:\ProgramData\MFAData\SelfUpd\avgntdumpa.exe	--a---- 416608 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 070F42E4B95F4FBA6FC2D09E62288BDF
C:\ProgramData\MFAData\SelfUpd\avgntdumpx.exe	--a---- 598368 bytes	[23:18 03/10/2011]	[23:18 03/10/2011] 5A052593834E79C345C7B276BFB874E8
C:\ProgramData\MFAData\SelfUpd\avgpostinstx.dll	--a---- 748896 bytes	[23:18 03/10/2011]	[05:27 30/08/2011] 8B8732E15BCB1891A6DE1C9A0A7E6634
C:\ProgramData\MFAData\SelfUpd\avgpp.dll	--a---- 183136 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 380DA1A62D2E15CE912311F161EDC4AC
C:\ProgramData\MFAData\SelfUpd\avgppa.dll	--a---- 272224 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 473AD9A1C4F32B74FF9C16A8C9B534A8
C:\ProgramData\MFAData\SelfUpd\avgresf.dll	--a---- 661344 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 4188691D4DC6FBDB8A0A1D6F2888CFD5
C:\ProgramData\MFAData\SelfUpd\avgrkta.dll	--a---- 813920 bytes	[23:18 03/10/2011]	[23:07 27/05/2011] 0D4434DB6B96BAB8F2E8523794AFACBB
C:\ProgramData\MFAData\SelfUpd\avgrsa.exe	--a---- 1165664 bytes	[23:18 03/10/2011]	[05:33 18/08/2011] 8948D4B24E6415896960776B28E7BFFD
C:\ProgramData\MFAData\SelfUpd\avgsals_us.mht	--a---- 42165 bytes	[23:18 03/10/2011]	[02:26 26/08/2010] D7F6091448220024BD1294C7655072E1
C:\ProgramData\MFAData\SelfUpd\avgsbfree_us.mht	--a---- 16566 bytes	[23:18 03/10/2011]	[23:04 29/10/2009] A08274E9F97507796BB03D3589895C54
C:\ProgramData\MFAData\SelfUpd\avgsbga.dll	--a---- 1189728 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 380DBE46A9EAC66EC24655A91D683C6A
C:\ProgramData\MFAData\SelfUpd\avgscana.dll	--a---- 310112 bytes	[23:18 03/10/2011]	[00:29 16/04/2011] 691B8022A58F249326CF830582119B30
C:\ProgramData\MFAData\SelfUpd\avgscana.exe	--a---- 1847136 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 61B1E704D5DC756010CECB8D036FA53A
C:\ProgramData\MFAData\SelfUpd\avgscanx.dll	--a---- 219488 bytes	[23:18 03/10/2011]	[00:29 16/04/2011] DA2A930CA4A75D1C2BA245F19129C8F3
C:\ProgramData\MFAData\SelfUpd\avgscanx.exe	--a---- 1088864 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 1633EAB3C7CB7301A4734191DE18DB79
C:\ProgramData\MFAData\SelfUpd\avgsched.dll	--a---- 609632 bytes	[23:18 03/10/2011]	[23:07 27/05/2011] 96EC140D8EC76556A3651987B7102F92
C:\ProgramData\MFAData\SelfUpd\avgse.dll	--a---- 207200 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 6FBFA21869A09EDE8F3A2427BAEBCBDB
C:\ProgramData\MFAData\SelfUpd\avgsea.dll	--a---- 281440 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 3FD582772C1DF4B00E219BA2CB64B622
C:\ProgramData\MFAData\SelfUpd\avgsrma.dll	--a---- 1132384 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 08BAA1EB21C86D20DAC2BDD17A6BC5D8
C:\ProgramData\MFAData\SelfUpd\avgsrmaa.exe	--a---- 1939296 bytes	[23:18 03/10/2011]	[09:35 09/02/2011] 54DB3B09D3CC94D2D43A857864110571
C:\ProgramData\MFAData\SelfUpd\avgsrmax.exe	--a---- 1265504 bytes	[23:18 03/10/2011]	[09:35 09/02/2011] DF96A17994CC265F98078C00BCCEBF5D
C:\ProgramData\MFAData\SelfUpd\avgsrmx.dll	--a---- 620896 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 90F4C3D61C6722BB0962962DBC29AD7A
C:\ProgramData\MFAData\SelfUpd\avgssie.dll	--a---- 2276704 bytes	[23:18 03/10/2011]	[07:10 09/09/2011] E37DBC42F405F0B804CF83EF6F08361D
C:\ProgramData\MFAData\SelfUpd\avgssiea.dll	--a---- 3561824 bytes	[23:18 03/10/2011]	[07:10 09/09/2011] 098D30AD219025BA367A8A5F1A86478D
C:\ProgramData\MFAData\SelfUpd\AVGTBInstall.exe	--a---- 5996872 bytes	[23:18 03/10/2011]	[21:32 08/09/2011] 5ACE18F28F6928E68D81607208F25A1E
C:\ProgramData\MFAData\SelfUpd\avgtray.exe	--a---- 2338656 bytes	[23:18 03/10/2011]	[10:28 10/09/2011] BDDBAA0906EB612971C0FCD6030DBA14
C:\ProgramData\MFAData\SelfUpd\avgtrial_us.mht	--a---- 18421 bytes	[23:18 03/10/2011]	[14:41 26/04/2011] A1A2EA681542A265FEA201BE75ADEF09
C:\ProgramData\MFAData\SelfUpd\avgui.exe	--a---- 3593056 bytes	[23:18 03/10/2011]	[10:28 10/09/2011] 9184D32514A02B9322ABFF261C3B54ED
C:\ProgramData\MFAData\SelfUpd\avguiadv.dll	--a---- 2652512 bytes	[23:18 03/10/2011]	[23:37 22/04/2011] 0D1CCAC74BA0ECFC4369B78612D78851
C:\ProgramData\MFAData\SelfUpd\avguires.dll	--a---- 2897248 bytes	[23:18 03/10/2011]	[05:30 12/04/2011] 61B12427CCBF5512E3439664C00D5FCD
C:\ProgramData\MFAData\SelfUpd\avgupd.sig	--a---- 300 bytes	[23:18 03/10/2011]	[23:18 03/10/2011] 34715B8B96BFCCEE1B41BF0BED9F5D0C
C:\ProgramData\MFAData\SelfUpd\avgupdx.dll	--a---- 2251104 bytes	[23:18 03/10/2011]	[23:18 03/10/2011] 04BBEDAF3B6F09F1ECAC8C22120D12A4
C:\ProgramData\MFAData\SelfUpd\avgvva.dll	--a---- 1314656 bytes	[23:18 03/10/2011]	[05:33 18/08/2011] 7FA76B29C47B69AC10ADD884EBB74C23
C:\ProgramData\MFAData\SelfUpd\avgvvx.dll	--a---- 737632 bytes	[23:18 03/10/2011]	[05:33 18/08/2011] A8E994FE476F00BE2ADC0B7E8A1D175C
C:\ProgramData\MFAData\SelfUpd\avgwd.dll	--a---- 2033928 bytes	[23:18 03/10/2011]	[05:29 02/09/2011] 2FA4BD725500104292CB80F61F8AC1D7
C:\ProgramData\MFAData\SelfUpd\avgwdsvc.exe	--a---- 269520 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] FC2BC51120A945F7C70376495E4E7737
C:\ProgramData\MFAData\SelfUpd\avgwdwsc.dll	--a---- 460600 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 80AEC7987F4F315DC8B65FA1A42FF554
C:\ProgramData\MFAData\SelfUpd\avgwebui.dll	--a---- 583520 bytes	[23:18 03/10/2011]	[09:38 13/04/2011] 9AA48B408E2AB8D298444C4558E86606
C:\ProgramData\MFAData\SelfUpd\avgwsc.exe	--a---- 754120 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] DD00E5497967D46D82222215B76F69C9
C:\ProgramData\MFAData\SelfUpd\avgxpl.dll	--a---- 1859424 bytes	[23:18 03/10/2011]	[05:33 18/08/2011] 82D8DC61C24C5B4D754CCD97E78DA876
C:\ProgramData\MFAData\SelfUpd\avgxpla.dll	--a---- 2762592 bytes	[23:18 03/10/2011]	[05:33 18/08/2011] E6B57215F19042EBE49894D3ED336307
C:\ProgramData\MFAData\SelfUpd\avg_us.chm	--a---- 347868 bytes	[23:18 03/10/2011]	[22:49 13/05/2011] E350F5895EEA3E675032FE77E4938512
C:\ProgramData\MFAData\SelfUpd\avg_us.lng	--a---- 669077 bytes	[23:18 03/10/2011]	[05:04 06/09/2011] 6A682AAF883E3460CB158254A39E018B
C:\Users\Coop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MF6QHW8O\avg12-background[1].gif	--a---- 116 bytes	[16:32 24/08/2012]	[16:32 24/08/2012] A529093EDDBA9AB949264F844281B70A
C:\Users\Coop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MF6QHW8O\avg_logo[1].png	--a---- 3072 bytes	[16:32 24/08/2012]	[16:32 24/08/2012] BDB5B9919E9EEF0CE6579B8CC8F6E27B
C:\Users\Coop\Downloads\avgremover.log	--a---- 121141 bytes	[16:39 24/08/2012]	[16:39 24/08/2012] ECC33725C7A7B969A59984763D0DA165
C:\Users\Coop\Downloads\avg_remover_stf_x64_2012_2125.exe	--a---- 2899344 bytes	[16:38 24/08/2012]	[16:38 24/08/2012] C4B2384739E0D27716D0CEBF8EFAC4F2
C:\Windows\Prefetch\AVGMFAPX.EXE-685E40B7.pf	--a---- 189406 bytes	[19:24 18/08/2012]	[16:32 24/08/2012] 4C1787DC4E80C7C1AEB8A5B5335DDCFC
C:\Windows\Temp\avginfo.id	--a---- 236 bytes	[22:03 22/08/2012]	[14:49 24/08/2012] C2095D3F0B717EBDE2AFA2D8FF94109A

========== folderfind ==========

Searching for "*avg*"
C:\Program Files (x86)\AVG	d------	[08:52 01/11/2008]
C:\Program Files (x86)\AVG\AVG10	d------	[18:14 27/11/2010]
C:\Program Files (x86)\AVG\AVG2012	d------	[23:21 03/10/2011]
C:\Program Files (x86)\AVG\AVG9	d------	[00:12 11/11/2009]
C:\ProgramData\AVG2012	d------	[23:22 03/10/2011]
C:\ProgramData\avg9	d------	[00:12 11/11/2009]
C:\ProgramData\avg9\AvgAm	d------	[00:12 11/11/2009]
C:\ProgramData\avg9\AvgApi	d------	[00:12 11/11/2009]
C:\Users\Coop\AppData\Roaming\Mozilla\Firefox\Profiles\sy8v5ryx.default\avg	d------	[03:56 09/08/2012]

========== regfind ==========

Searching for "avg"
[HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayRSAlert]
[HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinished]
[HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanStarted]
[HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayWSAlert]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Avg]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Avg\Avg2012]
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG10\avgtray.exe"="06/12/2011 2:55 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG10\IDENTITY PROTECTION\Agent\Bin\AVGIDSMONITOR.EXE"="06/12/2011 2:55 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG10\avgui.exe"="06/22/2011 5:16 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\Program Files (x86)\AVG\AVG10\PCTuneup\MicroScanner.exe"="07/30/2011 1:17 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG2012\avgtray.exe"="10/03/2011 7:28 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG2012\avgui.exe"="11/06/2011 11:31 AM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files (x86)\AVG\AVG10\avgssie.dll"="06/12/2011 2:55 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\Services]
"C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe"="06/12/2011 2:55 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\Services]
"C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe"="06/12/2011 2:55 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\IEHelpers]
"AVG Internet Security"="900"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Services]
"AVGIDSAgent"="700"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Services]
"AVG WatchDog"="700"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG8Uninstall]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG9Uninstall]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_CURRENT_USER\Software\WinRAR\VirusScan]
"DefScanner"="AVG Anti-Virus"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe"="AVG Installer Application"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Coop\Downloads\avg_remover_stf_x64_2012_2125.exe"="AVG Remover Utility"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Applications\avgtray.exe]
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Applications\avgtray.exe]
"TaskbarGroupIcon"="C:\Program Files (x86)\AVG\AVG2012\avguires.dll,-128"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Applications\avgui.exe]
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Applications\avgui.exe]
"TaskbarGroupIcon"="C:\Program Files (x86)\AVG\AVG2012\avguires.dll,-128"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe"="AVG Installer Application"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Coop\Downloads\avg_remover_stf_x64_2012_2125.exe"="AVG Remover Utility"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A30}\LocalServer32]
@="C:\PROGRA~2\AVG\AVG2012\PCTuneup\MICROS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}]
"LocalizedString"="@C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll,-200"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft Silverlight|4.0.60129.0|hr|system.resources.dll]
"system.resources,culture="hr",fileVersion="4.0.60129.0",processorArchitecture="MSIL",publicKeyToken="7cec85d7bea7798e",version="2.0.5.0""="3PgDT0$gy?~Dc}DI]?&!Complete4.0.60129.0>NGEM5AVgG=~j$-v0s9cr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\AECBBDF2BD264F546B5EE0F12B1A2FD9\SourceList]
"LastUsedSource"="n;1;C:\Users\Coop\AppData\Local\Temp\AVGDownloadManager\packages\41\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\AECBBDF2BD264F546B5EE0F12B1A2FD9\SourceList\Net]
"1"="C:\Users\Coop\AppData\Local\Temp\AVGDownloadManager\packages\41\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C8}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG10\PCTuneup\MicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C8}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG10\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A30}\LocalServer32]
@="C:\PROGRA~2\AVG\AVG2012\PCTuneup\MICROS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}]
"LocalizedString"="@C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll,-200"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}\InprocServer32]
@="C:\PROGRA~2\AVG\AVG2012\PCTuneup\MICROS~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C8}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG10\PCTuneup\MicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C8}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG10\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}\1.0\0\win64]
@="C:\Program Files (x86)\AVG\AVG10\avgppa.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG10\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Windows\system32\Drivers\AVG\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03417262F87C7FE4AAD0D2FBFC7CB9F3]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\scanlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E9A06E17F2CBFC42908A7AD66EF5401]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\corelog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F391EB72F3A0F44798692F96613B5A0]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\tdilog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41ED20A6906033F43860CECF0824F36F]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\privlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\47267D11CB256E640ADFDCA61B72D247]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\cfgexlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5522F383C5285CC459238472161300DA]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\cfglog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\583CA4CF0AC7F8843A84E5D8130C367A]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\ldrlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D70FD512AFFB5C459F4EB79441AB0CA]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\rslog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6692140C420A7034BB32511EEF6A4046]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\avgss.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B73052A1DF4DEC4F82474ABD9C86A1D]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\csllog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\84A020F387925634F9769E7BFE004F20]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\wdlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9238717B266ADD643AD39013EA460A97]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\arklog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1134359B7955984A9B6A1FC0EEB7EBE]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\nslog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4DF15DF1AEF0BC4194959FAC3C8D515]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\chjwlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEA16B55A833DBE4784A89E373C82EF0]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\publog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6240439242E4BC4E8F83A199AC2AEE2]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\vaultlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9416FA855A98BF4792271554BFDAABB]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\lnglog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBBE5F8AE6A8DE247A8A775E67E44B3C]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\avguilog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBD102EF66D93CB4A8C6AA14FD2335B3]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\updlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEA9A6D8B5FDFB34B875367D1065891A]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\schedlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D55441B1479F59740AFBE9FDD2740122]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\srmlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E44FA2B654640724596D61083C5FD4A4]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\wdsvclog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F061708F3225D9D4D906120730B2AC2D]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\idplog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1C570715109D3A4A99BE27ED26855D8]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\avgmail.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2A8FCE0C74359D4093F67EC7D6E1500]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\emclog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F59EFE50136030B4E87919A92806215B]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\lscanlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\06AEBDCF0F97EAF4BB8A552AC606A994\InstallProperties]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\286FF0AF07CC75C439DC2E673F7E35E7\Features]
"BufferChm"=".S0lqB30%AOj!,Z!]ncTgu1}a'%%o9hE)^G_acXpx3!zWPhrq8&[email protected]`TPfRlK]77X%[email protected]+&!bx}Q([email protected]&R=StA6?)pL]VgbS1DI{yG?{?Bz?KvOvgwR^71Tm`57-{,d==LyKNnPe&woAx7]$V{DAr.FOVtqD+4?6m~^[email protected]'-P^VK^**e%+([N=dtG2a%5OvVPr~CF*p!)A`v[Z=?V88`dlrcialYK9(m^PihfvcI4K'yukD}29QsE=)[RC'Es-y[TC)[email protected]+=8++u&f&?A)h(jdoE[=uF5J)Sps6r${)[email protected](A'R$e?vlk4uVYSrBhg[m9h8F)%&4RPi}I-6Fx%AQ?j9B?vA4)F`CMeM(@Ym59b*6b,[email protected]@@TLaps(-*L3RoYe?O(8?&xpmZ6n4'XsOe{Asn~59D)yx$m=3RjYAocKj!-g=yz8q0E=&(S]X5ypsD_g?GMtt`1SuX2K0X-`[email protected]}~9$9=m$P3U7T]d){`8T(Z_^d1%[email protected]~t1RU}Ly{[email protected]=j3rj]jTSt$GmPwq=hT9EgI&*8q*[email protected]$M`qg{PQ$s,C3xF+G?~M^[!~VP0,(T]!-IG(QA0xsfl!&n~Z4rO3Ka21i8WXK48!{[email protected]=?A1~=t_Ong[a6=4(!{be_idi?~zLD%[4{[email protected]`t%^PhLwzuG2JcE=C%0U633!D)sY)Pj-]Y=9{c(_-a2bK5p`E%1V?jPAS~)p%1)Bak^kC[ei,~WAu5(PWmm+qt)LGan5Y0x=eg)5{Gk.yKa0]5,wHah8Iv4hBI{w(,wRO~UmH)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AECBBDF2BD264F546B5EE0F12B1A2FD9\InstallProperties]
"InstallSource"="C:\Users\Coop\AppData\Local\Temp\AVGDownloadManager\packages\41\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AECBBDF2BD264F546B5EE0F12B1A2FD9\InstallProperties]
"Publisher"="AVG Technologies CZ, s.r.o."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A30}\LocalServer32]
@="C:\PROGRA~2\AVG\AVG2012\PCTuneup\MICROS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}]
"LocalizedString"="@C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll,-200"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}\InprocServer32]
@="C:\PROGRA~2\AVG\AVG2012\PCTuneup\MICROS~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C8}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG10\PCTuneup\MicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C8}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG10\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}\1.0\0\win64]
@="C:\Program Files (x86)\AVG\AVG10\avgppa.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\12.0\Registration\{90120000-0016-0000-0000-0000000FF1CE}]
"Current"="TQBJAEMAUgBPAFMATwBGAFQAIABTAE8ARgBUAFcAQQBSAEUAIABMAEkAQwBFAE4AUwBFACAAVABFAFIATQBTAA0ACgAyADAAMAA3ACAATQBJAEMAUgBPAFMATwBGAFQAIABPAEYARgBJAEMARQAgAFMAWQBTAFQARQBNACAARABFAFMASwBUAE8AUAAgAEEAUABQAEwASQBDAEEAVABJAE8ATgAgAFMATwBGAFQAVwBBAFIARQANAAoAQgBlAGwAbwB3ACAAYQByAGUAIAB0AGgAcgBlAGUAIABzAGUAcABhAHIAYQB0AGUAIABzAGUAdABzACAAbwBmACAATABpAGMAZQBuAHMAZQAgAFQAZQByAG0AcwAuAKAAIABPAG4AbAB5ACAAbwBuAGUAIABzAGUAdAAgAGEAcABwAGwAaQBlAHMAIAB0AG8AIAB5AG8AdQAuAKAAIABUAG8AIABkAGUAdABlAHIAbQBpAG4AZQAgAHcAaABpAGMAaAAgAEwAaQBjAGUAbgBzAGUAIABUAGUAcgBtAHMAIABhAHAAcABsAHkAIAB0AG8AIAB5AG8AdQAgAGMAaABlAGMAawAgAHQAaABlACAAbABpAGMAZQBuAHMAZQAgAGQAZQBzAGkAZwBuAGEAdABpAG8AbgAgAHAAcgBpAG4AdABlAGQAIABlAGkAdABoAGUAcgAgAG8AbgAgAHkAbwB1AHIAIABwAHIAbwBkAHUAYwB0ACAAawBlAHkALAAgAG4AZQBhAHIAIAB0AGgAZQAgAHAAcgBvAGQAdQBjAHQAIABuAGEAbQBlACAAbwBuACAAeQBvAHUAcgAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAG8AZgAgAEEAdQB0AGgAZQBuAHQA
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\12.0\Registration\{90120000-0018-0000-0000-0000000FF1CE}]
"Current"="TQBJAEMAUgBPAFMATwBGAFQAIABTAE8ARgBUAFcAQQBSAEUAIABMAEkAQwBFAE4AUwBFACAAVABFAFIATQBTAA0ACgAyADAAMAA3ACAATQBJAEMAUgBPAFMATwBGAFQAIABPAEYARgBJAEMARQAgAFMAWQBTAFQARQBNACAARABFAFMASwBUAE8AUAAgAEEAUABQAEwASQBDAEEAVABJAE8ATgAgAFMATwBGAFQAVwBBAFIARQANAAoAQgBlAGwAbwB3ACAAYQByAGUAIAB0AGgAcgBlAGUAIABzAGUAcABhAHIAYQB0AGUAIABzAGUAdABzACAAbwBmACAATABpAGMAZQBuAHMAZQAgAFQAZQByAG0AcwAuAKAAIABPAG4AbAB5ACAAbwBuAGUAIABzAGUAdAAgAGEAcABwAGwAaQBlAHMAIAB0AG8AIAB5AG8AdQAuAKAAIABUAG8AIABkAGUAdABlAHIAbQBpAG4AZQAgAHcAaABpAGMAaAAgAEwAaQBjAGUAbgBzAGUAIABUAGUAcgBtAHMAIABhAHAAcABsAHkAIAB0AG8AIAB5AG8AdQAgAGMAaABlAGMAawAgAHQAaABlACAAbABpAGMAZQBuAHMAZQAgAGQAZQBzAGkAZwBuAGEAdABpAG8AbgAgAHAAcgBpAG4AdABlAGQAIABlAGkAdABoAGUAcgAgAG8AbgAgAHkAbwB1AHIAIABwAHIAbwBkAHUAYwB0ACAAawBlAHkALAAgAG4AZQBhAHIAIAB0AGgAZQAgAHAAcgBvAGQAdQBjAHQAIABuAGEAbQBlACAAbwBuACAAeQBvAHUAcgAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAG8AZgAgAEEAdQB0AGgAZQBuAHQA
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\12.0\Registration\{90120000-001B-0000-0000-0000000FF1CE}]
"Current"="TQBJAEMAUgBPAFMATwBGAFQAIABTAE8ARgBUAFcAQQBSAEUAIABMAEkAQwBFAE4AUwBFACAAVABFAFIATQBTAA0ACgAyADAAMAA3ACAATQBJAEMAUgBPAFMATwBGAFQAIABPAEYARgBJAEMARQAgAFMAWQBTAFQARQBNACAARABFAFMASwBUAE8AUAAgAEEAUABQAEwASQBDAEEAVABJAE8ATgAgAFMATwBGAFQAVwBBAFIARQANAAoAQgBlAGwAbwB3ACAAYQByAGUAIAB0AGgAcgBlAGUAIABzAGUAcABhAHIAYQB0AGUAIABzAGUAdABzACAAbwBmACAATABpAGMAZQBuAHMAZQAgAFQAZQByAG0AcwAuAKAAIABPAG4AbAB5ACAAbwBuAGUAIABzAGUAdAAgAGEAcABwAGwAaQBlAHMAIAB0AG8AIAB5AG8AdQAuAKAAIABUAG8AIABkAGUAdABlAHIAbQBpAG4AZQAgAHcAaABpAGMAaAAgAEwAaQBjAGUAbgBzAGUAIABUAGUAcgBtAHMAIABhAHAAcABsAHkAIAB0AG8AIAB5AG8AdQAgAGMAaABlAGMAawAgAHQAaABlACAAbABpAGMAZQBuAHMAZQAgAGQAZQBzAGkAZwBuAGEAdABpAG8AbgAgAHAAcgBpAG4AdABlAGQAIABlAGkAdABoAGUAcgAgAG8AbgAgAHkAbwB1AHIAIABwAHIAbwBkAHUAYwB0ACAAawBlAHkALAAgAG4AZQBhAHIAIAB0AGgAZQAgAHAAcgBvAGQAdQBjAHQAIABuAGEAbQBlACAAbwBuACAAeQBvAHUAcgAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAG8AZgAgAEEAdQB0AGgAZQBuAHQA
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}]
"InstallSource"="C:\Users\Coop\AppData\Local\Temp\AVGDownloadManager\packages\41\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}]
"Publisher"="AVG Technologies CZ, s.r.o."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSEH]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSEH\0000]
"Service"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSEH\0000]
"DeviceDesc"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSFILTER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"Service"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"DeviceDesc"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHA\0000]
"Service"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHA\0000]
"DeviceDesc"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64\0000]
"Service"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA\0000]
"Service"="AvgTdiA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG8 Network Redirector"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F49619DC-03A8-4CB3-A6DD-132498A315EB}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EAFCA4A2-86F9-4BC3-AF95-C869AC302148}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSEH]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSEH\0000]
"Service"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSEH\0000]
"DeviceDesc"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSFILTER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"Service"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"DeviceDesc"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSHA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSHA\0000]
"Service"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSHA\0000]
"DeviceDesc"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64\0000]
"Service"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA\0000]
"Service"="AvgTdiA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG8 Network Redirector"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F49619DC-03A8-4CB3-A6DD-132498A315EB}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EAFCA4A2-86F9-4BC3-AF95-C869AC302148}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH\0000]
"Service"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH\0000]
"DeviceDesc"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSFILTER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"Service"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"DeviceDesc"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA\0000]
"Service"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA\0000]
"DeviceDesc"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64\0000]
"Service"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA\0000]
"Service"="AvgTdiA"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG8 Network Redirector"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F49619DC-03A8-4CB3-A6DD-132498A315EB}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EAFCA4A2-86F9-4BC3-AF95-C869AC302148}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|Edge=FALSE|"
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayRSAlert]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinished]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanStarted]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayWSAlert]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Avg]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Avg\Avg9]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Avg]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Avg\Avg2012]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-19\AppEvents\EventLabels\avgtrayRSAlert]
[HKEY_USERS\S-1-5-19\AppEvents\EventLabels\avgtrayScanFinished]
[HKEY_USERS\S-1-5-19\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[HKEY_USERS\S-1-5-19\AppEvents\EventLabels\avgtrayScanStarted]
[HKEY_USERS\S-1-5-19\AppEvents\EventLabels\avgtrayWSAlert]
[HKEY_USERS\S-1-5-19\Software\AppDataLow\Avg]
[HKEY_USERS\S-1-5-19\Software\AppDataLow\Avg\Avg9]
[HKEY_USERS\S-1-5-20\AppEvents\EventLabels\avgtrayRSAlert]
[HKEY_USERS\S-1-5-20\AppEvents\EventLabels\avgtrayScanFinished]
[HKEY_USERS\S-1-5-20\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[HKEY_USERS\S-1-5-20\AppEvents\EventLabels\avgtrayScanStarted]
[HKEY_USERS\S-1-5-20\AppEvents\EventLabels\avgtrayWSAlert]
[HKEY_USERS\S-1-5-20\Software\AppDataLow\Avg]
[HKEY_USERS\S-1-5-20\Software\AppDataLow\Avg\Avg9]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\AppEvents\EventLabels\avgtrayRSAlert]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\AppEvents\EventLabels\avgtrayScanFinished]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\AppEvents\EventLabels\avgtrayScanStarted]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\AppEvents\EventLabels\avgtrayWSAlert]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\AppDataLow\Software\Avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\AppDataLow\Software\Avg\Avg2012]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG10\avgtray.exe"="06/12/2011 2:55 PM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG10\IDENTITY PROTECTION\Agent\Bin\AVGIDSMONITOR.EXE"="06/12/2011 2:55 PM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG10\avgui.exe"="06/22/2011 5:16 PM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\ActiveTasks]
"C:\Program Files (x86)\AVG\AVG10\PCTuneup\MicroScanner.exe"="07/30/2011 1:17 PM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG2012\avgtray.exe"="10/03/2011 7:28 PM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG2012\avgui.exe"="11/06/2011 11:31 AM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files (x86)\AVG\AVG10\avgssie.dll"="06/12/2011 2:55 PM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\Services]
"C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe"="06/12/2011 2:55 PM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\Services]
"C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe"="06/12/2011 2:55 PM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\WinPatrol\IEHelpers]
"AVG Internet Security"="900"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\WinPatrol\Services]
"AVGIDSAgent"="700"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\WinPatrol\Services]
"AVG WatchDog"="700"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG8Uninstall]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG9Uninstall]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\WinRAR\VirusScan]
"DefScanner"="AVG Anti-Virus"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe"="AVG Installer Application"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Coop\Downloads\avg_remover_stf_x64_2012_2125.exe"="AVG Remover Utility"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Applications\avgtray.exe]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Applications\avgtray.exe]
"TaskbarGroupIcon"="C:\Program Files (x86)\AVG\AVG2012\avguires.dll,-128"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Applications\avgui.exe]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Applications\avgui.exe]
"TaskbarGroupIcon"="C:\Program Files (x86)\AVG\AVG2012\avguires.dll,-128"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe"="AVG Installer Application"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Coop\Downloads\avg_remover_stf_x64_2012_2125.exe"="AVG Remover Utility"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe"="AVG Installer Application"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Coop\Downloads\avg_remover_stf_x64_2012_2125.exe"="AVG Remover Utility"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Applications\avgtray.exe]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Applications\avgtray.exe]
"TaskbarGroupIcon"="C:\Program Files (x86)\AVG\AVG2012\avguires.dll,-128"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Applications\avgui.exe]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Applications\avgui.exe]
"TaskbarGroupIcon"="C:\Program Files (x86)\AVG\AVG2012\avguires.dll,-128"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe"="AVG Installer Application"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Coop\Downloads\avg_remover_stf_x64_2012_2125.exe"="AVG Remover Utility"
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avgtrayRSAlert]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avgtrayScanFinished]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avgtrayScanStarted]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avgtrayWSAlert]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Avg]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Avg\Avg9]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Avg]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Avg\Avg2012]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Some removal tool. 

I'll go through all that tomorrow with fresh eyes.


----------



## rcoops72 (Jun 11, 2011)

I know right...insane how bad it is. They must have a bad QA team lol

Thanks for getting me up and running tonight for the work I need to do.

Talk to you tomorrow.


----------



## Cookiegal (Aug 27, 2003)

You're welcome and thanks for being so understanding about it.


----------



## Cookiegal (Aug 27, 2003)

I heard it may be more effective to run the AVG removal tool in safe mode. Can you do that and then reboot and run System Look again with the same script to see what remains please? Hopefully it will have eliminated more of what was left behind.


----------



## rcoops72 (Jun 11, 2011)

Ran the 64 Bit removal tool in SAFE MODE.

SystemLook 30.07.11 by jpshortstuff
Log created at 13:05 on 25/08/2012 by Coop
Administrator - Elevation successful

========== filefind ==========

Searching for "*avg*"
C:\Program Files (x86)\Spybot - Search & Destroy\LCULIYVTSDZELAVGM.scr	--a---- 5365592 bytes	[16:48 26/04/2009]	[20:31 26/01/2009] 0477C2F9171599CA5BC3307FDFBA8D89
C:\ProgramData\avg9\Log\avgcfg.log.lock	--a---- 0 bytes	[00:12 11/11/2009]	[00:12 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgcfgex.log.lock	--a---- 0 bytes	[06:46 28/11/2009]	[06:46 28/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgchjw.log.1	--a---- 1024200 bytes	[00:15 11/11/2009]	[17:39 26/11/2010] 8B8A1BC559C505B0E807AEE48EF76ABD
C:\ProgramData\avg9\Log\avgchjw.log.10	--a---- 1024092 bytes	[00:15 11/11/2009]	[22:50 26/10/2010] B596AC22FE1E0EFEA60971087312171C
C:\ProgramData\avg9\Log\avgchjw.log.2	--a---- 1024170 bytes	[00:15 11/11/2009]	[03:36 24/11/2010] 79121A0110A31A9CA7E53C25866DA09F
C:\ProgramData\avg9\Log\avgchjw.log.3	--a---- 1024510 bytes	[00:15 11/11/2009]	[14:57 20/11/2010] 29B7A8B41884CF2CB92E88A8EB612048
C:\ProgramData\avg9\Log\avgchjw.log.4	--a---- 1024394 bytes	[00:15 11/11/2009]	[05:19 16/11/2010] 3A38B218F269B900B451F02603D07C92
C:\ProgramData\avg9\Log\avgchjw.log.5	--a---- 1024022 bytes	[00:15 11/11/2009]	[01:54 13/11/2010] 714E0D2DD0CB4E5FB95DF3A3768BBD0F
C:\ProgramData\avg9\Log\avgchjw.log.6	--a---- 1024256 bytes	[00:15 11/11/2009]	[03:26 08/11/2010] B340CBAE1845434C5ACFB81FC6707309
C:\ProgramData\avg9\Log\avgchjw.log.7	--a---- 1024026 bytes	[00:15 11/11/2009]	[06:11 06/11/2010] DA0671B1AF56715B38DD3BEF7E26E257
C:\ProgramData\avg9\Log\avgchjw.log.8	--a---- 1024186 bytes	[00:15 11/11/2009]	[23:50 01/11/2010] EBC147A7946644E8593B591817DAACC4
C:\ProgramData\avg9\Log\avgchjw.log.9	--a---- 1024082 bytes	[00:15 11/11/2009]	[13:05 30/10/2010] 25B1565A6B99E5008EFB71C5B67E6826
C:\ProgramData\avg9\Log\avgchjw.log.lock	--a---- 0 bytes	[00:15 11/11/2009]	[00:15 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgchjwsrv.log.1	--a---- 1024434 bytes	[00:15 11/11/2009]	[15:05 14/11/2010] 1C1407917819CE0C9A7D4E966105E081
C:\ProgramData\avg9\Log\avgchjwsrv.log.2	--a---- 1024120 bytes	[00:15 11/11/2009]	[11:52 06/10/2010] 6576C6872ADADCDDEE7C72424FE25050
C:\ProgramData\avg9\Log\avgchjwsrv.log.3	--a---- 1024006 bytes	[00:15 11/11/2009]	[15:46 10/09/2010] AE269ACDF67BFE1F799AA6AC1AC9202F
C:\ProgramData\avg9\Log\avgchjwsrv.log.4	--a---- 1024064 bytes	[00:15 11/11/2009]	[16:03 16/08/2010] C1F5D3B33E87AF4A525C8914AF51531A
C:\ProgramData\avg9\Log\avgchjwsrv.log.5	--a---- 1024200 bytes	[00:15 11/11/2009]	[13:24 21/07/2010] B548249E65D3CF55C68B4A25ACEFE9E7
C:\ProgramData\avg9\Log\avgchjwsrv.log.6	--a---- 1024274 bytes	[00:15 11/11/2009]	[13:26 07/06/2010] D59E64D0B0353344935C4C7CF1C44381
C:\ProgramData\avg9\Log\avgchjwsrv.log.7	--a---- 1024086 bytes	[00:15 11/11/2009]	[22:44 07/05/2010] 8E579AC59D657C8D17393D62725B37CF
C:\ProgramData\avg9\Log\avgchjwsrv.log.8	--a---- 1024006 bytes	[00:15 11/11/2009]	[16:32 13/04/2010] 2C6AC64AD65E5E0F1BADFA52C174C2CC
C:\ProgramData\avg9\Log\avgchjwsrv.log.9	--a---- 1024152 bytes	[00:15 11/11/2009]	[04:00 21/12/2009] 4792B69CED759649E69A74F9809706FF
C:\ProgramData\avg9\Log\avgchjwsrv.log.lock	--a---- 0 bytes	[00:15 11/11/2009]	[00:15 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgcore.log.1	--a---- 1024352 bytes	[00:12 11/11/2009]	[00:16 23/11/2010] D5F62BFB424C133C76D6578584DA7643
C:\ProgramData\avg9\Log\avgcore.log.10	--a---- 1025014 bytes	[00:12 11/11/2009]	[15:45 01/08/2010] 68F62176DA90BCFECA1014BA8171A86C
C:\ProgramData\avg9\Log\avgcore.log.2	--a---- 1024204 bytes	[00:12 11/11/2009]	[17:36 06/11/2010] 239712AACE1C55F80AB86A38B7362464
C:\ProgramData\avg9\Log\avgcore.log.3	--a---- 1024232 bytes	[00:12 11/11/2009]	[00:16 29/10/2010] 5D730FA7D9608E5E89182DA7F247F938
C:\ProgramData\avg9\Log\avgcore.log.4	--a---- 1024150 bytes	[00:12 11/11/2009]	[16:39 09/10/2010] F0FCF711AA57E72335E1DD07B086ECE4
C:\ProgramData\avg9\Log\avgcore.log.5	--a---- 1024042 bytes	[00:12 11/11/2009]	[02:15 30/09/2010] F1455053CBC009D64F0254B5B3C2EC34
C:\ProgramData\avg9\Log\avgcore.log.6	--a---- 1024098 bytes	[00:12 11/11/2009]	[14:36 15/09/2010] 71FB4F13B486253B50D427B64CE485B9
C:\ProgramData\avg9\Log\avgcore.log.7	--a---- 1024314 bytes	[00:12 11/11/2009]	[21:31 01/09/2010] 84B1782FA3F932E48689BAD27E999EA9
C:\ProgramData\avg9\Log\avgcore.log.8	--a---- 1024214 bytes	[00:12 11/11/2009]	[03:36 25/08/2010] 54F67893075EFB1C82CAE44BB30FA95A
C:\ProgramData\avg9\Log\avgcore.log.9	--a---- 1024236 bytes	[00:12 11/11/2009]	[15:25 10/08/2010] 838EE111F1AC30D233D8F29DD419A509
C:\ProgramData\avg9\Log\avgcore.log.lock	--a---- 0 bytes	[00:12 11/11/2009]	[00:12 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgfrw.log.lock	--a---- 0 bytes	[00:12 11/11/2009]	[00:12 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgldr.log.lock	--a---- 0 bytes	[00:15 11/11/2009]	[00:15 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avglng.log.1	--a---- 1024098 bytes	[12:47 19/04/2010]	[03:19 26/06/2010] 7C18562D5E89C871A96C55DF635BA8D2
C:\ProgramData\avg9\Log\avglng.log.lock	--a---- 0 bytes	[00:12 11/11/2009]	[00:12 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgrs.log.1	--a---- 1024270 bytes	[00:15 11/11/2009]	[23:40 24/11/2010] 8C21EF298266D14C783EC96D4628D2C9
C:\ProgramData\avg9\Log\avgrs.log.10	--a---- 1024038 bytes	[00:15 11/11/2009]	[12:13 11/10/2010] 30170651B821A6C17A215F5BC8FA314A
C:\ProgramData\avg9\Log\avgrs.log.2	--a---- 1024062 bytes	[00:15 11/11/2009]	[15:57 19/11/2010] BAC2CB8CF936D5B0A3F6A8BA70FAE0BF
C:\ProgramData\avg9\Log\avgrs.log.3	--a---- 1024024 bytes	[00:15 11/11/2009]	[04:50 14/11/2010] B039B2241A0E1C9EB81974A22F74EC16
C:\ProgramData\avg9\Log\avgrs.log.4	--a---- 1024104 bytes	[00:15 11/11/2009]	[03:13 10/11/2010] BBEC90012888D1845D81A8070B5F5E12
C:\ProgramData\avg9\Log\avgrs.log.5	--a---- 1024262 bytes	[00:15 11/11/2009]	[23:00 05/11/2010] 4E6EEC52D359FFCDE45B1ABEDDC072B1
C:\ProgramData\avg9\Log\avgrs.log.6	--a---- 1024180 bytes	[00:15 11/11/2009]	[23:25 29/10/2010] 7B75388AC8656DB17187952834DE4F42
C:\ProgramData\avg9\Log\avgrs.log.7	--a---- 1024522 bytes	[00:15 11/11/2009]	[10:26 23/10/2010] EA0EB689C431A16B7252B3D3DA8BCD06
C:\ProgramData\avg9\Log\avgrs.log.8	--a---- 1024102 bytes	[00:15 11/11/2009]	[15:08 17/10/2010] DA460D6DBF4E18E07A47ED3CE35D5B0B
C:\ProgramData\avg9\Log\avgrs.log.9	--a---- 1024144 bytes	[00:15 11/11/2009]	[22:39 14/10/2010] 4D5C13C9B66DAE1C33D64E1C624C8820
C:\ProgramData\avg9\Log\avgrs.log.lock	--a---- 0 bytes	[00:15 11/11/2009]	[00:15 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgscan.log.lock	--a---- 0 bytes	[14:23 29/11/2009]	[14:23 29/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgsched.log.1	--a---- 1024382 bytes	[00:15 11/11/2009]	[17:48 27/11/2010] A1855A3DD08DE44C4D1FC3BD10D7F10E
C:\ProgramData\avg9\Log\avgsched.log.10	--a---- 1024156 bytes	[00:15 11/11/2009]	[00:46 06/09/2010] F34AA087D0433A17686E3AA3C6969A5B
C:\ProgramData\avg9\Log\avgsched.log.2	--a---- 1024038 bytes	[00:15 11/11/2009]	[19:47 19/11/2010] 3980747CFED08AC4595D337EDDA0C66C
C:\ProgramData\avg9\Log\avgsched.log.3	--a---- 1024008 bytes	[00:15 11/11/2009]	[23:36 09/11/2010] 72CEEF2D8EC213FB6850BB3C30588ECD
C:\ProgramData\avg9\Log\avgsched.log.4	--a---- 1024134 bytes	[00:15 11/11/2009]	[13:33 31/10/2010] 8716599795FBE27E53F09E37BC4BC0F9
C:\ProgramData\avg9\Log\avgsched.log.5	--a---- 1024132 bytes	[00:15 11/11/2009]	[23:11 19/10/2010] C690D8C5E6092CDC5D62742087FE279F
C:\ProgramData\avg9\Log\avgsched.log.6	--a---- 1024262 bytes	[00:15 11/11/2009]	[20:03 10/10/2010] F17A6BF6F02753E1083E0D9FF4246048
C:\ProgramData\avg9\Log\avgsched.log.7	--a---- 1024254 bytes	[00:15 11/11/2009]	[22:36 27/09/2010] 9785586DB76C30B5E83553EFA247882A
C:\ProgramData\avg9\Log\avgsched.log.8	--a---- 1024060 bytes	[00:15 11/11/2009]	[16:35 18/09/2010] C3A0AFAAECE40908F0CFD1CFF93C29C7
C:\ProgramData\avg9\Log\avgsched.log.9	--a---- 1024126 bytes	[00:15 11/11/2009]	[13:07 12/09/2010] 45D9A7F19ADD2391064D96328C2FB8EE
C:\ProgramData\avg9\Log\avgsched.log.lock	--a---- 0 bytes	[00:15 11/11/2009]	[00:15 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgsrm.log.lock	--a---- 0 bytes	[00:16 11/11/2009]	[00:16 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgtdi.log.lock	--a---- 0 bytes	[00:15 11/11/2009]	[00:15 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgui.log.1	--a---- 1024064 bytes	[00:16 11/11/2009]	[03:42 23/11/2010] 78849AEF3C1F56B7D69F08E53C9C60E4
C:\ProgramData\avg9\Log\avgui.log.2	--a---- 1024046 bytes	[00:16 11/11/2009]	[11:49 08/08/2010] 687D9645592D5FBC20F28275C028F3FD
C:\ProgramData\avg9\Log\avgui.log.3	--a---- 1024316 bytes	[00:16 11/11/2009]	[12:49 02/06/2010] 67A2A017FF973DCEBE255F1F5536F730
C:\ProgramData\avg9\Log\avgui.log.4	--a---- 1024526 bytes	[00:16 11/11/2009]	[05:05 28/11/2009] D420A4D9A7CDF3AECD08CBD433508CE1
C:\ProgramData\avg9\Log\avgui.log.lock	--a---- 0 bytes	[00:16 11/11/2009]	[00:16 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgupd.log.lock	--a---- 0 bytes	[00:17 11/11/2009]	[00:17 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgwd.log.1	--a---- 1024278 bytes	[00:15 11/11/2009]	[23:38 18/11/2010] 4D4C73FA0CADDB7E68F0C05E03C0821A
C:\ProgramData\avg9\Log\avgwd.log.10	--a---- 1024066 bytes	[00:15 11/11/2009]	[19:30 18/08/2010] 13297A534A80025AFD0E0CAE5150D90B
C:\ProgramData\avg9\Log\avgwd.log.2	--a---- 1024110 bytes	[00:15 11/11/2009]	[07:05 06/11/2010] EC939B7CD975878E74ED5E9BBD216357
C:\ProgramData\avg9\Log\avgwd.log.3	--a---- 1024160 bytes	[00:15 11/11/2009]	[13:19 22/10/2010] 30872987E9AD87D2A34D75F5BE57488F
C:\ProgramData\avg9\Log\avgwd.log.4	--a---- 1024274 bytes	[00:15 11/11/2009]	[12:13 11/10/2010] DD6FCFA5B70A45D29F86222D0F5D4545
C:\ProgramData\avg9\Log\avgwd.log.5	--a---- 1024148 bytes	[00:15 11/11/2009]	[03:26 29/09/2010] 237C7C7307FF2720894BC2E149EDA90A
C:\ProgramData\avg9\Log\avgwd.log.6	--a---- 1024062 bytes	[00:15 11/11/2009]	[07:45 19/09/2010] 351F3E8C1F51E20ACB4758EF9351F018
C:\ProgramData\avg9\Log\avgwd.log.7	--a---- 1024284 bytes	[00:15 11/11/2009]	[02:27 13/09/2010] 61714C33F44483D36FBEC4A582647B5F
C:\ProgramData\avg9\Log\avgwd.log.8	--a---- 1024204 bytes	[00:15 11/11/2009]	[00:46 06/09/2010] 2A7E756CF5E4EC30C99CE849957F4C52
C:\ProgramData\avg9\Log\avgwd.log.9	--a---- 1024052 bytes	[00:15 11/11/2009]	[12:04 26/08/2010] 4D2B2AF8F7659494A1637AEB528E19C7
C:\ProgramData\avg9\Log\avgwd.log.lock	--a---- 0 bytes	[00:15 11/11/2009]	[00:15 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\avg9\Log\avgwdsvc.log.lock	--a---- 0 bytes	[00:15 11/11/2009]	[00:15 11/11/2009] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\MFAData\SelfUpd\avg.snu	--a---- 150 bytes	[23:18 03/10/2011]	[19:17 06/05/2011] B8FB047A5AF76A55F50D018E8263AD47
C:\ProgramData\MFAData\SelfUpd\avgabout.dll	--a---- 1227616 bytes	[23:18 03/10/2011]	[09:39 13/04/2011] 4AAAF56222E0ACC070DDBA038998D6C8
C:\ProgramData\MFAData\SelfUpd\avgamnot.dll	--a---- 476000 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] DE81240BD5476BB8AA2261349AB32FF8
C:\ProgramData\MFAData\SelfUpd\avgapia.dll	--a---- 7962976 bytes	[23:18 03/10/2011]	[05:33 18/08/2011] EA3BBE6503E33E9046046C77A7B0964C
C:\ProgramData\MFAData\SelfUpd\avgapix.dll	--a---- 4193632 bytes	[23:18 03/10/2011]	[05:33 18/08/2011] FD5AB675C3C308AE767032502B6BF881
C:\ProgramData\MFAData\SelfUpd\avgar_us.chm	--a---- 35871 bytes	[23:18 03/10/2011]	[22:49 13/05/2011] 72D8535164BAF188D07ADC06AA8D4DC8
C:\ProgramData\MFAData\SelfUpd\avgatend.stp	--a---- 32 bytes	[23:18 03/10/2011]	[23:18 03/10/2011] 34C50B69C2B299929457A85A8E030F38
C:\ProgramData\MFAData\SelfUpd\avgatupd.stp	--a---- 32 bytes	[23:18 03/10/2011]	[23:18 03/10/2011] 34C50B69C2B299929457A85A8E030F38
C:\ProgramData\MFAData\SelfUpd\avgcclia.dll	--a---- 683360 bytes	[23:18 03/10/2011]	[07:00 28/03/2011] 2E6F4C1F13031C7B2AC1F3A75DB59A96
C:\ProgramData\MFAData\SelfUpd\avgcclix.dll	--a---- 450912 bytes	[23:18 03/10/2011]	[07:00 28/03/2011] E175A3A80D3626A3EB01A378D758DF8C
C:\ProgramData\MFAData\SelfUpd\avgcerta.dll	--a---- 1139040 bytes	[23:18 03/10/2011]	[09:32 08/02/2011] E842BEEE8B100CE128C1EC70B462E078
C:\ProgramData\MFAData\SelfUpd\avgcertx.dll	--a---- 867168 bytes	[23:18 03/10/2011]	[09:32 08/02/2011] 1E9839FD8F51E4836A219ABCBDCBEA6B
C:\ProgramData\MFAData\SelfUpd\avgcfga.dll	--a---- 1997152 bytes	[23:18 03/10/2011]	[18:03 22/08/2011] FE2F942ED460F8C8E8B8F84A0CF82FD6
C:\ProgramData\MFAData\SelfUpd\avgcfgex.exe	--a---- 580960 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 525C1BB5EB4F216714DF6348E68B8822
C:\ProgramData\MFAData\SelfUpd\avgcfgx.dll	--a---- 1128800 bytes	[23:18 03/10/2011]	[18:03 22/08/2011] F564B7BE14C719D12C53B902B840CF2A
C:\ProgramData\MFAData\SelfUpd\avgchcla.dll	--a---- 354144 bytes	[23:18 03/10/2011]	[09:32 08/02/2011] 33BAC6BB9AE471B8F1CB54337BE6D03D
C:\ProgramData\MFAData\SelfUpd\avgchclx.dll	--a---- 246112 bytes	[23:18 03/10/2011]	[09:32 08/02/2011] DB359D68D8B5D7E1C0A1961916BBA905
C:\ProgramData\MFAData\SelfUpd\avgchjwa.dll	--a---- 763232 bytes	[23:18 03/10/2011]	[23:07 27/05/2011] BB63418C7269D1327ED2B95D13F76B4C
C:\ProgramData\MFAData\SelfUpd\avgchsva.exe	--a---- 1147232 bytes	[23:18 03/10/2011]	[18:13 23/05/2011] B737DB264CB1B5FFA2A886E3B940434A
C:\ProgramData\MFAData\SelfUpd\avgclita.dll	--a---- 467808 bytes	[23:18 03/10/2011]	[05:32 18/08/2011] 98A243951E968F19B27CD6CDB7EAA436
C:\ProgramData\MFAData\SelfUpd\avgclitx.dll	--a---- 334688 bytes	[23:18 03/10/2011]	[05:32 18/08/2011] F71ECAB18972467500609A8FA4E98F33
C:\ProgramData\MFAData\SelfUpd\avgcmgr.exe	--a---- 1559392 bytes	[23:18 03/10/2011]	[09:56 20/04/2011] CAE3131129F253979E879C84D72D57A0
C:\ProgramData\MFAData\SelfUpd\avgcorea.dll	--a---- 6833504 bytes	[23:18 03/10/2011]	[14:49 04/08/2011] 4D2E9212286A186D02A53E1C663F73F5
C:\ProgramData\MFAData\SelfUpd\avgcorex.dll	--a---- 4992352 bytes	[23:18 03/10/2011]	[14:49 04/08/2011] 9DF80626266AABD12D03744ED6BF8361
C:\ProgramData\MFAData\SelfUpd\avgcrema.exe	--a---- 4191584 bytes	[23:18 03/10/2011]	[14:49 04/08/2011] F4D19B0666EC9E951BA195B4A6B77400
C:\ProgramData\MFAData\SelfUpd\avgcsla.dll	--a---- 2750792 bytes	[23:18 03/10/2011]	[00:10 10/05/2011] 56CE2720D770B285B2DCA2CAC31646D6
C:\ProgramData\MFAData\SelfUpd\avgcslx.dll	--a---- 1854280 bytes	[23:18 03/10/2011]	[00:09 10/05/2011] B01E5E3CFB0CE27CBEF9011EB09A0A71
C:\ProgramData\MFAData\SelfUpd\avgcsrva.exe	--a---- 519008 bytes	[23:18 03/10/2011]	[07:00 28/03/2011] 2CDA4753B39225BA3F71A0F915280ACB
C:\ProgramData\MFAData\SelfUpd\avgcsrvx.exe	--a---- 351072 bytes	[23:18 03/10/2011]	[07:00 28/03/2011] 2FE694541C5D0D2A874CCC222BBFC7D0
C:\ProgramData\MFAData\SelfUpd\avgdg_us.chm	--a---- 33696 bytes	[23:18 03/10/2011]	[22:49 13/05/2011] AC89AEEF6438CAA9228B416CFB1BFA9D
C:\ProgramData\MFAData\SelfUpd\avgdiagex.exe	--a---- 3833696 bytes	[23:18 03/10/2011]	[05:33 18/08/2011] 71C940B4D31A803CF42D2C384BF72711
C:\ProgramData\MFAData\SelfUpd\avgdumpa.exe	--a---- 416608 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] B148FBC8DE10EEE067547291003B06A3
C:\ProgramData\MFAData\SelfUpd\avgdumpx.exe	--a---- 278880 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 7425F9710FA02197E4C616293D5FBE83
C:\ProgramData\MFAData\SelfUpd\avgemca.exe	--a---- 1687904 bytes	[23:18 03/10/2011]	[20:05 16/03/2011] 0FFF051E4327DF1508CBF9EE098DEAB6
C:\ProgramData\MFAData\SelfUpd\avgfree_us.mht	--a---- 33415 bytes	[23:18 03/10/2011]	[20:28 09/02/2011] 74B3413588725D11329736614F2B8002
C:\ProgramData\MFAData\SelfUpd\avgf_us.chm	--a---- 336574 bytes	[23:18 03/10/2011]	[22:49 13/05/2011] 90F897D16E9641AE534308C8C67B7069
C:\ProgramData\MFAData\SelfUpd\avgidpsdkx.dll	--a---- 2547040 bytes	[23:18 03/10/2011]	[11:55 10/02/2011] 8F2E5F841DF279C41FA011E8F2E945BC
C:\ProgramData\MFAData\SelfUpd\avgidp_us.chm	--a---- 42609 bytes	[23:18 03/10/2011]	[22:49 13/05/2011] D1F2BCB64D624D74CCE74C4356B10CBE
C:\ProgramData\MFAData\SelfUpd\avglnga.dll	--a---- 374112 bytes	[23:18 03/10/2011]	[21:39 18/04/2011] 1353B18A8755C1B736FC11BA6B6C7D37
C:\ProgramData\MFAData\SelfUpd\avglngx.dll	--a---- 246624 bytes	[23:18 03/10/2011]	[21:39 18/04/2011] 199F9ADDB1C1E633169B9F6CB40D7724
C:\ProgramData\MFAData\SelfUpd\avgloga.dll	--a---- 1178464 bytes	[23:18 03/10/2011]	[09:52 21/02/2011] 865A55BC96244466A0A094AEB5D3D0E9
C:\ProgramData\MFAData\SelfUpd\avglogx.dll	--a---- 796512 bytes	[23:18 03/10/2011]	[09:52 21/02/2011] 3FA61EF87E49FFACE4ED58C4F1A98EB1
C:\ProgramData\MFAData\SelfUpd\avglscanx.exe	--a---- 218464 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] DE1C35CB89C0B800DE6ED82C438039CB
C:\ProgramData\MFAData\SelfUpd\avgls_us.chm	--a---- 90010 bytes	[23:18 03/10/2011]	[22:49 13/05/2011] 90953BE9027779AFCC7CEA00EEE4A5BA
C:\ProgramData\MFAData\SelfUpd\avgmfapx.exe	--a---- 5587808 bytes	[23:18 03/10/2011]	[23:18 03/10/2011] D90D7337C35636EA0E737CBD7410FC33
C:\ProgramData\MFAData\SelfUpd\avgmfarx.dll	--a---- 1757024 bytes	[23:18 03/10/2011]	[23:18 03/10/2011] 7147662E245DBE82EAB807C22EA34D25
C:\ProgramData\MFAData\SelfUpd\avgmtrapx.dll	--a---- 1045344 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] EFC07F5DD54A4659369534FF4A60DC88
C:\ProgramData\MFAData\SelfUpd\avgmvfla.dll	--a---- 220512 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] A2D996E9AD50408F3A6B38FFACDB2E0B
C:\ProgramData\MFAData\SelfUpd\avgmvflx.dll	--a---- 154464 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 350CB5AAB7EC0F562D8A90AEDD70BFE5
C:\ProgramData\MFAData\SelfUpd\avgmwdef_us.mht	--a---- 30255 bytes	[23:18 03/10/2011]	[02:27 26/08/2010] 62D68860E68478AD7A61B02247A4BCB0
C:\ProgramData\MFAData\SelfUpd\avgnsa.exe	--a---- 1817440 bytes	[23:18 03/10/2011]	[07:10 09/09/2011] 7A7A90C3FF65DD7E970229BF98A27D41
C:\ProgramData\MFAData\SelfUpd\avgntdumpa.exe	--a---- 416608 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 070F42E4B95F4FBA6FC2D09E62288BDF
C:\ProgramData\MFAData\SelfUpd\avgntdumpx.exe	--a---- 598368 bytes	[23:18 03/10/2011]	[23:18 03/10/2011] 5A052593834E79C345C7B276BFB874E8
C:\ProgramData\MFAData\SelfUpd\avgpostinstx.dll	--a---- 748896 bytes	[23:18 03/10/2011]	[05:27 30/08/2011] 8B8732E15BCB1891A6DE1C9A0A7E6634
C:\ProgramData\MFAData\SelfUpd\avgpp.dll	--a---- 183136 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 380DA1A62D2E15CE912311F161EDC4AC
C:\ProgramData\MFAData\SelfUpd\avgppa.dll	--a---- 272224 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 473AD9A1C4F32B74FF9C16A8C9B534A8
C:\ProgramData\MFAData\SelfUpd\avgresf.dll	--a---- 661344 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 4188691D4DC6FBDB8A0A1D6F2888CFD5
C:\ProgramData\MFAData\SelfUpd\avgrkta.dll	--a---- 813920 bytes	[23:18 03/10/2011]	[23:07 27/05/2011] 0D4434DB6B96BAB8F2E8523794AFACBB
C:\ProgramData\MFAData\SelfUpd\avgrsa.exe	--a---- 1165664 bytes	[23:18 03/10/2011]	[05:33 18/08/2011] 8948D4B24E6415896960776B28E7BFFD
C:\ProgramData\MFAData\SelfUpd\avgsals_us.mht	--a---- 42165 bytes	[23:18 03/10/2011]	[02:26 26/08/2010] D7F6091448220024BD1294C7655072E1
C:\ProgramData\MFAData\SelfUpd\avgsbfree_us.mht	--a---- 16566 bytes	[23:18 03/10/2011]	[23:04 29/10/2009] A08274E9F97507796BB03D3589895C54
C:\ProgramData\MFAData\SelfUpd\avgsbga.dll	--a---- 1189728 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 380DBE46A9EAC66EC24655A91D683C6A
C:\ProgramData\MFAData\SelfUpd\avgscana.dll	--a---- 310112 bytes	[23:18 03/10/2011]	[00:29 16/04/2011] 691B8022A58F249326CF830582119B30
C:\ProgramData\MFAData\SelfUpd\avgscana.exe	--a---- 1847136 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 61B1E704D5DC756010CECB8D036FA53A
C:\ProgramData\MFAData\SelfUpd\avgscanx.dll	--a---- 219488 bytes	[23:18 03/10/2011]	[00:29 16/04/2011] DA2A930CA4A75D1C2BA245F19129C8F3
C:\ProgramData\MFAData\SelfUpd\avgscanx.exe	--a---- 1088864 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 1633EAB3C7CB7301A4734191DE18DB79
C:\ProgramData\MFAData\SelfUpd\avgsched.dll	--a---- 609632 bytes	[23:18 03/10/2011]	[23:07 27/05/2011] 96EC140D8EC76556A3651987B7102F92
C:\ProgramData\MFAData\SelfUpd\avgse.dll	--a---- 207200 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 6FBFA21869A09EDE8F3A2427BAEBCBDB
C:\ProgramData\MFAData\SelfUpd\avgsea.dll	--a---- 281440 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 3FD582772C1DF4B00E219BA2CB64B622
C:\ProgramData\MFAData\SelfUpd\avgsrma.dll	--a---- 1132384 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 08BAA1EB21C86D20DAC2BDD17A6BC5D8
C:\ProgramData\MFAData\SelfUpd\avgsrmaa.exe	--a---- 1939296 bytes	[23:18 03/10/2011]	[09:35 09/02/2011] 54DB3B09D3CC94D2D43A857864110571
C:\ProgramData\MFAData\SelfUpd\avgsrmax.exe	--a---- 1265504 bytes	[23:18 03/10/2011]	[09:35 09/02/2011] DF96A17994CC265F98078C00BCCEBF5D
C:\ProgramData\MFAData\SelfUpd\avgsrmx.dll	--a---- 620896 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 90F4C3D61C6722BB0962962DBC29AD7A
C:\ProgramData\MFAData\SelfUpd\avgssie.dll	--a---- 2276704 bytes	[23:18 03/10/2011]	[07:10 09/09/2011] E37DBC42F405F0B804CF83EF6F08361D
C:\ProgramData\MFAData\SelfUpd\avgssiea.dll	--a---- 3561824 bytes	[23:18 03/10/2011]	[07:10 09/09/2011] 098D30AD219025BA367A8A5F1A86478D
C:\ProgramData\MFAData\SelfUpd\AVGTBInstall.exe	--a---- 5996872 bytes	[23:18 03/10/2011]	[21:32 08/09/2011] 5ACE18F28F6928E68D81607208F25A1E
C:\ProgramData\MFAData\SelfUpd\avgtray.exe	--a---- 2338656 bytes	[23:18 03/10/2011]	[10:28 10/09/2011] BDDBAA0906EB612971C0FCD6030DBA14
C:\ProgramData\MFAData\SelfUpd\avgtrial_us.mht	--a---- 18421 bytes	[23:18 03/10/2011]	[14:41 26/04/2011] A1A2EA681542A265FEA201BE75ADEF09
C:\ProgramData\MFAData\SelfUpd\avgui.exe	--a---- 3593056 bytes	[23:18 03/10/2011]	[10:28 10/09/2011] 9184D32514A02B9322ABFF261C3B54ED
C:\ProgramData\MFAData\SelfUpd\avguiadv.dll	--a---- 2652512 bytes	[23:18 03/10/2011]	[23:37 22/04/2011] 0D1CCAC74BA0ECFC4369B78612D78851
C:\ProgramData\MFAData\SelfUpd\avguires.dll	--a---- 2897248 bytes	[23:18 03/10/2011]	[05:30 12/04/2011] 61B12427CCBF5512E3439664C00D5FCD
C:\ProgramData\MFAData\SelfUpd\avgupd.sig	--a---- 300 bytes	[23:18 03/10/2011]	[23:18 03/10/2011] 34715B8B96BFCCEE1B41BF0BED9F5D0C
C:\ProgramData\MFAData\SelfUpd\avgupdx.dll	--a---- 2251104 bytes	[23:18 03/10/2011]	[23:18 03/10/2011] 04BBEDAF3B6F09F1ECAC8C22120D12A4
C:\ProgramData\MFAData\SelfUpd\avgvva.dll	--a---- 1314656 bytes	[23:18 03/10/2011]	[05:33 18/08/2011] 7FA76B29C47B69AC10ADD884EBB74C23
C:\ProgramData\MFAData\SelfUpd\avgvvx.dll	--a---- 737632 bytes	[23:18 03/10/2011]	[05:33 18/08/2011] A8E994FE476F00BE2ADC0B7E8A1D175C
C:\ProgramData\MFAData\SelfUpd\avgwd.dll	--a---- 2033928 bytes	[23:18 03/10/2011]	[05:29 02/09/2011] 2FA4BD725500104292CB80F61F8AC1D7
C:\ProgramData\MFAData\SelfUpd\avgwdsvc.exe	--a---- 269520 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] FC2BC51120A945F7C70376495E4E7737
C:\ProgramData\MFAData\SelfUpd\avgwdwsc.dll	--a---- 460600 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 80AEC7987F4F315DC8B65FA1A42FF554
C:\ProgramData\MFAData\SelfUpd\avgwebui.dll	--a---- 583520 bytes	[23:18 03/10/2011]	[09:38 13/04/2011] 9AA48B408E2AB8D298444C4558E86606
C:\ProgramData\MFAData\SelfUpd\avgwsc.exe	--a---- 754120 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] DD00E5497967D46D82222215B76F69C9
C:\ProgramData\MFAData\SelfUpd\avgxpl.dll	--a---- 1859424 bytes	[23:18 03/10/2011]	[05:33 18/08/2011] 82D8DC61C24C5B4D754CCD97E78DA876
C:\ProgramData\MFAData\SelfUpd\avgxpla.dll	--a---- 2762592 bytes	[23:18 03/10/2011]	[05:33 18/08/2011] E6B57215F19042EBE49894D3ED336307
C:\ProgramData\MFAData\SelfUpd\avg_us.chm	--a---- 347868 bytes	[23:18 03/10/2011]	[22:49 13/05/2011] E350F5895EEA3E675032FE77E4938512
C:\ProgramData\MFAData\SelfUpd\avg_us.lng	--a---- 669077 bytes	[23:18 03/10/2011]	[05:04 06/09/2011] 6A682AAF883E3460CB158254A39E018B
C:\Users\Coop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MF6QHW8O\avg12-background[1].gif	--a---- 116 bytes	[16:32 24/08/2012]	[16:32 24/08/2012] A529093EDDBA9AB949264F844281B70A
C:\Users\Coop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MF6QHW8O\avg_logo[1].png	--a---- 3072 bytes	[16:32 24/08/2012]	[16:32 24/08/2012] BDB5B9919E9EEF0CE6579B8CC8F6E27B
C:\Users\Coop\Downloads\avgremover.log	--a---- 264639 bytes	[16:39 24/08/2012]	[16:58 25/08/2012] 5F9BE3EC27787F1E25A7612F24101A92
C:\Users\Coop\Downloads\avg_remover_stf_x64_2012_2125.exe	--a---- 2899344 bytes	[16:38 24/08/2012]	[16:38 24/08/2012] C4B2384739E0D27716D0CEBF8EFAC4F2
C:\Windows\Prefetch\AVGMFAPX.EXE-685E40B7.pf	--a---- 189406 bytes	[19:24 18/08/2012]	[16:32 24/08/2012] 4C1787DC4E80C7C1AEB8A5B5335DDCFC
C:\Windows\Temp\avginfo.id	--a---- 236 bytes	[22:03 22/08/2012]	[14:49 24/08/2012] C2095D3F0B717EBDE2AFA2D8FF94109A

========== folderfind ==========

Searching for "*avg*"
C:\Program Files (x86)\AVG	d------	[08:52 01/11/2008]
C:\Program Files (x86)\AVG\AVG10	d------	[18:14 27/11/2010]
C:\Program Files (x86)\AVG\AVG9	d------	[00:12 11/11/2009]
C:\ProgramData\avg9	d------	[00:12 11/11/2009]
C:\ProgramData\avg9\AvgAm	d------	[00:12 11/11/2009]
C:\ProgramData\avg9\AvgApi	d------	[00:12 11/11/2009]
C:\Users\Coop\AppData\Roaming\Mozilla\Firefox\Profiles\sy8v5ryx.default\avg	d------	[03:56 09/08/2012]

========== regfind ==========

Searching for "avg"
[HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayRSAlert]
[HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinished]
[HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanStarted]
[HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayWSAlert]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Avg]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Avg\Avg2012]
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG10\avgtray.exe"="06/12/2011 2:55 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG10\IDENTITY PROTECTION\Agent\Bin\AVGIDSMONITOR.EXE"="06/12/2011 2:55 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG10\avgui.exe"="06/22/2011 5:16 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\Program Files (x86)\AVG\AVG10\PCTuneup\MicroScanner.exe"="07/30/2011 1:17 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG2012\avgtray.exe"="10/03/2011 7:28 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG2012\avgui.exe"="11/06/2011 11:31 AM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files (x86)\AVG\AVG10\avgssie.dll"="06/12/2011 2:55 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\Services]
"C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe"="06/12/2011 2:55 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\Services]
"C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe"="06/12/2011 2:55 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\IEHelpers]
"AVG Internet Security"="900"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Services]
"AVGIDSAgent"="700"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Services]
"AVG WatchDog"="700"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG8Uninstall]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG9Uninstall]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_CURRENT_USER\Software\WinRAR\VirusScan]
"DefScanner"="AVG Anti-Virus"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe"="AVG Installer Application"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Coop\Downloads\avg_remover_stf_x64_2012_2125.exe"="AVG Remover Utility"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Applications\avgtray.exe]
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Applications\avgtray.exe]
"TaskbarGroupIcon"="C:\Program Files (x86)\AVG\AVG2012\avguires.dll,-128"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Applications\avgui.exe]
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Applications\avgui.exe]
"TaskbarGroupIcon"="C:\Program Files (x86)\AVG\AVG2012\avguires.dll,-128"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe"="AVG Installer Application"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Coop\Downloads\avg_remover_stf_x64_2012_2125.exe"="AVG Remover Utility"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A30}\LocalServer32]
@="C:\PROGRA~2\AVG\AVG2012\PCTuneup\MICROS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}]
"LocalizedString"="@C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll,-200"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft Silverlight|4.0.60129.0|hr|system.resources.dll]
"system.resources,culture="hr",fileVersion="4.0.60129.0",processorArchitecture="MSIL",publicKeyToken="7cec85d7bea7798e",version="2.0.5.0""="3PgDT0$gy?~Dc}DI]?&!Complete4.0.60129.0>NGEM5AVgG=~j$-v0s9cr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\AECBBDF2BD264F546B5EE0F12B1A2FD9\SourceList]
"LastUsedSource"="n;1;C:\Users\Coop\AppData\Local\Temp\AVGDownloadManager\packages\41\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\AECBBDF2BD264F546B5EE0F12B1A2FD9\SourceList\Net]
"1"="C:\Users\Coop\AppData\Local\Temp\AVGDownloadManager\packages\41\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C8}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG10\PCTuneup\MicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C8}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG10\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A30}\LocalServer32]
@="C:\PROGRA~2\AVG\AVG2012\PCTuneup\MICROS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}]
"LocalizedString"="@C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll,-200"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}\InprocServer32]
@="C:\PROGRA~2\AVG\AVG2012\PCTuneup\MICROS~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C8}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG10\PCTuneup\MicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C8}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG10\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}\1.0\0\win64]
@="C:\Program Files (x86)\AVG\AVG10\avgppa.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG10\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Windows\system32\Drivers\AVG\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03417262F87C7FE4AAD0D2FBFC7CB9F3]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\scanlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E9A06E17F2CBFC42908A7AD66EF5401]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\corelog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F391EB72F3A0F44798692F96613B5A0]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\tdilog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41ED20A6906033F43860CECF0824F36F]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\privlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\47267D11CB256E640ADFDCA61B72D247]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\cfgexlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5522F383C5285CC459238472161300DA]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\cfglog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\583CA4CF0AC7F8843A84E5D8130C367A]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\ldrlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D70FD512AFFB5C459F4EB79441AB0CA]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\rslog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6692140C420A7034BB32511EEF6A4046]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\avgss.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B73052A1DF4DEC4F82474ABD9C86A1D]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\csllog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\84A020F387925634F9769E7BFE004F20]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\wdlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9238717B266ADD643AD39013EA460A97]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\arklog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1134359B7955984A9B6A1FC0EEB7EBE]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\nslog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4DF15DF1AEF0BC4194959FAC3C8D515]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\chjwlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEA16B55A833DBE4784A89E373C82EF0]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\publog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6240439242E4BC4E8F83A199AC2AEE2]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\vaultlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9416FA855A98BF4792271554BFDAABB]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\lnglog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBBE5F8AE6A8DE247A8A775E67E44B3C]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\avguilog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBD102EF66D93CB4A8C6AA14FD2335B3]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\updlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEA9A6D8B5FDFB34B875367D1065891A]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\schedlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D55441B1479F59740AFBE9FDD2740122]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\srmlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E44FA2B654640724596D61083C5FD4A4]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\wdsvclog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F061708F3225D9D4D906120730B2AC2D]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\idplog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1C570715109D3A4A99BE27ED26855D8]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\avgmail.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2A8FCE0C74359D4093F67EC7D6E1500]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\emclog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F59EFE50136030B4E87919A92806215B]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\lscanlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\06AEBDCF0F97EAF4BB8A552AC606A994\InstallProperties]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\286FF0AF07CC75C439DC2E673F7E35E7\Features]
"BufferChm"=".S0lqB30%AOj!,Z!]ncTgu1}a'%%o9hE)^G_acXpx3!zWPhrq8&[email protected]`TPfRlK]77X%[email protected]+&!bx}Q([email protected]&R=StA6?)pL]VgbS1DI{yG?{?Bz?KvOvgwR^71Tm`57-{,d==LyKNnPe&woAx7]$V{DAr.FOVtqD+4?6m~^[email protected]'-P^VK^**e%+([N=dtG2a%5OvVPr~CF*p!)A`v[Z=?V88`dlrcialYK9(m^PihfvcI4K'yukD}29QsE=)[RC'Es-y[TC)[email protected]+=8++u&f&?A)h(jdoE[=uF5J)Sps6r${)[email protected](A'R$e?vlk4uVYSrBhg[m9h8F)%&4RPi}I-6Fx%AQ?j9B?vA4)F`CMeM(@Ym59b*6b,[email protected]@@TLaps(-*L3RoYe?O(8?&xpmZ6n4'XsOe{Asn~59D)yx$m=3RjYAocKj!-g=yz8q0E=&(S]X5ypsD_g?GMtt`1SuX2K0X-`[email protected]}~9$9=m$P3U7T]d){`8T(Z_^d1%[email protected]~t1RU}Ly{[email protected]=j3rj]jTSt$GmPwq=hT9EgI&*8q*[email protected]$M`qg{PQ$s,C3xF+G?~M^[!~VP0,(T]!-IG(QA0xsfl!&n~Z4rO3Ka21i8WXK48!{[email protected]=?A1~=t_Ong[a6=4(!{be_idi?~zLD%[4{[email protected]`t%^PhLwzuG2JcE=C%0U633!D)sY)Pj-]Y=9{c(_-a2bK5p`E%1V?jPAS~)p%1)Bak^kC[ei,~WAu5(PWmm+qt)LGan5Y0x=eg)5{Gk.yKa0]5,wHah8Iv4hBI{w(,wRO~UmH)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AECBBDF2BD264F546B5EE0F12B1A2FD9\InstallProperties]
"InstallSource"="C:\Users\Coop\AppData\Local\Temp\AVGDownloadManager\packages\41\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AECBBDF2BD264F546B5EE0F12B1A2FD9\InstallProperties]
"Publisher"="AVG Technologies CZ, s.r.o."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A30}\LocalServer32]
@="C:\PROGRA~2\AVG\AVG2012\PCTuneup\MICROS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}]
"LocalizedString"="@C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll,-200"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}\InprocServer32]
@="C:\PROGRA~2\AVG\AVG2012\PCTuneup\MICROS~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C8}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG10\PCTuneup\MicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C8}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG10\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}\1.0\0\win64]
@="C:\Program Files (x86)\AVG\AVG10\avgppa.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\12.0\Registration\{90120000-0016-0000-0000-0000000FF1CE}]
"Current"="TQBJAEMAUgBPAFMATwBGAFQAIABTAE8ARgBUAFcAQQBSAEUAIABMAEkAQwBFAE4AUwBFACAAVABFAFIATQBTAA0ACgAyADAAMAA3ACAATQBJAEMAUgBPAFMATwBGAFQAIABPAEYARgBJAEMARQAgAFMAWQBTAFQARQBNACAARABFAFMASwBUAE8AUAAgAEEAUABQAEwASQBDAEEAVABJAE8ATgAgAFMATwBGAFQAVwBBAFIARQANAAoAQgBlAGwAbwB3ACAAYQByAGUAIAB0AGgAcgBlAGUAIABzAGUAcABhAHIAYQB0AGUAIABzAGUAdABzACAAbwBmACAATABpAGMAZQBuAHMAZQAgAFQAZQByAG0AcwAuAKAAIABPAG4AbAB5ACAAbwBuAGUAIABzAGUAdAAgAGEAcABwAGwAaQBlAHMAIAB0AG8AIAB5AG8AdQAuAKAAIABUAG8AIABkAGUAdABlAHIAbQBpAG4AZQAgAHcAaABpAGMAaAAgAEwAaQBjAGUAbgBzAGUAIABUAGUAcgBtAHMAIABhAHAAcABsAHkAIAB0AG8AIAB5AG8AdQAgAGMAaABlAGMAawAgAHQAaABlACAAbABpAGMAZQBuAHMAZQAgAGQAZQBzAGkAZwBuAGEAdABpAG8AbgAgAHAAcgBpAG4AdABlAGQAIABlAGkAdABoAGUAcgAgAG8AbgAgAHkAbwB1AHIAIABwAHIAbwBkAHUAYwB0ACAAawBlAHkALAAgAG4AZQBhAHIAIAB0AGgAZQAgAHAAcgBvAGQAdQBjAHQAIABuAGEAbQBlACAAbwBuACAAeQBvAHUAcgAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAG8AZgAgAEEAdQB0AGgAZQBuAHQA
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\12.0\Registration\{90120000-0018-0000-0000-0000000FF1CE}]
"Current"="TQBJAEMAUgBPAFMATwBGAFQAIABTAE8ARgBUAFcAQQBSAEUAIABMAEkAQwBFAE4AUwBFACAAVABFAFIATQBTAA0ACgAyADAAMAA3ACAATQBJAEMAUgBPAFMATwBGAFQAIABPAEYARgBJAEMARQAgAFMAWQBTAFQARQBNACAARABFAFMASwBUAE8AUAAgAEEAUABQAEwASQBDAEEAVABJAE8ATgAgAFMATwBGAFQAVwBBAFIARQANAAoAQgBlAGwAbwB3ACAAYQByAGUAIAB0AGgAcgBlAGUAIABzAGUAcABhAHIAYQB0AGUAIABzAGUAdABzACAAbwBmACAATABpAGMAZQBuAHMAZQAgAFQAZQByAG0AcwAuAKAAIABPAG4AbAB5ACAAbwBuAGUAIABzAGUAdAAgAGEAcABwAGwAaQBlAHMAIAB0AG8AIAB5AG8AdQAuAKAAIABUAG8AIABkAGUAdABlAHIAbQBpAG4AZQAgAHcAaABpAGMAaAAgAEwAaQBjAGUAbgBzAGUAIABUAGUAcgBtAHMAIABhAHAAcABsAHkAIAB0AG8AIAB5AG8AdQAgAGMAaABlAGMAawAgAHQAaABlACAAbABpAGMAZQBuAHMAZQAgAGQAZQBzAGkAZwBuAGEAdABpAG8AbgAgAHAAcgBpAG4AdABlAGQAIABlAGkAdABoAGUAcgAgAG8AbgAgAHkAbwB1AHIAIABwAHIAbwBkAHUAYwB0ACAAawBlAHkALAAgAG4AZQBhAHIAIAB0AGgAZQAgAHAAcgBvAGQAdQBjAHQAIABuAGEAbQBlACAAbwBuACAAeQBvAHUAcgAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAG8AZgAgAEEAdQB0AGgAZQBuAHQA
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\12.0\Registration\{90120000-001B-0000-0000-0000000FF1CE}]
"Current"="TQBJAEMAUgBPAFMATwBGAFQAIABTAE8ARgBUAFcAQQBSAEUAIABMAEkAQwBFAE4AUwBFACAAVABFAFIATQBTAA0ACgAyADAAMAA3ACAATQBJAEMAUgBPAFMATwBGAFQAIABPAEYARgBJAEMARQAgAFMAWQBTAFQARQBNACAARABFAFMASwBUAE8AUAAgAEEAUABQAEwASQBDAEEAVABJAE8ATgAgAFMATwBGAFQAVwBBAFIARQANAAoAQgBlAGwAbwB3ACAAYQByAGUAIAB0AGgAcgBlAGUAIABzAGUAcABhAHIAYQB0AGUAIABzAGUAdABzACAAbwBmACAATABpAGMAZQBuAHMAZQAgAFQAZQByAG0AcwAuAKAAIABPAG4AbAB5ACAAbwBuAGUAIABzAGUAdAAgAGEAcABwAGwAaQBlAHMAIAB0AG8AIAB5AG8AdQAuAKAAIABUAG8AIABkAGUAdABlAHIAbQBpAG4AZQAgAHcAaABpAGMAaAAgAEwAaQBjAGUAbgBzAGUAIABUAGUAcgBtAHMAIABhAHAAcABsAHkAIAB0AG8AIAB5AG8AdQAgAGMAaABlAGMAawAgAHQAaABlACAAbABpAGMAZQBuAHMAZQAgAGQAZQBzAGkAZwBuAGEAdABpAG8AbgAgAHAAcgBpAG4AdABlAGQAIABlAGkAdABoAGUAcgAgAG8AbgAgAHkAbwB1AHIAIABwAHIAbwBkAHUAYwB0ACAAawBlAHkALAAgAG4AZQBhAHIAIAB0AGgAZQAgAHAAcgBvAGQAdQBjAHQAIABuAGEAbQBlACAAbwBuACAAeQBvAHUAcgAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAG8AZgAgAEEAdQB0AGgAZQBuAHQA
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}]
"InstallSource"="C:\Users\Coop\AppData\Local\Temp\AVGDownloadManager\packages\41\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}]
"Publisher"="AVG Technologies CZ, s.r.o."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSEH]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSEH\0000]
"Service"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSEH\0000]
"DeviceDesc"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSFILTER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"Service"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"DeviceDesc"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHA\0000]
"Service"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHA\0000]
"DeviceDesc"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64\0000]
"Service"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA\0000]
"Service"="AvgTdiA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG8 Network Redirector"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F49619DC-03A8-4CB3-A6DD-132498A315EB}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EAFCA4A2-86F9-4BC3-AF95-C869AC302148}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSEH]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSEH\0000]
"Service"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSEH\0000]
"DeviceDesc"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSFILTER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"Service"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"DeviceDesc"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSHA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSHA\0000]
"Service"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSHA\0000]
"DeviceDesc"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64\0000]
"Service"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA\0000]
"Service"="AvgTdiA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG8 Network Redirector"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F49619DC-03A8-4CB3-A6DD-132498A315EB}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EAFCA4A2-86F9-4BC3-AF95-C869AC302148}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH\0000]
"Service"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH\0000]
"DeviceDesc"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSFILTER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"Service"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"DeviceDesc"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA\0000]
"Service"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA\0000]
"DeviceDesc"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64\0000]
"Service"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA\0000]
"Service"="AvgTdiA"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG8 Network Redirector"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F49619DC-03A8-4CB3-A6DD-132498A315EB}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EAFCA4A2-86F9-4BC3-AF95-C869AC302148}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|Edge=FALSE|"
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayRSAlert]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinished]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanStarted]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayWSAlert]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Avg]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Avg\Avg9]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Avg]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Avg\Avg2012]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-19\AppEvents\EventLabels\avgtrayRSAlert]
[HKEY_USERS\S-1-5-19\AppEvents\EventLabels\avgtrayScanFinished]
[HKEY_USERS\S-1-5-19\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[HKEY_USERS\S-1-5-19\AppEvents\EventLabels\avgtrayScanStarted]
[HKEY_USERS\S-1-5-19\AppEvents\EventLabels\avgtrayWSAlert]
[HKEY_USERS\S-1-5-19\Software\AppDataLow\Avg]
[HKEY_USERS\S-1-5-19\Software\AppDataLow\Avg\Avg9]
[HKEY_USERS\S-1-5-20\AppEvents\EventLabels\avgtrayRSAlert]
[HKEY_USERS\S-1-5-20\AppEvents\EventLabels\avgtrayScanFinished]
[HKEY_USERS\S-1-5-20\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[HKEY_USERS\S-1-5-20\AppEvents\EventLabels\avgtrayScanStarted]
[HKEY_USERS\S-1-5-20\AppEvents\EventLabels\avgtrayWSAlert]
[HKEY_USERS\S-1-5-20\Software\AppDataLow\Avg]
[HKEY_USERS\S-1-5-20\Software\AppDataLow\Avg\Avg9]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\AppEvents\EventLabels\avgtrayRSAlert]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\AppEvents\EventLabels\avgtrayScanFinished]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\AppEvents\EventLabels\avgtrayScanStarted]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\AppEvents\EventLabels\avgtrayWSAlert]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\AppDataLow\Software\Avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\AppDataLow\Software\Avg\Avg2012]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG10\avgtray.exe"="06/12/2011 2:55 PM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG10\IDENTITY PROTECTION\Agent\Bin\AVGIDSMONITOR.EXE"="06/12/2011 2:55 PM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG10\avgui.exe"="06/22/2011 5:16 PM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\ActiveTasks]
"C:\Program Files (x86)\AVG\AVG10\PCTuneup\MicroScanner.exe"="07/30/2011 1:17 PM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG2012\avgtray.exe"="10/03/2011 7:28 PM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG2012\avgui.exe"="11/06/2011 11:31 AM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files (x86)\AVG\AVG10\avgssie.dll"="06/12/2011 2:55 PM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\Services]
"C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe"="06/12/2011 2:55 PM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\Services]
"C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe"="06/12/2011 2:55 PM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\WinPatrol\IEHelpers]
"AVG Internet Security"="900"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\WinPatrol\Services]
"AVGIDSAgent"="700"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\WinPatrol\Services]
"AVG WatchDog"="700"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG8Uninstall]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG9Uninstall]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\WinRAR\VirusScan]
"DefScanner"="AVG Anti-Virus"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe"="AVG Installer Application"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Coop\Downloads\avg_remover_stf_x64_2012_2125.exe"="AVG Remover Utility"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Applications\avgtray.exe]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Applications\avgtray.exe]
"TaskbarGroupIcon"="C:\Program Files (x86)\AVG\AVG2012\avguires.dll,-128"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Applications\avgui.exe]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Applications\avgui.exe]
"TaskbarGroupIcon"="C:\Program Files (x86)\AVG\AVG2012\avguires.dll,-128"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe"="AVG Installer Application"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Coop\Downloads\avg_remover_stf_x64_2012_2125.exe"="AVG Remover Utility"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe"="AVG Installer Application"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Coop\Downloads\avg_remover_stf_x64_2012_2125.exe"="AVG Remover Utility"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Applications\avgtray.exe]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Applications\avgtray.exe]
"TaskbarGroupIcon"="C:\Program Files (x86)\AVG\AVG2012\avguires.dll,-128"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Applications\avgui.exe]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Applications\avgui.exe]
"TaskbarGroupIcon"="C:\Program Files (x86)\AVG\AVG2012\avguires.dll,-128"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe"="AVG Installer Application"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Coop\Downloads\avg_remover_stf_x64_2012_2125.exe"="AVG Remover Utility"
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avgtrayRSAlert]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avgtrayScanFinished]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avgtrayScanStarted]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avgtrayWSAlert]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Avg]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Avg\Avg9]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Avg]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Avg\Avg2012]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

I thought it would do a better job than that in safe mode. There's a lot to go through there and some things don't need to be removed from the registry but there are others that I'm not sure of. I wonder if you wouldn't mind posting about this on the AVG forums? Maybe we can get some insight there about why the tool isn't removing the leftovers.

http://forums.avg.com/ca-en/avg-forums


----------



## rcoops72 (Jun 11, 2011)

Sure I should be able to post a message later today.

Should I try the old CCLEANER and see what happens and then run Systemlook again?


----------



## Cookiegal (Aug 27, 2003)

You can try that (not the registry cleaner function though) or try Revo Uninstaller and see if that gets the remains.

http://www.revouninstaller.com/revo_uninstaller_free_download.html


----------



## rcoops72 (Jun 11, 2011)

OK I deleted some files they say to after running the tool so here is a new SYSTEM LOOK

SystemLook 30.07.11 by jpshortstuff
Log created at 13:35 on 25/08/2012 by Coop
Administrator - Elevation successful

========== filefind ==========

Searching for "*avg*"
C:\Program Files (x86)\Spybot - Search & Destroy\LCULIYVTSDZELAVGM.scr	--a---- 5365592 bytes	[16:48 26/04/2009]	[20:31 26/01/2009] 0477C2F9171599CA5BC3307FDFBA8D89
C:\ProgramData\MFAData\SelfUpd\avg.snu	--a---- 150 bytes	[23:18 03/10/2011]	[19:17 06/05/2011] B8FB047A5AF76A55F50D018E8263AD47
C:\ProgramData\MFAData\SelfUpd\avgabout.dll	--a---- 1227616 bytes	[23:18 03/10/2011]	[09:39 13/04/2011] 4AAAF56222E0ACC070DDBA038998D6C8
C:\ProgramData\MFAData\SelfUpd\avgamnot.dll	--a---- 476000 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] DE81240BD5476BB8AA2261349AB32FF8
C:\ProgramData\MFAData\SelfUpd\avgapia.dll	--a---- 7962976 bytes	[23:18 03/10/2011]	[05:33 18/08/2011] EA3BBE6503E33E9046046C77A7B0964C
C:\ProgramData\MFAData\SelfUpd\avgapix.dll	--a---- 4193632 bytes	[23:18 03/10/2011]	[05:33 18/08/2011] FD5AB675C3C308AE767032502B6BF881
C:\ProgramData\MFAData\SelfUpd\avgar_us.chm	--a---- 35871 bytes	[23:18 03/10/2011]	[22:49 13/05/2011] 72D8535164BAF188D07ADC06AA8D4DC8
C:\ProgramData\MFAData\SelfUpd\avgatend.stp	--a---- 32 bytes	[23:18 03/10/2011]	[23:18 03/10/2011] 34C50B69C2B299929457A85A8E030F38
C:\ProgramData\MFAData\SelfUpd\avgatupd.stp	--a---- 32 bytes	[23:18 03/10/2011]	[23:18 03/10/2011] 34C50B69C2B299929457A85A8E030F38
C:\ProgramData\MFAData\SelfUpd\avgcclia.dll	--a---- 683360 bytes	[23:18 03/10/2011]	[07:00 28/03/2011] 2E6F4C1F13031C7B2AC1F3A75DB59A96
C:\ProgramData\MFAData\SelfUpd\avgcclix.dll	--a---- 450912 bytes	[23:18 03/10/2011]	[07:00 28/03/2011] E175A3A80D3626A3EB01A378D758DF8C
C:\ProgramData\MFAData\SelfUpd\avgcerta.dll	--a---- 1139040 bytes	[23:18 03/10/2011]	[09:32 08/02/2011] E842BEEE8B100CE128C1EC70B462E078
C:\ProgramData\MFAData\SelfUpd\avgcertx.dll	--a---- 867168 bytes	[23:18 03/10/2011]	[09:32 08/02/2011] 1E9839FD8F51E4836A219ABCBDCBEA6B
C:\ProgramData\MFAData\SelfUpd\avgcfga.dll	--a---- 1997152 bytes	[23:18 03/10/2011]	[18:03 22/08/2011] FE2F942ED460F8C8E8B8F84A0CF82FD6
C:\ProgramData\MFAData\SelfUpd\avgcfgex.exe	--a---- 580960 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 525C1BB5EB4F216714DF6348E68B8822
C:\ProgramData\MFAData\SelfUpd\avgcfgx.dll	--a---- 1128800 bytes	[23:18 03/10/2011]	[18:03 22/08/2011] F564B7BE14C719D12C53B902B840CF2A
C:\ProgramData\MFAData\SelfUpd\avgchcla.dll	--a---- 354144 bytes	[23:18 03/10/2011]	[09:32 08/02/2011] 33BAC6BB9AE471B8F1CB54337BE6D03D
C:\ProgramData\MFAData\SelfUpd\avgchclx.dll	--a---- 246112 bytes	[23:18 03/10/2011]	[09:32 08/02/2011] DB359D68D8B5D7E1C0A1961916BBA905
C:\ProgramData\MFAData\SelfUpd\avgchjwa.dll	--a---- 763232 bytes	[23:18 03/10/2011]	[23:07 27/05/2011] BB63418C7269D1327ED2B95D13F76B4C
C:\ProgramData\MFAData\SelfUpd\avgchsva.exe	--a---- 1147232 bytes	[23:18 03/10/2011]	[18:13 23/05/2011] B737DB264CB1B5FFA2A886E3B940434A
C:\ProgramData\MFAData\SelfUpd\avgclita.dll	--a---- 467808 bytes	[23:18 03/10/2011]	[05:32 18/08/2011] 98A243951E968F19B27CD6CDB7EAA436
C:\ProgramData\MFAData\SelfUpd\avgclitx.dll	--a---- 334688 bytes	[23:18 03/10/2011]	[05:32 18/08/2011] F71ECAB18972467500609A8FA4E98F33
C:\ProgramData\MFAData\SelfUpd\avgcmgr.exe	--a---- 1559392 bytes	[23:18 03/10/2011]	[09:56 20/04/2011] CAE3131129F253979E879C84D72D57A0
C:\ProgramData\MFAData\SelfUpd\avgcorea.dll	--a---- 6833504 bytes	[23:18 03/10/2011]	[14:49 04/08/2011] 4D2E9212286A186D02A53E1C663F73F5
C:\ProgramData\MFAData\SelfUpd\avgcorex.dll	--a---- 4992352 bytes	[23:18 03/10/2011]	[14:49 04/08/2011] 9DF80626266AABD12D03744ED6BF8361
C:\ProgramData\MFAData\SelfUpd\avgcrema.exe	--a---- 4191584 bytes	[23:18 03/10/2011]	[14:49 04/08/2011] F4D19B0666EC9E951BA195B4A6B77400
C:\ProgramData\MFAData\SelfUpd\avgcsla.dll	--a---- 2750792 bytes	[23:18 03/10/2011]	[00:10 10/05/2011] 56CE2720D770B285B2DCA2CAC31646D6
C:\ProgramData\MFAData\SelfUpd\avgcslx.dll	--a---- 1854280 bytes	[23:18 03/10/2011]	[00:09 10/05/2011] B01E5E3CFB0CE27CBEF9011EB09A0A71
C:\ProgramData\MFAData\SelfUpd\avgcsrva.exe	--a---- 519008 bytes	[23:18 03/10/2011]	[07:00 28/03/2011] 2CDA4753B39225BA3F71A0F915280ACB
C:\ProgramData\MFAData\SelfUpd\avgcsrvx.exe	--a---- 351072 bytes	[23:18 03/10/2011]	[07:00 28/03/2011] 2FE694541C5D0D2A874CCC222BBFC7D0
C:\ProgramData\MFAData\SelfUpd\avgdg_us.chm	--a---- 33696 bytes	[23:18 03/10/2011]	[22:49 13/05/2011] AC89AEEF6438CAA9228B416CFB1BFA9D
C:\ProgramData\MFAData\SelfUpd\avgdiagex.exe	--a---- 3833696 bytes	[23:18 03/10/2011]	[05:33 18/08/2011] 71C940B4D31A803CF42D2C384BF72711
C:\ProgramData\MFAData\SelfUpd\avgdumpa.exe	--a---- 416608 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] B148FBC8DE10EEE067547291003B06A3
C:\ProgramData\MFAData\SelfUpd\avgdumpx.exe	--a---- 278880 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 7425F9710FA02197E4C616293D5FBE83
C:\ProgramData\MFAData\SelfUpd\avgemca.exe	--a---- 1687904 bytes	[23:18 03/10/2011]	[20:05 16/03/2011] 0FFF051E4327DF1508CBF9EE098DEAB6
C:\ProgramData\MFAData\SelfUpd\avgfree_us.mht	--a---- 33415 bytes	[23:18 03/10/2011]	[20:28 09/02/2011] 74B3413588725D11329736614F2B8002
C:\ProgramData\MFAData\SelfUpd\avgf_us.chm	--a---- 336574 bytes	[23:18 03/10/2011]	[22:49 13/05/2011] 90F897D16E9641AE534308C8C67B7069
C:\ProgramData\MFAData\SelfUpd\avgidpsdkx.dll	--a---- 2547040 bytes	[23:18 03/10/2011]	[11:55 10/02/2011] 8F2E5F841DF279C41FA011E8F2E945BC
C:\ProgramData\MFAData\SelfUpd\avgidp_us.chm	--a---- 42609 bytes	[23:18 03/10/2011]	[22:49 13/05/2011] D1F2BCB64D624D74CCE74C4356B10CBE
C:\ProgramData\MFAData\SelfUpd\avglnga.dll	--a---- 374112 bytes	[23:18 03/10/2011]	[21:39 18/04/2011] 1353B18A8755C1B736FC11BA6B6C7D37
C:\ProgramData\MFAData\SelfUpd\avglngx.dll	--a---- 246624 bytes	[23:18 03/10/2011]	[21:39 18/04/2011] 199F9ADDB1C1E633169B9F6CB40D7724
C:\ProgramData\MFAData\SelfUpd\avgloga.dll	--a---- 1178464 bytes	[23:18 03/10/2011]	[09:52 21/02/2011] 865A55BC96244466A0A094AEB5D3D0E9
C:\ProgramData\MFAData\SelfUpd\avglogx.dll	--a---- 796512 bytes	[23:18 03/10/2011]	[09:52 21/02/2011] 3FA61EF87E49FFACE4ED58C4F1A98EB1
C:\ProgramData\MFAData\SelfUpd\avglscanx.exe	--a---- 218464 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] DE1C35CB89C0B800DE6ED82C438039CB
C:\ProgramData\MFAData\SelfUpd\avgls_us.chm	--a---- 90010 bytes	[23:18 03/10/2011]	[22:49 13/05/2011] 90953BE9027779AFCC7CEA00EEE4A5BA
C:\ProgramData\MFAData\SelfUpd\avgmfapx.exe	--a---- 5587808 bytes	[23:18 03/10/2011]	[23:18 03/10/2011] D90D7337C35636EA0E737CBD7410FC33
C:\ProgramData\MFAData\SelfUpd\avgmfarx.dll	--a---- 1757024 bytes	[23:18 03/10/2011]	[23:18 03/10/2011] 7147662E245DBE82EAB807C22EA34D25
C:\ProgramData\MFAData\SelfUpd\avgmtrapx.dll	--a---- 1045344 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] EFC07F5DD54A4659369534FF4A60DC88
C:\ProgramData\MFAData\SelfUpd\avgmvfla.dll	--a---- 220512 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] A2D996E9AD50408F3A6B38FFACDB2E0B
C:\ProgramData\MFAData\SelfUpd\avgmvflx.dll	--a---- 154464 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 350CB5AAB7EC0F562D8A90AEDD70BFE5
C:\ProgramData\MFAData\SelfUpd\avgmwdef_us.mht	--a---- 30255 bytes	[23:18 03/10/2011]	[02:27 26/08/2010] 62D68860E68478AD7A61B02247A4BCB0
C:\ProgramData\MFAData\SelfUpd\avgnsa.exe	--a---- 1817440 bytes	[23:18 03/10/2011]	[07:10 09/09/2011] 7A7A90C3FF65DD7E970229BF98A27D41
C:\ProgramData\MFAData\SelfUpd\avgntdumpa.exe	--a---- 416608 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 070F42E4B95F4FBA6FC2D09E62288BDF
C:\ProgramData\MFAData\SelfUpd\avgntdumpx.exe	--a---- 598368 bytes	[23:18 03/10/2011]	[23:18 03/10/2011] 5A052593834E79C345C7B276BFB874E8
C:\ProgramData\MFAData\SelfUpd\avgpostinstx.dll	--a---- 748896 bytes	[23:18 03/10/2011]	[05:27 30/08/2011] 8B8732E15BCB1891A6DE1C9A0A7E6634
C:\ProgramData\MFAData\SelfUpd\avgpp.dll	--a---- 183136 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 380DA1A62D2E15CE912311F161EDC4AC
C:\ProgramData\MFAData\SelfUpd\avgppa.dll	--a---- 272224 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 473AD9A1C4F32B74FF9C16A8C9B534A8
C:\ProgramData\MFAData\SelfUpd\avgresf.dll	--a---- 661344 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 4188691D4DC6FBDB8A0A1D6F2888CFD5
C:\ProgramData\MFAData\SelfUpd\avgrkta.dll	--a---- 813920 bytes	[23:18 03/10/2011]	[23:07 27/05/2011] 0D4434DB6B96BAB8F2E8523794AFACBB
C:\ProgramData\MFAData\SelfUpd\avgrsa.exe	--a---- 1165664 bytes	[23:18 03/10/2011]	[05:33 18/08/2011] 8948D4B24E6415896960776B28E7BFFD
C:\ProgramData\MFAData\SelfUpd\avgsals_us.mht	--a---- 42165 bytes	[23:18 03/10/2011]	[02:26 26/08/2010] D7F6091448220024BD1294C7655072E1
C:\ProgramData\MFAData\SelfUpd\avgsbfree_us.mht	--a---- 16566 bytes	[23:18 03/10/2011]	[23:04 29/10/2009] A08274E9F97507796BB03D3589895C54
C:\ProgramData\MFAData\SelfUpd\avgsbga.dll	--a---- 1189728 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 380DBE46A9EAC66EC24655A91D683C6A
C:\ProgramData\MFAData\SelfUpd\avgscana.dll	--a---- 310112 bytes	[23:18 03/10/2011]	[00:29 16/04/2011] 691B8022A58F249326CF830582119B30
C:\ProgramData\MFAData\SelfUpd\avgscana.exe	--a---- 1847136 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 61B1E704D5DC756010CECB8D036FA53A
C:\ProgramData\MFAData\SelfUpd\avgscanx.dll	--a---- 219488 bytes	[23:18 03/10/2011]	[00:29 16/04/2011] DA2A930CA4A75D1C2BA245F19129C8F3
C:\ProgramData\MFAData\SelfUpd\avgscanx.exe	--a---- 1088864 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 1633EAB3C7CB7301A4734191DE18DB79
C:\ProgramData\MFAData\SelfUpd\avgsched.dll	--a---- 609632 bytes	[23:18 03/10/2011]	[23:07 27/05/2011] 96EC140D8EC76556A3651987B7102F92
C:\ProgramData\MFAData\SelfUpd\avgse.dll	--a---- 207200 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 6FBFA21869A09EDE8F3A2427BAEBCBDB
C:\ProgramData\MFAData\SelfUpd\avgsea.dll	--a---- 281440 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 3FD582772C1DF4B00E219BA2CB64B622
C:\ProgramData\MFAData\SelfUpd\avgsrma.dll	--a---- 1132384 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 08BAA1EB21C86D20DAC2BDD17A6BC5D8
C:\ProgramData\MFAData\SelfUpd\avgsrmaa.exe	--a---- 1939296 bytes	[23:18 03/10/2011]	[09:35 09/02/2011] 54DB3B09D3CC94D2D43A857864110571
C:\ProgramData\MFAData\SelfUpd\avgsrmax.exe	--a---- 1265504 bytes	[23:18 03/10/2011]	[09:35 09/02/2011] DF96A17994CC265F98078C00BCCEBF5D
C:\ProgramData\MFAData\SelfUpd\avgsrmx.dll	--a---- 620896 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 90F4C3D61C6722BB0962962DBC29AD7A
C:\ProgramData\MFAData\SelfUpd\avgssie.dll	--a---- 2276704 bytes	[23:18 03/10/2011]	[07:10 09/09/2011] E37DBC42F405F0B804CF83EF6F08361D
C:\ProgramData\MFAData\SelfUpd\avgssiea.dll	--a---- 3561824 bytes	[23:18 03/10/2011]	[07:10 09/09/2011] 098D30AD219025BA367A8A5F1A86478D
C:\ProgramData\MFAData\SelfUpd\AVGTBInstall.exe	--a---- 5996872 bytes	[23:18 03/10/2011]	[21:32 08/09/2011] 5ACE18F28F6928E68D81607208F25A1E
C:\ProgramData\MFAData\SelfUpd\avgtray.exe	--a---- 2338656 bytes	[23:18 03/10/2011]	[10:28 10/09/2011] BDDBAA0906EB612971C0FCD6030DBA14
C:\ProgramData\MFAData\SelfUpd\avgtrial_us.mht	--a---- 18421 bytes	[23:18 03/10/2011]	[14:41 26/04/2011] A1A2EA681542A265FEA201BE75ADEF09
C:\ProgramData\MFAData\SelfUpd\avgui.exe	--a---- 3593056 bytes	[23:18 03/10/2011]	[10:28 10/09/2011] 9184D32514A02B9322ABFF261C3B54ED
C:\ProgramData\MFAData\SelfUpd\avguiadv.dll	--a---- 2652512 bytes	[23:18 03/10/2011]	[23:37 22/04/2011] 0D1CCAC74BA0ECFC4369B78612D78851
C:\ProgramData\MFAData\SelfUpd\avguires.dll	--a---- 2897248 bytes	[23:18 03/10/2011]	[05:30 12/04/2011] 61B12427CCBF5512E3439664C00D5FCD
C:\ProgramData\MFAData\SelfUpd\avgupd.sig	--a---- 300 bytes	[23:18 03/10/2011]	[23:18 03/10/2011] 34715B8B96BFCCEE1B41BF0BED9F5D0C
C:\ProgramData\MFAData\SelfUpd\avgupdx.dll	--a---- 2251104 bytes	[23:18 03/10/2011]	[23:18 03/10/2011] 04BBEDAF3B6F09F1ECAC8C22120D12A4
C:\ProgramData\MFAData\SelfUpd\avgvva.dll	--a---- 1314656 bytes	[23:18 03/10/2011]	[05:33 18/08/2011] 7FA76B29C47B69AC10ADD884EBB74C23
C:\ProgramData\MFAData\SelfUpd\avgvvx.dll	--a---- 737632 bytes	[23:18 03/10/2011]	[05:33 18/08/2011] A8E994FE476F00BE2ADC0B7E8A1D175C
C:\ProgramData\MFAData\SelfUpd\avgwd.dll	--a---- 2033928 bytes	[23:18 03/10/2011]	[05:29 02/09/2011] 2FA4BD725500104292CB80F61F8AC1D7
C:\ProgramData\MFAData\SelfUpd\avgwdsvc.exe	--a---- 269520 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] FC2BC51120A945F7C70376495E4E7737
C:\ProgramData\MFAData\SelfUpd\avgwdwsc.dll	--a---- 460600 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] 80AEC7987F4F315DC8B65FA1A42FF554
C:\ProgramData\MFAData\SelfUpd\avgwebui.dll	--a---- 583520 bytes	[23:18 03/10/2011]	[09:38 13/04/2011] 9AA48B408E2AB8D298444C4558E86606
C:\ProgramData\MFAData\SelfUpd\avgwsc.exe	--a---- 754120 bytes	[23:18 03/10/2011]	[09:33 08/02/2011] DD00E5497967D46D82222215B76F69C9
C:\ProgramData\MFAData\SelfUpd\avgxpl.dll	--a---- 1859424 bytes	[23:18 03/10/2011]	[05:33 18/08/2011] 82D8DC61C24C5B4D754CCD97E78DA876
C:\ProgramData\MFAData\SelfUpd\avgxpla.dll	--a---- 2762592 bytes	[23:18 03/10/2011]	[05:33 18/08/2011] E6B57215F19042EBE49894D3ED336307
C:\ProgramData\MFAData\SelfUpd\avg_us.chm	--a---- 347868 bytes	[23:18 03/10/2011]	[22:49 13/05/2011] E350F5895EEA3E675032FE77E4938512
C:\ProgramData\MFAData\SelfUpd\avg_us.lng	--a---- 669077 bytes	[23:18 03/10/2011]	[05:04 06/09/2011] 6A682AAF883E3460CB158254A39E018B
C:\Users\Coop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MF6QHW8O\avg12-background[1].gif	--a---- 116 bytes	[16:32 24/08/2012]	[16:32 24/08/2012] A529093EDDBA9AB949264F844281B70A
C:\Users\Coop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MF6QHW8O\avg_logo[1].png	--a---- 3072 bytes	[16:32 24/08/2012]	[16:32 24/08/2012] BDB5B9919E9EEF0CE6579B8CC8F6E27B
C:\Users\Coop\Downloads\avgremover.log	--a---- 264639 bytes	[16:39 24/08/2012]	[16:58 25/08/2012] 5F9BE3EC27787F1E25A7612F24101A92
C:\Users\Coop\Downloads\avgremover_en.exe	--a---- 765264 bytes	[17:29 25/08/2012]	[17:29 25/08/2012] 786CE27A7B9989FFE48BFBC9AF908BD7
C:\Users\Coop\Downloads\avg_remover_stf_x64_2012_2125.exe	--a---- 2899344 bytes	[16:38 24/08/2012]	[16:38 24/08/2012] C4B2384739E0D27716D0CEBF8EFAC4F2
C:\Windows\Prefetch\AVGMFAPX.EXE-685E40B7.pf	--a---- 189406 bytes	[19:24 18/08/2012]	[16:32 24/08/2012] 4C1787DC4E80C7C1AEB8A5B5335DDCFC
C:\Windows\Temp\avginfo.id	--a---- 236 bytes	[22:03 22/08/2012]	[14:49 24/08/2012] C2095D3F0B717EBDE2AFA2D8FF94109A

========== folderfind ==========

Searching for "*avg*"
C:\Users\Coop\AppData\Roaming\Mozilla\Firefox\Profiles\sy8v5ryx.default\avg	d------	[03:56 09/08/2012]

========== regfind ==========

Searching for "avg"
[HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayRSAlert]
[HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinished]
[HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanStarted]
[HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayWSAlert]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Avg]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Avg\Avg2012]
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG10\avgtray.exe"="06/12/2011 2:55 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG10\IDENTITY PROTECTION\Agent\Bin\AVGIDSMONITOR.EXE"="06/12/2011 2:55 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG10\avgui.exe"="06/22/2011 5:16 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\Program Files (x86)\AVG\AVG10\PCTuneup\MicroScanner.exe"="07/30/2011 1:17 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG2012\avgtray.exe"="10/03/2011 7:28 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG2012\avgui.exe"="11/06/2011 11:31 AM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files (x86)\AVG\AVG10\avgssie.dll"="06/12/2011 2:55 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\Services]
"C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe"="06/12/2011 2:55 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\Services]
"C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe"="06/12/2011 2:55 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\IEHelpers]
"AVG Internet Security"="900"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Services]
"AVGIDSAgent"="700"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Services]
"AVG WatchDog"="700"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG8Uninstall]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG9Uninstall]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_CURRENT_USER\Software\WinRAR\VirusScan]
"DefScanner"="AVG Anti-Virus"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe"="AVG Installer Application"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Coop\Downloads\avg_remover_stf_x64_2012_2125.exe"="AVG Remover Utility"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Applications\avgtray.exe]
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Applications\avgtray.exe]
"TaskbarGroupIcon"="C:\Program Files (x86)\AVG\AVG2012\avguires.dll,-128"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Applications\avgui.exe]
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Applications\avgui.exe]
"TaskbarGroupIcon"="C:\Program Files (x86)\AVG\AVG2012\avguires.dll,-128"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe"="AVG Installer Application"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Coop\Downloads\avg_remover_stf_x64_2012_2125.exe"="AVG Remover Utility"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A30}\LocalServer32]
@="C:\PROGRA~2\AVG\AVG2012\PCTuneup\MICROS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}]
"LocalizedString"="@C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll,-200"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Microsoft Silverlight|4.0.60129.0|hr|system.resources.dll]
"system.resources,culture="hr",fileVersion="4.0.60129.0",processorArchitecture="MSIL",publicKeyToken="7cec85d7bea7798e",version="2.0.5.0""="3PgDT0$gy?~Dc}DI]?&!Complete4.0.60129.0>NGEM5AVgG=~j$-v0s9cr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\AECBBDF2BD264F546B5EE0F12B1A2FD9\SourceList]
"LastUsedSource"="n;1;C:\Users\Coop\AppData\Local\Temp\AVGDownloadManager\packages\41\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\AECBBDF2BD264F546B5EE0F12B1A2FD9\SourceList\Net]
"1"="C:\Users\Coop\AppData\Local\Temp\AVGDownloadManager\packages\41\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C8}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG10\PCTuneup\MicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C8}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG10\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A30}\LocalServer32]
@="C:\PROGRA~2\AVG\AVG2012\PCTuneup\MICROS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}]
"LocalizedString"="@C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll,-200"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}\InprocServer32]
@="C:\PROGRA~2\AVG\AVG2012\PCTuneup\MICROS~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C8}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG10\PCTuneup\MicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C8}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG10\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}\1.0\0\win64]
@="C:\Program Files (x86)\AVG\AVG10\avgppa.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG10\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Windows\system32\Drivers\AVG\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03417262F87C7FE4AAD0D2FBFC7CB9F3]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\scanlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E9A06E17F2CBFC42908A7AD66EF5401]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\corelog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F391EB72F3A0F44798692F96613B5A0]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\tdilog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41ED20A6906033F43860CECF0824F36F]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\privlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\47267D11CB256E640ADFDCA61B72D247]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\cfgexlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5522F383C5285CC459238472161300DA]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\cfglog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\583CA4CF0AC7F8843A84E5D8130C367A]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\ldrlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D70FD512AFFB5C459F4EB79441AB0CA]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\rslog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6692140C420A7034BB32511EEF6A4046]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\avgss.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B73052A1DF4DEC4F82474ABD9C86A1D]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\csllog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\84A020F387925634F9769E7BFE004F20]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\wdlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9238717B266ADD643AD39013EA460A97]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\arklog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1134359B7955984A9B6A1FC0EEB7EBE]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\nslog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4DF15DF1AEF0BC4194959FAC3C8D515]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\chjwlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEA16B55A833DBE4784A89E373C82EF0]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\publog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6240439242E4BC4E8F83A199AC2AEE2]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\vaultlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9416FA855A98BF4792271554BFDAABB]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\lnglog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBBE5F8AE6A8DE247A8A775E67E44B3C]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\avguilog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBD102EF66D93CB4A8C6AA14FD2335B3]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\updlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEA9A6D8B5FDFB34B875367D1065891A]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\schedlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D55441B1479F59740AFBE9FDD2740122]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\srmlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E44FA2B654640724596D61083C5FD4A4]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\wdsvclog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F061708F3225D9D4D906120730B2AC2D]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\idplog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1C570715109D3A4A99BE27ED26855D8]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\avgmail.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2A8FCE0C74359D4093F67EC7D6E1500]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\emclog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F59EFE50136030B4E87919A92806215B]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\lscanlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\06AEBDCF0F97EAF4BB8A552AC606A994\InstallProperties]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\286FF0AF07CC75C439DC2E673F7E35E7\Features]
"BufferChm"=".S0lqB30%AOj!,Z!]ncTgu1}a'%%o9hE)^G_acXpx3!zWPhrq8&[email protected]`TPfRlK]77X%[email protected]+&!bx}Q([email protected]&R=StA6?)pL]VgbS1DI{yG?{?Bz?KvOvgwR^71Tm`57-{,d==LyKNnPe&woAx7]$V{DAr.FOVtqD+4?6m~^[email protected]'-P^VK^**e%+([N=dtG2a%5OvVPr~CF*p!)A`v[Z=?V88`dlrcialYK9(m^PihfvcI4K'yukD}29QsE=)[RC'Es-y[TC)[email protected]+=8++u&f&?A)h(jdoE[=uF5J)Sps6r${)[email protected](A'R$e?vlk4uVYSrBhg[m9h8F)%&4RPi}I-6Fx%AQ?j9B?vA4)F`CMeM(@Ym59b*6b,[email protected]@@TLaps(-*L3RoYe?O(8?&xpmZ6n4'XsOe{Asn~59D)yx$m=3RjYAocKj!-g=yz8q0E=&(S]X5ypsD_g?GMtt`1SuX2K0X-`[email protected]}~9$9=m$P3U7T]d){`8T(Z_^d1%[email protected]~t1RU}Ly{[email protected]=j3rj]jTSt$GmPwq=hT9EgI&*8q*[email protected]$M`qg{PQ$s,C3xF+G?~M^[!~VP0,(T]!-IG(QA0xsfl!&n~Z4rO3Ka21i8WXK48!{[email protected]=?A1~=t_Ong[a6=4(!{be_idi?~zLD%[4{[email protected]`t%^PhLwzuG2JcE=C%0U633!D)sY)Pj-]Y=9{c(_-a2bK5p`E%1V?jPAS~)p%1)Bak^kC[ei,~WAu5(PWmm+qt)LGan5Y0x=eg)5{Gk.yKa0]5,wHah8Iv4hBI{w(,wRO~UmH)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AECBBDF2BD264F546B5EE0F12B1A2FD9\InstallProperties]
"InstallSource"="C:\Users\Coop\AppData\Local\Temp\AVGDownloadManager\packages\41\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AECBBDF2BD264F546B5EE0F12B1A2FD9\InstallProperties]
"Publisher"="AVG Technologies CZ, s.r.o."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A30}\LocalServer32]
@="C:\PROGRA~2\AVG\AVG2012\PCTuneup\MICROS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}]
"LocalizedString"="@C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll,-200"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}\InprocServer32]
@="C:\PROGRA~2\AVG\AVG2012\PCTuneup\MICROS~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C8}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG10\PCTuneup\MicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C8}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG10\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}\1.0\0\win64]
@="C:\Program Files (x86)\AVG\AVG10\avgppa.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\12.0\Registration\{90120000-0016-0000-0000-0000000FF1CE}]
"Current"="TQBJAEMAUgBPAFMATwBGAFQAIABTAE8ARgBUAFcAQQBSAEUAIABMAEkAQwBFAE4AUwBFACAAVABFAFIATQBTAA0ACgAyADAAMAA3ACAATQBJAEMAUgBPAFMATwBGAFQAIABPAEYARgBJAEMARQAgAFMAWQBTAFQARQBNACAARABFAFMASwBUAE8AUAAgAEEAUABQAEwASQBDAEEAVABJAE8ATgAgAFMATwBGAFQAVwBBAFIARQANAAoAQgBlAGwAbwB3ACAAYQByAGUAIAB0AGgAcgBlAGUAIABzAGUAcABhAHIAYQB0AGUAIABzAGUAdABzACAAbwBmACAATABpAGMAZQBuAHMAZQAgAFQAZQByAG0AcwAuAKAAIABPAG4AbAB5ACAAbwBuAGUAIABzAGUAdAAgAGEAcABwAGwAaQBlAHMAIAB0AG8AIAB5AG8AdQAuAKAAIABUAG8AIABkAGUAdABlAHIAbQBpAG4AZQAgAHcAaABpAGMAaAAgAEwAaQBjAGUAbgBzAGUAIABUAGUAcgBtAHMAIABhAHAAcABsAHkAIAB0AG8AIAB5AG8AdQAgAGMAaABlAGMAawAgAHQAaABlACAAbABpAGMAZQBuAHMAZQAgAGQAZQBzAGkAZwBuAGEAdABpAG8AbgAgAHAAcgBpAG4AdABlAGQAIABlAGkAdABoAGUAcgAgAG8AbgAgAHkAbwB1AHIAIABwAHIAbwBkAHUAYwB0ACAAawBlAHkALAAgAG4AZQBhAHIAIAB0AGgAZQAgAHAAcgBvAGQAdQBjAHQAIABuAGEAbQBlACAAbwBuACAAeQBvAHUAcgAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAG8AZgAgAEEAdQB0AGgAZQBuAHQA
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\12.0\Registration\{90120000-0018-0000-0000-0000000FF1CE}]
"Current"="TQBJAEMAUgBPAFMATwBGAFQAIABTAE8ARgBUAFcAQQBSAEUAIABMAEkAQwBFAE4AUwBFACAAVABFAFIATQBTAA0ACgAyADAAMAA3ACAATQBJAEMAUgBPAFMATwBGAFQAIABPAEYARgBJAEMARQAgAFMAWQBTAFQARQBNACAARABFAFMASwBUAE8AUAAgAEEAUABQAEwASQBDAEEAVABJAE8ATgAgAFMATwBGAFQAVwBBAFIARQANAAoAQgBlAGwAbwB3ACAAYQByAGUAIAB0AGgAcgBlAGUAIABzAGUAcABhAHIAYQB0AGUAIABzAGUAdABzACAAbwBmACAATABpAGMAZQBuAHMAZQAgAFQAZQByAG0AcwAuAKAAIABPAG4AbAB5ACAAbwBuAGUAIABzAGUAdAAgAGEAcABwAGwAaQBlAHMAIAB0AG8AIAB5AG8AdQAuAKAAIABUAG8AIABkAGUAdABlAHIAbQBpAG4AZQAgAHcAaABpAGMAaAAgAEwAaQBjAGUAbgBzAGUAIABUAGUAcgBtAHMAIABhAHAAcABsAHkAIAB0AG8AIAB5AG8AdQAgAGMAaABlAGMAawAgAHQAaABlACAAbABpAGMAZQBuAHMAZQAgAGQAZQBzAGkAZwBuAGEAdABpAG8AbgAgAHAAcgBpAG4AdABlAGQAIABlAGkAdABoAGUAcgAgAG8AbgAgAHkAbwB1AHIAIABwAHIAbwBkAHUAYwB0ACAAawBlAHkALAAgAG4AZQBhAHIAIAB0AGgAZQAgAHAAcgBvAGQAdQBjAHQAIABuAGEAbQBlACAAbwBuACAAeQBvAHUAcgAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAG8AZgAgAEEAdQB0AGgAZQBuAHQA
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\12.0\Registration\{90120000-001B-0000-0000-0000000FF1CE}]
"Current"="TQBJAEMAUgBPAFMATwBGAFQAIABTAE8ARgBUAFcAQQBSAEUAIABMAEkAQwBFAE4AUwBFACAAVABFAFIATQBTAA0ACgAyADAAMAA3ACAATQBJAEMAUgBPAFMATwBGAFQAIABPAEYARgBJAEMARQAgAFMAWQBTAFQARQBNACAARABFAFMASwBUAE8AUAAgAEEAUABQAEwASQBDAEEAVABJAE8ATgAgAFMATwBGAFQAVwBBAFIARQANAAoAQgBlAGwAbwB3ACAAYQByAGUAIAB0AGgAcgBlAGUAIABzAGUAcABhAHIAYQB0AGUAIABzAGUAdABzACAAbwBmACAATABpAGMAZQBuAHMAZQAgAFQAZQByAG0AcwAuAKAAIABPAG4AbAB5ACAAbwBuAGUAIABzAGUAdAAgAGEAcABwAGwAaQBlAHMAIAB0AG8AIAB5AG8AdQAuAKAAIABUAG8AIABkAGUAdABlAHIAbQBpAG4AZQAgAHcAaABpAGMAaAAgAEwAaQBjAGUAbgBzAGUAIABUAGUAcgBtAHMAIABhAHAAcABsAHkAIAB0AG8AIAB5AG8AdQAgAGMAaABlAGMAawAgAHQAaABlACAAbABpAGMAZQBuAHMAZQAgAGQAZQBzAGkAZwBuAGEAdABpAG8AbgAgAHAAcgBpAG4AdABlAGQAIABlAGkAdABoAGUAcgAgAG8AbgAgAHkAbwB1AHIAIABwAHIAbwBkAHUAYwB0ACAAawBlAHkALAAgAG4AZQBhAHIAIAB0AGgAZQAgAHAAcgBvAGQAdQBjAHQAIABuAGEAbQBlACAAbwBuACAAeQBvAHUAcgAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAG8AZgAgAEEAdQB0AGgAZQBuAHQA
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}]
"InstallSource"="C:\Users\Coop\AppData\Local\Temp\AVGDownloadManager\packages\41\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}]
"Publisher"="AVG Technologies CZ, s.r.o."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSEH]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSEH\0000]
"Service"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSEH\0000]
"DeviceDesc"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSFILTER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"Service"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"DeviceDesc"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHA\0000]
"Service"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHA\0000]
"DeviceDesc"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64\0000]
"Service"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA\0000]
"Service"="AvgTdiA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG8 Network Redirector"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F49619DC-03A8-4CB3-A6DD-132498A315EB}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EAFCA4A2-86F9-4BC3-AF95-C869AC302148}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSEH]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSEH\0000]
"Service"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSEH\0000]
"DeviceDesc"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSFILTER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"Service"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"DeviceDesc"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSHA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSHA\0000]
"Service"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSHA\0000]
"DeviceDesc"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64\0000]
"Service"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA\0000]
"Service"="AvgTdiA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG8 Network Redirector"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F49619DC-03A8-4CB3-A6DD-132498A315EB}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EAFCA4A2-86F9-4BC3-AF95-C869AC302148}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH\0000]
"Service"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH\0000]
"DeviceDesc"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSFILTER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"Service"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"DeviceDesc"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA\0000]
"Service"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA\0000]
"DeviceDesc"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64\0000]
"Service"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA\0000]
"Service"="AvgTdiA"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG8 Network Redirector"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F49619DC-03A8-4CB3-A6DD-132498A315EB}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EAFCA4A2-86F9-4BC3-AF95-C869AC302148}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|Edge=FALSE|"
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayRSAlert]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinished]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanStarted]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayWSAlert]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Avg]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Avg\Avg9]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Avg]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Avg\Avg2012]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-19\AppEvents\EventLabels\avgtrayRSAlert]
[HKEY_USERS\S-1-5-19\AppEvents\EventLabels\avgtrayScanFinished]
[HKEY_USERS\S-1-5-19\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[HKEY_USERS\S-1-5-19\AppEvents\EventLabels\avgtrayScanStarted]
[HKEY_USERS\S-1-5-19\AppEvents\EventLabels\avgtrayWSAlert]
[HKEY_USERS\S-1-5-19\Software\AppDataLow\Avg]
[HKEY_USERS\S-1-5-19\Software\AppDataLow\Avg\Avg9]
[HKEY_USERS\S-1-5-20\AppEvents\EventLabels\avgtrayRSAlert]
[HKEY_USERS\S-1-5-20\AppEvents\EventLabels\avgtrayScanFinished]
[HKEY_USERS\S-1-5-20\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[HKEY_USERS\S-1-5-20\AppEvents\EventLabels\avgtrayScanStarted]
[HKEY_USERS\S-1-5-20\AppEvents\EventLabels\avgtrayWSAlert]
[HKEY_USERS\S-1-5-20\Software\AppDataLow\Avg]
[HKEY_USERS\S-1-5-20\Software\AppDataLow\Avg\Avg9]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\AppEvents\EventLabels\avgtrayRSAlert]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\AppEvents\EventLabels\avgtrayScanFinished]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\AppEvents\EventLabels\avgtrayScanStarted]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\AppEvents\EventLabels\avgtrayWSAlert]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\AppDataLow\Software\Avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\AppDataLow\Software\Avg\Avg2012]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG10\avgtray.exe"="06/12/2011 2:55 PM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG10\IDENTITY PROTECTION\Agent\Bin\AVGIDSMONITOR.EXE"="06/12/2011 2:55 PM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG10\avgui.exe"="06/22/2011 5:16 PM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\ActiveTasks]
"C:\Program Files (x86)\AVG\AVG10\PCTuneup\MicroScanner.exe"="07/30/2011 1:17 PM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG2012\avgtray.exe"="10/03/2011 7:28 PM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\ActiveTasks]
"C:\PROGRAM FILES (X86)\AVG\AVG2012\avgui.exe"="11/06/2011 11:31 AM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files (x86)\AVG\AVG10\avgssie.dll"="06/12/2011 2:55 PM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\Services]
"C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe"="06/12/2011 2:55 PM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\Detected\Services]
"C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe"="06/12/2011 2:55 PM"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\WinPatrol\IEHelpers]
"AVG Internet Security"="900"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\WinPatrol\Services]
"AVGIDSAgent"="700"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\BillP Studios\WinPatrol\Services]
"AVG WatchDog"="700"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG8Uninstall]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG9Uninstall]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\WinRAR\VirusScan]
"DefScanner"="AVG Anti-Virus"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe"="AVG Installer Application"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Coop\Downloads\avg_remover_stf_x64_2012_2125.exe"="AVG Remover Utility"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Applications\avgtray.exe]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Applications\avgtray.exe]
"TaskbarGroupIcon"="C:\Program Files (x86)\AVG\AVG2012\avguires.dll,-128"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Applications\avgui.exe]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Applications\avgui.exe]
"TaskbarGroupIcon"="C:\Program Files (x86)\AVG\AVG2012\avguires.dll,-128"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe"="AVG Installer Application"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Coop\Downloads\avg_remover_stf_x64_2012_2125.exe"="AVG Remover Utility"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe"="AVG Installer Application"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Coop\Downloads\avg_remover_stf_x64_2012_2125.exe"="AVG Remover Utility"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Applications\avgtray.exe]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Applications\avgtray.exe]
"TaskbarGroupIcon"="C:\Program Files (x86)\AVG\AVG2012\avguires.dll,-128"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Applications\avgui.exe]
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Applications\avgui.exe]
"TaskbarGroupIcon"="C:\Program Files (x86)\AVG\AVG2012\avguires.dll,-128"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe"="AVG Installer Application"
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Coop\Downloads\avg_remover_stf_x64_2012_2125.exe"="AVG Remover Utility"
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avgtrayRSAlert]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avgtrayScanFinished]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avgtrayScanStarted]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avgtrayWSAlert]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Avg]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Avg\Avg9]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Avg]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Avg\Avg2012]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]

-= EOF =-


----------



## rcoops72 (Jun 11, 2011)

AVG Forum post

http://forums.avg.com/ca-en/avg-forums?sec=thread&act=show&id=215157


----------



## Cookiegal (Aug 27, 2003)

I kow the ones that show ZoneMap\Domains don't need to be removed as those are blocking malicious sites that have "avg" in their names. But there are still too many that I'm not sure unfortunately.


----------



## Cookiegal (Aug 27, 2003)

I just saw your last post. Great. We'll see what they say there.


----------



## rcoops72 (Jun 11, 2011)

Nothing yet..We have time 

BTW your opinion keeping a PC safe.

Run MSE quick scan once a week
Run Malwarebytes once a week
Run CCleaner (not Reg portion) once a week
Run Spybot (immune only) once a week

And off course all Windows, application updates as they come in.


----------



## Cookiegal (Aug 27, 2003)

The above sounds like a good plan to me. 

You could also use Secunia to make sure all programs are up to date.

http://secunia.com/vulnerability_scanning/online/


----------



## rcoops72 (Jun 11, 2011)

cool I am running that now 

So far found Flash Player 11...


----------



## Cookiegal (Aug 27, 2003)

It's a good tool to help keep your computer secure.


----------



## rcoops72 (Jun 11, 2011)

6 Views over at AVG, but no responses yet..I guess we keep waiting  Hope all is well!


----------



## rcoops72 (Jun 11, 2011)

Cookie below is the response. In the meantime should I use that Clean up on OTL and uninstall Combofix etc..


Hello Sircoop,

We would like to inform you that all necessary files and registry keys are removed during AVG Uninstallation process or by AVG Remover tool. 

We have passed provided log file to our developers for analysis. We will keep you informed in this thread.

Thank you.


----------



## Cookiegal (Aug 27, 2003)

At least there's a response and it sounds like more information to come.


----------



## rcoops72 (Jun 11, 2011)

Hey Cookiegal - Well it has been over a month and AVG still have not responded 

Do you think I should clean the rest of the PC? I still have all of the programs on my desktop.

PS I hope all is well!


----------



## Cookiegal (Aug 27, 2003)

Well that's disappointing. There are far too many registry keys to try to create a registry fix. How's everything else? I don't remember where we left things off.

If the removal tool didn't work it makes me believe that something was blocking it or restoring the entries (like SpyBot Search & Destroy). Try running the removal tool again but in safe mode, if you haven't tried that already.


----------



## rcoops72 (Jun 11, 2011)

oops sorry I did not see your post from 9/30  my fault.

Actually we did not run the clean up yet, we were waiting on AVG 

Right now on my desktop we have:

dds
OTL
TDSKiller
SystemLook
awsMBR
Puppy
MBR (Zip File)
MBR.dat


What should I run first?


----------



## Cookiegal (Aug 27, 2003)

There are special instructions for deleting ComboFix (puppy) so I'll post them that after the following:

You can drag these to the Recycle Bin:

dds
TDSKiller
SystemLook
awsMBR

You can delete these as they were just copies of the MBR created for backup purposes.

MBR (Zip File)
MBR.dat


OTL has a routine to uninstall itself but right now there's a possible but so let's just leave it. Once I hear it's been taken care of we'll delete the OTL.exe by dragging it to the recycle bin and downloading the lastest version before uninstalling it.


----------



## rcoops72 (Jun 11, 2011)

Ok I only have Puppy and OTL left.


----------



## Cookiegal (Aug 27, 2003)

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there (the screenshot is just for illustration purposes but the actual command uses the entire word "uninstall" and not just the "u" as shown in the picture).










Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.


----------



## rcoops72 (Jun 11, 2011)

Cookie I must be tired..I have Vista 64 bit. I do not have a RUN, just the start search bar. When I type puppy /uninstall it does not work


----------



## Cookiegal (Aug 27, 2003)

Sorry, I forgot you were running Vista.

Please follow these steps to uninstall ComboFix and all of its files and components.

Click the *START button* then in the *SEARCH field* type *ComboFix /uninstall* then press Enter. Note the *space* between the *x* and the */* as it needs to be there.

You will see a warning asking if you are sure you want to run ComboFix. Please click on the *Run* button to start the program and ComboFix will proceed to uninstall itself.


----------



## rcoops72 (Jun 11, 2011)

Hey Cookie I type puppy /uninstall and click enter and nothing comes up


----------



## Cookiegal (Aug 27, 2003)

Even though we renamed it puppy, you still have to type combofix /uinstall.


----------



## rcoops72 (Jun 11, 2011)

I typed

combofix /unistall

puppy.exe box pops up and reads:

Windows cannot find 'puppy.exe'. Make sure you typed the name correctly, and then try again.

So strange.

The puppy.exe is on my desktop screen


----------



## Cookiegal (Aug 27, 2003)

rcoops72 said:


> I typed
> 
> combofix /unistall
> 
> ...


Did you type the command correctly? I notice you left out the second "n" in the word "uninstall".


----------



## rcoops72 (Jun 11, 2011)

Yup sorry about that (Typo in message) I did type combofix /uninstall


----------



## Cookiegal (Aug 27, 2003)

I don't know why it won't uninstall that way but let's try another method.

Right-click the puppy.exe file on your desktop and select "rename" and rename it:

*uninstall.exe*

Then double-click on uninstall.exe and it should uninstall the program.


----------



## rcoops72 (Jun 11, 2011)

Hey Cookie I did what you said and now my puppy.exe file says uninstall.exe

And it worked. First time I renamed it, it went to uninstall.exe.exe lol and it can COMOBO Fix...Here is the log if you want to give it a fresh look for me 

Only OTL is left to uninstall

ComboFix 12-08-20.02 - Coop 10/07/2012 19:39:22.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2362 [GMT -4:00]
Running from: c:\users\Coop\Desktop\uninstall.exe.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-07 to 2012-10-07 )))))))))))))))))))))))))))))))
.
.
2012-10-07 23:45 . 2012-10-07 23:45	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-10-07 23:45 . 2012-10-07 23:45	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-10-07 23:45 . 2012-10-07 23:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-07 23:45 . 2012-10-07 23:45	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2012-10-07 20:13 . 2012-08-30 07:27	9308616	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89DBDE83-47B7-4F6D-81AA-7600CD0E3A11}\mpengine.dll
2012-10-07 15:34 . 2012-08-30 07:27	9308616	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-06 18:23 . 2012-10-06 18:23	--------	d-----w-	c:\users\Coop\AppData\Local\NBGI
2012-10-06 18:00 . 2012-10-06 18:00	--------	d-----w-	c:\programdata\RELOADED
2012-10-06 02:22 . 2012-10-03 22:54	972192	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9DD3A79-828C-4FF7-9890-C67A64C1603F}\gapaengine.dll
2012-10-03 22:55 . 2012-10-03 22:54	972192	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-21 22:56 . 2012-09-21 22:56	73696	----a-w-	c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-15 19:57 . 2012-08-21 17:01	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-15 19:57 . 2012-09-15 19:57	--------	d-----w-	c:\program files\iPod
2012-09-15 19:57 . 2012-09-15 19:57	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-15 19:57 . 2012-09-15 19:57	--------	d-----w-	c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 23:12 . 2006-11-02 12:35	64462936	----a-w-	c:\windows\system32\mrt.exe
2012-09-07 21:04 . 2011-06-12 00:15	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-31 02:03 . 2012-08-31 02:03	228768	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2012-03-21 00:44	128456	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-29 00:24 . 2012-06-14 22:59	477168	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-08-29 00:24 . 2010-05-20 03:48	473072	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-08-25 23:40 . 2012-04-06 17:21	696520	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-25 23:40 . 2011-06-05 15:03	73416	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-21 17:01 . 2009-09-26 21:29	125872	----a-w-	c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2009-09-26 21:29	106928	----a-w-	c:\windows\SysWow64\GEARAspi.dll
.
.
((((((((((((((((((((((((((((( SnapSh[email protected]_03.21.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-08-16 00:00 . 2012-06-28 00:08	73216 c:\windows\SysWOW64\mshtmled.dll
+ 2012-09-21 22:51 . 2012-08-24 06:44	73216 c:\windows\SysWOW64\mshtmled.dll
- 2012-08-16 00:00 . 2012-06-28 00:13	66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-09-21 22:51 . 2012-08-24 06:48	66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-09-21 22:51 . 2012-08-24 06:48	65024 c:\windows\SysWOW64\jsproxy.dll
- 2012-08-16 00:00 . 2012-06-28 00:13	65024 c:\windows\SysWOW64\jsproxy.dll
+ 2008-01-21 03:20 . 2012-10-06 15:31	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-08-18 15:22	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-23 22:57 . 2012-10-06 15:31	49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-23 22:57 . 2012-08-18 15:22	49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-10-06 15:31	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2012-08-18 15:22	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-25 23:42 . 2012-08-25 23:42	87925 c:\windows\SysWOW64\Adobe\Shockwave 11\uninstaller.exe
+ 2012-08-08 16:15 . 2012-08-08 16:15	86016 c:\windows\SysWOW64\Adobe\Shockwave 11\SwMenu.dll
+ 2012-08-08 15:58 . 2012-08-08 15:58	73408 c:\windows\SysWOW64\Adobe\Shockwave 11\gtapi.dll
+ 2012-08-08 15:58 . 2012-08-08 15:58	64512 c:\windows\SysWOW64\Adobe\Shockwave 11\gcapi_dll.dll
+ 2012-08-08 16:15 . 2012-08-08 16:15	12800 c:\windows\SysWOW64\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-01-21 02:23 . 2012-10-07 23:48	80130 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-01 17:27 . 2012-10-07 23:49	29252 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2800502796-835880612-2508068223-1000_UserData.bin
+ 2012-09-21 22:51 . 2012-08-24 10:10	96768 c:\windows\system32\mshtmled.dll
- 2012-08-16 00:00 . 2012-06-28 03:13	96768 c:\windows\system32\mshtmled.dll
+ 2012-09-21 22:51 . 2012-08-24 10:17	86528 c:\windows\system32\migration\WininetPlugin.dll
- 2012-08-16 00:00 . 2012-06-28 03:18	86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-09-21 22:51 . 2012-08-24 10:17	85504 c:\windows\system32\jsproxy.dll
- 2012-08-16 00:00 . 2012-06-28 03:17	85504 c:\windows\system32\jsproxy.dll
+ 2012-09-15 19:57 . 2012-08-21 17:01	33240 c:\windows\system32\DRVSTORE\GEARAspiWD_53DFBC3344EBC2614851E0BF38F60B616DF86778\x64\GEARAspiWDM.sys
+ 2012-07-09 17:42 . 2012-07-09 17:42	52736 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_d0061602\usbaapl64.sys
+ 2012-07-09 17:42 . 2012-07-09 17:42	52736 c:\windows\system32\drivers\usbaapl64.sys
- 2012-02-15 15:01 . 2012-02-15 15:01	52736 c:\windows\system32\drivers\usbaapl64.sys
- 2010-02-14 04:56 . 2009-12-08 17:55	40448 c:\windows\system32\drivers\tcpipreg.sys
+ 2012-05-10 23:00 . 2012-03-29 14:22	40448 c:\windows\system32\drivers\tcpipreg.sys
- 2008-11-01 17:25 . 2012-08-18 18:35	16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-01 17:25 . 2012-10-06 00:55	16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-08-18 18:35 . 2012-08-18 18:35	32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-08-18 18:35 . 2012-10-06 00:55	32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-01 17:25 . 2012-10-06 00:55	16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-01 17:25 . 2012-08-18 18:35	16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-24 20:21 . 2012-08-24 20:21	28672 c:\windows\Installer\bf63fd.msi
+ 2012-08-25 23:42 . 2012-08-25 23:42	10134 c:\windows\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}\ARPPRODUCTICON.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55	73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55	17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55	88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55	64952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\armsvc.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55	49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55	17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55	63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2012-08-28 01:33 . 2012-08-28 01:33	53608 c:\windows\Installer\$PatchCache$\Managed\0212CE3624715264AA746C8AEA9C6CC4\2.2.2\pthreadVC2.dll
+ 2012-08-28 01:32 . 2012-08-28 01:32	75624 c:\windows\Installer\$PatchCache$\Managed\0212CE3624715264AA746C8AEA9C6CC4\2.2.2\ASL.dll
+ 2012-08-28 01:32 . 2012-08-28 01:32	17256 c:\windows\Installer\$PatchCache$\Managed\0212CE3624715264AA746C8AEA9C6CC4\2.2.2\AppleVersions.dll
+ 2006-11-02 12:40 . 2012-09-15 19:55	86016 c:\windows\inf\infstor.dat
- 2006-11-02 12:40 . 2012-06-16 18:16	86016 c:\windows\inf\infstor.dat
+ 2006-11-02 12:40 . 2012-09-15 19:55	51200 c:\windows\inf\infpub.dat
- 2006-11-02 12:40 . 2012-06-16 18:16	51200 c:\windows\inf\infpub.dat
- 2011-12-18 22:58 . 2011-12-18 22:58	12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2012-10-06 18:18 . 2012-10-06 18:18	12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2012-10-06 18:18 . 2012-10-06 18:18	53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2011-12-18 22:58 . 2011-12-18 22:58	53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2012-10-07 23:47 . 2012-10-07 23:47	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-20 03:21 . 2012-08-20 03:21	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-20 03:21 . 2012-08-20 03:21	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-10-07 23:47 . 2012-10-07 23:47	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-21 22:51 . 2012-08-24 06:47	420864 c:\windows\SysWOW64\vbscript.dll
- 2011-06-21 23:10 . 2011-06-21 23:10	420864 c:\windows\SysWOW64\vbscript.dll
+ 2012-09-21 22:51 . 2012-08-24 06:49	231936 c:\windows\SysWOW64\url.dll
- 2012-08-16 00:00 . 2012-06-28 00:16	231936 c:\windows\SysWOW64\url.dll
+ 2012-09-21 22:51 . 2012-08-24 06:45	607744 c:\windows\SysWOW64\msfeeds.dll
+ 2012-08-25 23:40 . 2012-08-25 23:40	690888 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe
+ 2012-08-24 22:34 . 2012-08-25 23:36	690888 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
+ 2012-08-24 22:34 . 2012-08-25 23:36	474824 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.dll
+ 2012-04-06 17:21 . 2012-08-25 23:40	250568 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-09-21 22:51 . 2012-08-24 06:47	717824 c:\windows\SysWOW64\jscript.dll
- 2012-08-16 00:00 . 2012-06-28 00:10	717824 c:\windows\SysWOW64\jscript.dll
+ 2012-09-02 21:43 . 2012-08-29 00:10	157680 c:\windows\SysWOW64\javaws.exe
+ 2012-09-02 21:43 . 2012-08-29 00:10	149488 c:\windows\SysWOW64\javaw.exe
+ 2012-09-02 21:43 . 2012-08-29 00:09	149488 c:\windows\SysWOW64\java.exe
+ 2012-09-21 22:51 . 2012-08-24 06:47	142848 c:\windows\SysWOW64\ieUnatt.exe
- 2012-08-16 00:00 . 2012-06-28 00:12	142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-09-21 22:51 . 2012-08-24 06:40	176640 c:\windows\SysWOW64\ieui.dll
- 2012-08-16 00:00 . 2012-06-28 00:04	176640 c:\windows\SysWOW64\ieui.dll
+ 2012-08-08 15:58 . 2012-08-08 15:58	284600 c:\windows\SysWOW64\Adobe\Shockwave 11\SymCCIS.dll
+ 2012-08-08 16:15 . 2012-08-08 16:15	114176 c:\windows\SysWOW64\Adobe\Shockwave 11\SwInit.exe
+ 2012-08-08 16:16 . 2012-08-08 16:16	434176 c:\windows\SysWOW64\Adobe\Shockwave 11\Proj.dll
+ 2012-08-08 16:15 . 2012-08-08 16:15	366592 c:\windows\SysWOW64\Adobe\Shockwave 11\Plugin.dll
+ 2012-08-08 16:02 . 2012-08-08 16:02	990208 c:\windows\SysWOW64\Adobe\Shockwave 11\iml32.dll
+ 2012-08-08 16:14 . 2012-08-08 16:14	544256 c:\windows\SysWOW64\Adobe\Shockwave 11\Control.dll
+ 2012-08-08 16:22 . 2012-08-08 16:22	143840 c:\windows\SysWOW64\Adobe\Director\SWDNLD.EXE
+ 2012-08-08 16:22 . 2012-08-08 16:22	323552 c:\windows\SysWOW64\Adobe\Director\SwDir_1166636.dll
+ 2012-08-08 16:15 . 2012-08-08 16:15	195584 c:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
+ 2006-11-02 15:45 . 2012-10-07 23:49	134912 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2012-09-21 22:51 . 2012-08-24 10:13	599040 c:\windows\system32\vbscript.dll
+ 2012-09-21 22:51 . 2012-08-24 10:18	237056 c:\windows\system32\url.dll
- 2012-08-16 00:00 . 2012-06-28 03:19	237056 c:\windows\system32\url.dll
- 2006-11-02 12:46 . 2012-08-19 22:10	604502 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-10-07 15:28	604502 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-10-07 15:28	104202 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-08-19 22:10	104202 c:\windows\system32\perfc009.dat
+ 2012-09-21 22:51 . 2012-08-24 10:11	729088 c:\windows\system32\msfeeds.dll
+ 2009-10-03 17:44 . 2012-01-31 12:44	279656 c:\windows\system32\MpSigStub.exe
+ 2012-08-25 23:40 . 2012-08-25 23:40	420552 c:\windows\system32\Macromed\Flash\FlashUtil64_11_4_402_265_Plugin.exe
+ 2012-08-24 22:34 . 2012-08-25 23:36	420552 c:\windows\system32\Macromed\Flash\FlashUtil64_11_4_402_265_ActiveX.exe
+ 2012-08-24 22:34 . 2012-08-25 23:36	522952 c:\windows\system32\Macromed\Flash\FlashUtil64_11_4_402_265_ActiveX.dll
+ 2012-09-21 22:51 . 2012-08-24 10:14	816640 c:\windows\system32\jscript.dll
- 2012-08-16 00:00 . 2012-06-28 03:16	816640 c:\windows\system32\jscript.dll
- 2012-08-16 00:00 . 2012-06-28 03:16	173056 c:\windows\system32\ieUnatt.exe
+ 2012-09-21 22:51 . 2012-08-24 10:14	173056 c:\windows\system32\ieUnatt.exe
- 2012-08-16 00:00 . 2012-06-28 03:08	248320 c:\windows\system32\ieui.dll
+ 2012-09-21 22:51 . 2012-08-24 10:04	248320 c:\windows\system32\ieui.dll
+ 2012-08-24 16:46 . 2010-04-06 08:34	345984 c:\windows\system32\drivers\netio.sys
- 2006-11-02 15:17 . 2009-12-21 05:06	262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2006-11-02 15:17 . 2012-08-24 14:42	262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2010-11-05 02:50 . 2012-08-20 03:20	245732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-11-05 02:50 . 2012-10-07 23:45	245732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-24 00:23 . 2012-08-24 04:37	354948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2800502796-835880612-2508068223-500-12288.dat
+ 2012-08-25 23:42 . 2012-08-25 23:42	430592 c:\windows\Installer\170ebd2.msi
+ 2012-10-01 23:09 . 2012-10-01 23:09	109563 c:\windows\Installer\{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}\SCEP.exe
+ 2012-10-01 23:09 . 2012-10-01 23:09	123352 c:\windows\Installer\{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}\MSEPrerelease.exe
+ 2012-10-01 23:09 . 2012-10-01 23:09	123352 c:\windows\Installer\{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}\MSE.exe
+ 2012-10-01 23:09 . 2012-10-01 23:09	109563 c:\windows\Installer\{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}\INTUNE.exe
+ 2012-10-01 23:09 . 2012-10-01 23:09	109563 c:\windows\Installer\{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}\FEP.exe
+ 2012-10-01 23:09 . 2012-10-01 23:09	109563 c:\windows\Installer\{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}\EPP.exe
+ 2012-08-24 16:47 . 2012-08-24 16:47	109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-08-24 16:47 . 2012-08-24 16:47	123352 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe
+ 2012-08-24 16:47 . 2012-08-24 16:47	109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-08-24 16:47 . 2012-08-24 16:47	109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
+ 2012-08-24 16:47 . 2012-08-24 16:47	109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2012-09-15 19:57 . 2012-09-15 19:57	380928 c:\windows\Installer\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}\iTunesIco.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55	249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	686464 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JP2KLib.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	595344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AXSLE.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55	102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55	205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2012-08-28 01:33 . 2012-08-28 01:33	124776 c:\windows\Installer\$PatchCache$\Managed\0212CE3624715264AA746C8AEA9C6CC4\2.2.2\objc.dll
+ 2012-08-28 01:33 . 2012-08-28 01:33	329576 c:\windows\Installer\$PatchCache$\Managed\0212CE3624715264AA746C8AEA9C6CC4\2.2.2\libtidy.dll
- 2006-11-02 12:40 . 2012-06-16 18:16	143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 12:40 . 2012-09-15 19:55	143360 c:\windows\inf\infstrng.dat
- 2011-12-18 22:58 . 2011-12-18 22:58	223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2012-10-06 18:18 . 2012-10-06 18:18	223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2012-10-06 18:18 . 2012-10-06 18:18	178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2011-12-18 22:58 . 2011-12-18 22:58	178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2011-12-18 22:58 . 2011-12-18 22:58	364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2012-10-06 18:18 . 2012-10-06 18:18	364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2012-10-06 18:18 . 2012-10-06 18:18	159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-12-18 22:58 . 2011-12-18 22:58	159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2012-10-06 18:18 . 2012-10-06 18:18	145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-12-18 22:58 . 2011-12-18 22:58	145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2012-10-06 18:18 . 2012-10-06 18:18	578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-18 22:58 . 2011-12-18 22:58	578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-10-06 18:18 . 2012-10-06 18:18	578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-18 22:58 . 2011-12-18 22:58	578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-18 22:58 . 2011-12-18 22:58	577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-10-06 18:18 . 2012-10-06 18:18	577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-18 22:58 . 2011-12-18 22:58	577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-10-06 18:18 . 2012-10-06 18:18	577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-10-06 18:18 . 2012-10-06 18:18	577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-18 22:58 . 2011-12-18 22:58	577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-18 22:58 . 2011-12-18 22:58	576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-10-06 18:17 . 2012-10-06 18:17	576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-10-06 18:17 . 2012-10-06 18:17	567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-18 22:58 . 2011-12-18 22:58	567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-10-06 18:17 . 2012-10-06 18:17	563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-18 22:58 . 2011-12-18 22:58	563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-10-06 18:18 . 2012-10-06 18:18	473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2011-12-18 22:58 . 2011-12-18 22:58	473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-09-21 22:51 . 2012-08-24 06:51	1129472 c:\windows\SysWOW64\wininet.dll
- 2012-08-16 00:00 . 2012-06-28 00:18	1129472 c:\windows\SysWOW64\wininet.dll
+ 2012-09-21 22:51 . 2012-08-24 06:51	1103872 c:\windows\SysWOW64\urlmon.dll
- 2012-08-16 00:00 . 2012-06-28 00:18	1103872 c:\windows\SysWOW64\urlmon.dll
+ 2012-08-25 23:40 . 2012-08-25 23:40	9813704 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
+ 2012-08-25 23:40 . 2012-08-25 23:40	1807560 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
+ 2012-09-21 22:51 . 2012-08-24 06:59	1800704 c:\windows\SysWOW64\jscript9.dll
- 2012-08-16 00:00 . 2012-06-28 00:27	1800704 c:\windows\SysWOW64\jscript9.dll
+ 2012-09-21 22:51 . 2012-08-24 06:44	1793024 c:\windows\SysWOW64\iertutil.dll
- 2012-08-16 00:00 . 2012-06-28 00:08	1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-09-21 22:51 . 2012-08-24 07:03	9738240 c:\windows\SysWOW64\ieframe.dll
+ 2012-08-08 16:21 . 2012-08-08 16:21	1040864 c:\windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1166636.exe
+ 2012-08-08 15:58 . 2012-08-08 15:58	2376368 c:\windows\SysWOW64\Adobe\Shockwave 11\gt.exe
+ 2012-08-08 15:58 . 2012-08-08 15:58	1295872 c:\windows\SysWOW64\Adobe\Shockwave 11\gi.dll
+ 2012-08-08 16:04 . 2012-08-08 16:04	1742848 c:\windows\SysWOW64\Adobe\Shockwave 11\dirapi.dll
+ 2012-09-21 22:51 . 2012-08-24 10:21	1392128 c:\windows\system32\wininet.dll
- 2012-08-16 00:00 . 2012-06-28 03:21	1392128 c:\windows\system32\wininet.dll
+ 2012-07-09 17:42 . 2012-07-09 17:42	4547984 c:\windows\system32\usbaaplrc.dll
- 2012-08-16 00:00 . 2012-06-28 03:22	1346048 c:\windows\system32\urlmon.dll
+ 2012-09-21 22:51 . 2012-08-24 10:22	1346048 c:\windows\system32\urlmon.dll
+ 2012-09-21 22:51 . 2012-08-24 10:31	2312704 c:\windows\system32\jscript9.dll
- 2012-08-16 00:00 . 2012-06-28 03:28	2312704 c:\windows\system32\jscript9.dll
- 2012-08-16 00:00 . 2012-06-28 03:14	2144768 c:\windows\system32\iertutil.dll
+ 2012-09-21 22:51 . 2012-08-24 10:12	2144768 c:\windows\system32\iertutil.dll
+ 2012-07-09 17:42 . 2012-07-09 17:42	4547984 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_d0061602\usbaaplrc.dll
+ 2012-05-10 23:00 . 2012-03-30 12:45	1422720 c:\windows\system32\drivers\tcpip.sys
+ 2010-01-23 00:15 . 2012-10-07 23:45	2382424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-02-19 06:49 . 2012-10-07 23:45	8152588 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2800502796-835880612-2508068223-1000-8192.dat
+ 2011-06-22 20:02 . 2012-10-07 04:21	4515328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2800502796-835880612-2508068223-1000-4096.dat
+ 2011-06-22 01:45 . 2012-09-22 04:53	2652852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2800502796-835880612-2508068223-1000-12288.dat
+ 2012-09-15 19:57 . 2012-09-15 19:57	4744192 c:\windows\Installer\ef944b.msi
+ 2012-09-15 19:55 . 2012-09-15 19:55	2186752 c:\windows\Installer\ef84b4.msi
+ 2012-09-15 19:54 . 2012-09-15 19:54	1547776 c:\windows\Installer\ef8437.msi
+ 2012-08-24 20:20 . 2012-08-24 20:20	2295808 c:\windows\Installer\bf63f1.msi
+ 2012-10-01 23:09 . 2012-10-01 23:09	1679360 c:\windows\Installer\b7bda.msi
+ 2011-06-06 16:55 . 2011-06-06 16:55	2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 16:55 . 2011-06-06 16:55	6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	5509512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AGM.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55	1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2012-10-06 18:17 . 2012-10-06 18:17	2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-18 22:58 . 2011-12-18 22:58	2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-18 22:58 . 2011-12-18 22:58	2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-10-06 18:17 . 2012-10-06 18:17	2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-09-21 22:51 . 2012-08-24 07:27	12319744 c:\windows\SysWOW64\mshtml.dll
+ 2006-11-02 12:33 . 2012-09-21 22:53	11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2006-11-02 12:33 . 2012-08-16 00:02	11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-09-21 22:51 . 2012-08-24 11:15	17810944 c:\windows\system32\mshtml.dll
+ 2012-08-25 23:40 . 2012-08-25 23:40	12812488 c:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll
+ 2012-09-21 22:51 . 2012-08-24 10:39	10925568 c:\windows\system32\ieframe.dll
- 2012-08-16 00:00 . 2012-06-28 03:39	10925568 c:\windows\system32\ieframe.dll
+ 2012-07-28 01:20 . 2012-07-28 01:20	13123584 c:\windows\Installer\bf63f2.msp
+ 2012-10-06 18:22 . 2012-10-06 18:22	18962432 c:\windows\Installer\9b2064.msi
+ 2011-06-06 16:55 . 2011-06-06 16:55	24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"HostManager"="c:\program files (x86)\Common Files\AOL\1253675026\ee\AOLSoftware.exe" [2010-03-08 41800]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-7-19 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk *\0oodbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 250568]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 23:40]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2800502796-835880612-2508068223-1000Core.job
- c:\users\Coop\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-01 08:33]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2800502796-835880612-2508068223-1000UA.job
- c:\users\Coop\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-01 08:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-12 3832064]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2009-12-08 8151040]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.ascensus.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Coop\AppData\Roaming\Mozilla\Firefox\Profiles\sy8v5ryx.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:23,a1,9d,9e,80,85,25,86,ca,43,1b,ac,ff,bd,98,83,e7,ed,ec,db,a6,c2,7b,
44,e1,27,cb,8c,f6,76,4f,d3,bc,fe,e9,9e,56,3a,a2,80,33,5d,d7,86,27,97,c0,7f,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:47,f2,14,40,40,f2,99,3f,81,c8,88,8f,c8,b5,c1,a5,12,49,24,2e,b7,
02,3d,36,18,1e,46,7f,5e,4c,89,cf,12,90,ef,4a,cc,29,8a,6a,d9,68,51,b4,d5,11,\
"rkeysecu"=hex:f9,75,26,55,ef,e1,3d,43,d3,6f,26,0c,24,b1,fc,f5
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0011)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0011)
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="5BC6B0A72B9A16DBDBC6E06861CDBD6E3FB785C1F72C820E50681D03326DD34291991926987AD2018215280BD7EEE38E8A900281215FC331DCE2CC9E217AB52FFA868E640BF73B9FC4EF30BE2CCA620B15B490C70EBA1C5CEE77A5E2B6B5A7A0BFB8B1A3668510972ADE800771443396672541FB28AD5DB43247E1BCC93B75CF4A0F05F4908EB458FE1E87BB41B07376CD1D0B5C561B807694A8A06EB519110ECA1A743FF6EE3467531B178738D9E5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA6A0AC4980AC7933A2D97226D213B55575DECACEE4FD8E43CCEC75FE9EE1F516FD134321C731380D7A3D9E58417730A124DB790B285780535BB2DAAC91E209B25F36C6088B8635F700FAF1A87F771BB49F36C6C7524167857E4439D462D717665E5169824C3E0302F6829CEB05C3C4A73034FDC5C2C0583BB3C9B62236F1224A4F8DCCC311DF319CA69BDD7D5DD3E7E4B1E19D282CDD5DF98BB1B02105EC201F17584CE1B77342E06A542C9EEC203400950ED7F7142370692DA8B5C31A04FBC32FE27257F0072E07AF0031EFE7A9CE295E4C12A2D621865650A68ADE95F693BF27228082C0ABDDEE7CB44AF9D7F04FB9A5726876A2EA8133C361252C6A8C393C21CFEAA50179321D664C09A99B7E42AD979D2A2A7A983C92E6D431C8618CB087D2E7DA67DD867EB598E4B2CCE45B27A473ABD65435460330AF428E3695C2B61386AC2CD1587387065360C116B71771638F4027F27C12166628AD51D9F60078761B23EE53455F8AFB6865619E70450A50D1428665D0A1AB386DDEC07DC81B17E88393E7BF4DF2B5A9405DF661BA7ACD7938DC90EF049AEC49AF6157CE246AA9CA448B90CA6C55AC475777143D99D10A0C527F1ABABCA8F6623587C6DD73CABA1CF7DC9411753405AFBAA5057462EA85DDC45DA853F5FD59F057E37022779D46044E1C54900BC34BE08D9DC5313EE877E546EC77A9FD4C9A0602CDEC72C3C6404C87A265AA27B6FD7E89D9897E2D718A412569F31278CAB2D4B8E2080E40B08E62FC8D0F2715C70F4F7718B3C9FD2EE0AE4252C2C55CB610B90F824095284589D795BECE2F78B5E7BD39DA5FE658CF0D928F6BB75F73CE91AEAE51C90F0B77806350D9D45243C161D83FE7580EB508187495BA5FDF5CD68F5555B78C63CE3BB5DEC1488582C02FCBD392C9A25AE20DFC80728CF62C8B964F72D36123602888DEC78E3879160BCA6985CC4EF14C041A2C07D4EEF18D46D8106F103E5D36A45D2540709A7CC714E0F0E9208830450C6E89FA81B576AEA86E82D90282BFFB23B9A88D36A39035A1430F9D4DCD7B8DC64BEDF4D0785F219F2A4B60B727002AD8A1F89B42CD69E0CA4761E52C38A451D078A430AF"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ASUS\Six Engine\SixEngine.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\nlssrv32.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-10-07 19:52:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-07 23:52
ComboFix2.txt 2012-08-22 00:04
ComboFix3.txt 2012-08-20 03:26
.
Pre-Run: 16,609,263,616 bytes free
Post-Run: 16,238,383,104 bytes free
.
- - End Of File - - A712DE285251F3AF7CEC32D5100F6E32


----------



## Cookiegal (Aug 27, 2003)

Everything looks fine in that log. :up:


----------



## rcoops72 (Jun 11, 2011)

Great thank you!

"OTL has a routine to uninstall itself but right now there's a possible but so let's just leave it. Once I hear it's been taken care of we'll delete the OTL.exe by dragging it to the recycle bin and downloading the lastest version before uninstalling it."

So I guess we hang tight until i can click the clean up OTL button and uninstall it?


----------



## Cookiegal (Aug 27, 2003)

The version of OTL that you have is an earlier one (before the bug occurred) so you should be fine to run it and click on the CleanUp button at the top.


----------



## rcoops72 (Jun 11, 2011)

OTL uninstalled no issues..marking thread as resolved..Thank you again Cookie! Until we chat again


----------



## Cookiegal (Aug 27, 2003)

It was my pleasure.


----------

