# Will not update



## ldarlene (Sep 6, 2008)

Totally confused. When I go to Windows Update it says last update was in January. When I tried to update got error message. After hours of searching and trying many things I finally downloaded 7 critical updates. It took 3 attempts to install them but finally 6 were installed. The last one refused to install. Update for Microsoft Office 2010 32-bit edition. I have Microsoft starter so not sure if this is a problem
Finally I had a green colour on update screen instead of orange or red.
Then I immediately got another 3 updates. Took several attempts to install.
The screen kept showing that the last update was in Jan... but that updates were installed on the current day.
After that second bunch of updates I now have a yellow screen again...and windows will not update.


----------



## Cookiegal (Aug 27, 2003)

There was a problem with some updates being offered repeatedly recently.

What is your operating system?

Which updates keep getting offered?


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> There was a problem with some updates being offered repeatedly recently.
> 
> What is your operating system?
> 
> Which updates keep getting offered?


Windows 7
Not being offered any updates now... gettting the message that update could not search for updates
The microsoft office 2010 update will not install. I do not have microsoft office.. I have the starter one.
And the last update I got yesterday included 6 other updates that said they did install.... and they were downloaded yesterday. But it says that it was last updated in January


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> There was a problem with some updates being offered repeatedly recently.
> 
> What is your operating system?
> 
> Which updates keep getting offered?


There are two other updates waiting to install but they will not.
Security update for windows 7 for x64 based systems
first one is (KB2676562)
other one is (KB2872339)


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> There was a problem with some updates being offered repeatedly recently.
> 
> What is your operating system?
> 
> Which updates keep getting offered?


According to the log, the two updates mentioned in last post have been INSTALLED EIGHT TIMES since I started working on this yesterday.


----------



## Cookiegal (Aug 27, 2003)

Please download FRST (Farbar Recovery Scan Tool) and save it to your desktop.

*Note*: You need to run the version that's compatible with your system (32-bit or 64-bit).


Double-click FRST to run it. When the tool opens click *Yes* to the disclaimer.
Press the *Scan* button.
It will make a log named (*FRST.txt*) in the same directory the tool is run (which should be on the desktop). Please copy and paste the contents of the log in your reply.
The first time the tool is run it makes a second log named (*Addition.txt*). Please copy and paste the contents of that log as well.


----------



## ldarlene (Sep 6, 2008)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Bible Verser Toolbar - {57e11d25-85f5-47e0-b044-cd2580fbac32} - C:\Program Files (x86)\Bible_Verser\prxtbBibl.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - No File
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKCU - No Name - {57E11D25-85F5-47E0-B044-CD2580FBAC32} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome: 
=======
CHR HomePage: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=040706273718517A&affID=119357&tt=160913_c1&tsp=5012
CHR RestoreOnStartup: "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=040706273718517A&affID=119357&tt=160913_c1&tsp=5012"
CHR DefaultSearchURL: (Delta Search) - http://www2.delta-search.com/?q={se...273718517A&affID=119357&tt=160913_c1&tsp=5012
CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Windows Live\u00C2\u2122 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Avery Toolbar) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanoehjhfnnichccofiabhckegmaaj\7.15.4.33337_0
CHR Extension: (YouTube) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (TidyNetwork.com ) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfjkmfhbimklfepkjmcpfajcojikheka\5.0.0.0_0
CHR Extension: (Discount Buddy) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbgonfbgjdmlkjofohofdjnakkfppge\1.24.17_0
CHR Extension: (PricePeep) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.3_0
CHR Extension: (Skype Click to Call) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (safe asave) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndppnjnhomgndlbebhccpbkfomncohhe\1
CHR Extension: (Gmail) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [aaaanoehjhfnnichccofiabhckegmaaj] - C:\Users\Darlene\AppData\Local\APN\GoogleCRXs\aaaanoehjhfnnichccofiabhckegmaaj_7.15.4.0.crx
CHR HKLM-x32\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Darlene\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Darlene\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\A40CE~1\AppData\Local\Temp\YontooLayers.crx
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S4 GsServer; C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [5802128 2013-04-02] ()
S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
S3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
==================== Drivers (Whitelisted) ====================
S3 AceecaUSBDx64; C:\Windows\System32\DRIVERS\AceecaUSBDx64.sys [66552 2012-10-18] (PalmSource, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2013-10-01] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
S1 zkxhczhf; \??\C:\Windows\system32\drivers\zkxhczhf.sys [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-10-02 15:35 - 2013-10-02 15:35 - 00000000 ____D C:\FRST
2013-10-02 15:34 - 2013-10-02 15:35 - 01954124 _____ (Farbar) C:\Users\Darlene\Downloads\FRST64.exe
2013-10-02 15:31 - 2013-10-02 15:31 - 00000000 ____D C:\Users\Darlene\AppData\Local\{DD316EC1-056E-4274-A73F-6AC7C7BA6A83}
2013-10-02 14:32 - 2013-10-02 14:32 - 00000000 ____D C:\Users\Darlene\AppData\Local\{6F40D9FB-A010-44D6-B119-EBDFD65614EC}
2013-10-02 14:04 - 2013-10-02 14:05 - 00275181 _____ C:\Users\Darlene\Downloads\WindowsUpdateDiagnostic (1).diagcab
2013-10-02 13:45 - 2013-10-02 13:45 - 00000000 ____D C:\Users\Darlene\AppData\Local\{C986F4FA-C69E-4C68-8624-EB7885CE996B}
2013-10-02 09:37 - 2013-10-02 09:37 - 00985600 _____ C:\Users\Darlene\Downloads\MicrosoftFixit50123 (2).msi
2013-10-01 23:16 - 2013-10-01 23:17 - 00000000 ____D C:\Users\Darlene\AppData\Local\{E2B9CC94-94E1-459A-8C1A-E6F2578ADE17}
2013-10-01 23:00 - 2013-10-01 23:00 - 00000000 ____D C:\Users\Darlene\AppData\Local\{62DA0E00-6736-462C-A486-971EB21F510A}
2013-10-01 21:59 - 2013-10-01 21:59 - 00000000 ____D C:\Users\Darlene\AppData\Local\{2B1C21E4-A921-48F0-BC51-5747D9356D02}
2013-10-01 17:50 - 2013-10-01 17:50 - 00985600 _____ C:\Users\Darlene\Downloads\MicrosoftFixit50123 (1).msi
2013-10-01 16:14 - 2013-10-01 16:14 - 00275181 _____ C:\Users\Darlene\Downloads\WindowsUpdateDiagnostic.diagcab
2013-10-01 15:33 - 2013-10-01 15:45 - 00000000 ____D C:\Windows\system32\MRT
2013-10-01 14:20 - 2013-10-01 14:20 - 00003094 _____ C:\Users\Darlene\Documents\.reg
2013-10-01 04:42 - 2013-10-01 04:42 - 00000000 ____D C:\Users\Darlene\AppData\Local\{5B9A0F95-35D9-4CEF-9424-0ACF1D697A66}
2013-10-01 04:37 - 2013-10-01 04:37 - 00032512 ____H C:\Windows\system32\Drivers\hitmanpro37.sys
2013-10-01 04:36 - 2013-10-01 04:36 - 00011118 _____ C:\Windows\system32\.crusader
2013-10-01 04:16 - 2013-10-01 04:36 - 00000000 ____D C:\ProgramData\HitmanPro
2013-10-01 04:13 - 2013-10-01 04:13 - 00001495 _____ C:\Users\Darlene\Desktop\RKreport[0]_S_10012013_041356.txt
2013-10-01 04:00 - 2013-10-01 04:00 - 00006256 _____ C:\Users\Darlene\Desktop\RKreport[0]_D_10012013_040030.txt
2013-10-01 03:57 - 2013-10-01 03:57 - 00004455 _____ C:\Users\Darlene\Desktop\RKreport[0]_S_10012013_035701.txt
2013-10-01 03:54 - 2013-10-01 04:14 - 00000000 ____D C:\Users\Darlene\Desktop\RK_Quarantine
2013-10-01 00:06 - 2013-10-01 00:06 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-01 00:06 - 2013-10-01 00:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-01 00:06 - 2013-04-04 14:50 - 00025928 ____H (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-01 00:01 - 2013-10-01 00:04 - 00006520 _____ C:\Users\Darlene\Desktop\Rkill.txt
2013-10-01 00:01 - 2013-10-01 00:01 - 00000000 ____D C:\Users\Darlene\Desktop\rkill
2013-09-30 23:57 - 2013-09-30 23:57 - 00000805 _____ C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Internet Security.lnk
2013-09-30 23:57 - 2013-09-30 23:57 - 00000097 _____ C:\Users\Darlene\AppData\Roaming\avbase.dat
2013-09-30 18:08 - 2013-10-02 14:12 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-30 18:08 - 2013-09-30 18:08 - 00001926 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-30 18:08 - 2013-09-30 18:08 - 00000000 ____H C:\Windows\SysWOW64\config.nt
2013-09-30 18:08 - 2013-08-30 03:48 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-30 18:08 - 2013-08-30 03:48 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-30 18:08 - 2013-08-30 03:48 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-30 18:08 - 2013-08-30 03:48 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-30 18:08 - 2013-08-30 03:48 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-30 18:08 - 2013-08-30 03:48 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-30 18:08 - 2013-08-30 03:48 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-30 18:08 - 2013-08-30 03:48 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-30 18:08 - 2013-08-30 03:47 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-09-30 18:07 - 2013-09-30 18:07 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-30 18:07 - 2013-08-30 03:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-30 18:06 - 2013-09-30 18:07 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-30 07:31 - 2013-09-30 07:31 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{4D549AA8-9609-44B2-9A11-C76D47BC7631}
2013-09-30 00:06 - 2013-09-30 00:06 - 00000000 ____D C:\Users\Darlene\AppData\Local\{A91B8D18-CC74-4355-BBEB-4AA1713D71CA}
2013-09-29 22:55 - 2013-09-29 22:55 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-09-29 21:51 - 2013-09-29 21:51 - 00000000 ____D C:\Users\Darlene\AppData\Local\{49DE11D9-EB65-4303-8141-ADEFBFEB710C}
2013-09-29 09:20 - 2013-09-29 09:20 - 00000000 ____D C:\Users\Darlene\AppData\Local\{BBC27667-FEE7-4E5C-BAB2-E64C2C5EB140}
2013-09-28 14:39 - 2013-09-28 14:39 - 00000000 ____D C:\Users\Darlene\AppData\Local\{5135ADDB-1DA8-48D0-9BF8-0DA351B276B3}
2013-09-28 10:11 - 2013-09-28 10:11 - 00000000 ____D C:\Users\Darlene\AppData\Local\{79B7B415-7F45-4A03-B146-40D8129D7284}
2013-09-27 22:01 - 2013-09-27 22:01 - 00000000 ____D C:\Users\Darlene\AppData\Local\{CF9FDD06-14EA-4AE7-9098-2C4727F17C94}
2013-09-27 20:09 - 2013-09-27 20:09 - 00000000 ____D C:\Users\Darlene\AppData\Local\{89ED9516-69DF-43A0-9906-4AB89C6DBC96}
2013-09-27 12:32 - 2013-09-27 12:32 - 00000000 ____D C:\Users\Darlene\AppData\Local\{7A6A7889-C80C-45C7-99F1-C8D6CECDB945}
2013-09-26 23:41 - 2013-09-26 23:42 - 00000000 ____D C:\Users\Darlene\AppData\Local\{A0FDA72B-4D04-4526-A36A-0D81D298B2D0}
2013-09-26 12:01 - 2013-10-02 14:39 - 00015952 _____ C:\Users\Darlene\Documents\Currentbills2013-2014.xlsx
2013-09-26 11:21 - 2013-09-26 11:21 - 00010484 _____ C:\Users\Darlene\Documents\Book3.xlsx
2013-09-26 09:58 - 2013-09-26 09:58 - 00000000 ____D C:\Users\Darlene\AppData\Local\{38E7A3CB-5CF6-4C66-8944-5CC4846BB467}
2013-09-25 13:45 - 2013-09-25 13:46 - 00000000 ____D C:\Users\Darlene\AppData\Local\{97411F6C-942C-4B58-8D17-F9DF80C87155}
2013-09-25 11:42 - 2013-09-25 11:42 - 00000000 ____D C:\Users\Darlene\AppData\Local\{83C79716-B343-4C1D-9CFF-20F4E4228BE6}
2013-09-25 11:19 - 2013-09-25 11:19 - 00000000 ____D C:\Users\Darlene\AppData\Local\{2EF1C98D-C360-45D5-A6C0-7FC347F3FF6A}
2013-09-25 11:13 - 2013-09-25 11:13 - 00000000 ____D C:\Users\Darlene\AppData\Local\{9B92A6A3-0C9F-4EBA-8207-7616853D3A2E}
2013-09-25 09:35 - 2013-09-25 09:35 - 00000000 ____D C:\Users\Darlene\AppData\Local\{92670ECE-BA85-4837-970F-02BDE508111E}
2013-09-24 21:22 - 2013-09-24 21:23 - 00000000 ____D C:\Users\Darlene\AppData\Local\{3CB7EA54-D739-452C-8203-0EAB739A81D4}
2013-09-24 09:02 - 2013-09-24 09:03 - 00000000 ____D C:\Users\Darlene\AppData\Local\{1ED39084-168C-4EC8-AC82-5B2EA74180FE}
2013-09-23 19:14 - 2013-09-23 19:14 - 00000000 ____D C:\MATS
2013-09-23 11:08 - 2013-09-23 11:34 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-09-23 11:02 - 2013-09-23 11:02 - 01565744 _____ C:\Users\Darlene\Downloads\AVG_Remover_en.exe
2013-09-23 10:40 - 2013-09-23 10:40 - 00000000 ____D C:\Users\Darlene\AppData\Local\{4D6EDFD2-810C-4D35-890C-7F1FF2246477}
2013-09-23 09:40 - 2013-09-23 09:40 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-23 09:38 - 2013-09-23 09:39 - 78407592 _____ (AVG) C:\Users\Darlene\Downloads\avg_tuh_stf_all_2014_146_24c4(1).exe
2013-09-23 09:31 - 2013-09-23 09:32 - 78407592 _____ (AVG) C:\Users\Darlene\Downloads\avg_tuh_stf_all_2014_146_24c4.exe
2013-09-22 20:36 - 2013-09-22 20:36 - 209715200 _____ C:\Users\Darlene\Documents\Data Safe.avgfv
2013-09-22 20:31 - 2013-09-22 20:31 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-09-22 20:31 - 2013-09-22 20:31 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\AVG2014
2013-09-22 20:30 - 2013-09-22 20:31 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-22 20:30 - 2013-09-22 20:30 - 00000969 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-09-22 20:29 - 2013-09-22 20:29 - 00000000 ____D C:\Program Files (x86)\AVG
2013-09-22 20:26 - 2013-09-22 21:06 - 00000000 ____D C:\Users\Darlene\AppData\Local\Avg2014
2013-09-22 19:40 - 2013-09-22 19:40 - 00910992 _____ (Symantec Corporation) C:\Users\Darlene\Downloads\AutoDetectPkg(1).exe
2013-09-22 19:35 - 2013-09-22 19:36 - 00000000 ____D C:\Users\Darlene\AppData\Local\{25829028-D7F9-4BB9-BF00-6B909DEA6F0F}
2013-09-22 19:12 - 2013-09-22 19:12 - 00985600 _____ C:\Users\Darlene\Downloads\MicrosoftFixit50123.msi
2013-09-22 18:57 - 2013-09-22 18:57 - 00000000 ____D C:\Users\Darlene\AppData\Local\{AD7B68B9-A772-46CF-901A-75B22046F921}
2013-09-22 18:54 - 2013-09-22 18:54 - 00000000 ____D C:\Users\Darlene\AppData\Local\{95CC7150-0354-44A8-836B-F0DA77D8FAEC}
2013-09-22 05:41 - 2013-09-22 05:41 - 00000000 ____D C:\Users\Darlene\AppData\Local\avgchrome
2013-09-21 21:01 - 2013-09-21 21:02 - 00000000 ____D C:\Users\Darlene\AppData\Local\{0426E805-4232-409C-AF73-6FEEDCD81122}
2013-09-21 14:47 - 2013-09-21 14:47 - 00000000 ____D C:\Users\Darlene\AppData\Local\{012AD5D6-3786-4428-9206-A11820EEC469}
2013-09-21 10:10 - 2013-09-21 10:10 - 00000000 ____D C:\Users\Darlene\AppData\Local\{4140A045-E7AA-4CCC-94F3-F08AF8740337}
2013-09-20 22:19 - 2013-09-20 22:19 - 00000000 ____D C:\Users\Darlene\AppData\Local\Mozilla
2013-09-20 22:19 - 2013-09-20 22:19 - 00000000 ____D C:\ProgramData\Mozilla
2013-09-20 22:18 - 2013-09-23 13:34 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-20 22:18 - 2013-09-23 11:35 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-20 22:18 - 2013-09-23 11:34 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Delta
2013-09-20 22:18 - 2013-09-23 11:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-20 22:18 - 2013-09-20 22:18 - 22404568 _____ (Mozilla) C:\Users\Darlene\Downloads\Firefox_Setup [1].exe
2013-09-20 22:18 - 2013-09-20 22:18 - 00001886 _____ C:\Users\Darlene\Desktop\Search.lnk
2013-09-20 22:18 - 2013-09-20 22:18 - 00000000 ___HD C:\Windows\SysWOW64\searchplugins
2013-09-20 22:18 - 2013-09-20 22:18 - 00000000 ___HD C:\Windows\SysWOW64\Extensions
2013-09-20 22:18 - 2013-09-20 22:18 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\UpdaterEX
2013-09-20 22:18 - 2013-09-20 22:18 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-09-20 22:18 - 2013-09-20 22:18 - 00000000 ____D C:\ProgramData\Babylon
2013-09-20 22:18 - 2013-09-20 22:18 - 00000000 ____D C:\Program Files (x86)\Delta
2013-09-20 18:55 - 2013-09-20 18:56 - 00000000 ____D C:\Users\Darlene\AppData\Local\{F470A923-84E5-4B31-A95D-7BD413980AB7}
2013-09-20 15:38 - 2013-09-20 15:38 - 00000000 ____D C:\Users\Darlene\AppData\Local\{3C8DC1C1-CCAE-4F15-92CC-11DE3B5B7FDC}
2013-09-20 11:16 - 2013-09-20 11:16 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{E4A54E6A-A62E-4F52-B555-D764A2894CEA}
2013-09-19 11:30 - 2013-09-19 11:31 - 00000000 ____D C:\Users\Darlene\AppData\Local\{85071C38-DEF9-436F-886B-26920DD1241B}
2013-09-18 13:43 - 2013-09-18 13:44 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{C5C33947-A5D5-4E0F-8B5A-CC7FFD6059AF}
2013-09-18 06:10 - 2013-09-18 06:11 - 00000000 ____D C:\Users\Darlene\AppData\Local\{88715AA9-1E7E-4A75-BC5A-8CA637DC84FC}
2013-09-17 18:09 - 2013-09-17 18:10 - 00000000 ____D C:\Users\Darlene\AppData\Local\{6B2BA670-CDB5-457A-B447-24F8B83948F6}
2013-09-17 12:40 - 2013-09-17 12:40 - 00000000 ____D C:\Users\Darlene\AppData\Local\{FCE585D4-824A-42B6-92C7-79BFF92493B9}
2013-09-16 12:25 - 2013-09-16 12:26 - 00000000 ____D C:\Users\Darlene\AppData\Local\{BD5E2EC9-B468-4B77-B572-ABCDFB244DBA}
2013-09-15 17:50 - 2013-09-15 17:51 - 00000000 ____D C:\Users\Darlene\AppData\Local\{69072D5C-1A5F-47FE-966F-4262066F668B}
2013-09-15 09:14 - 2013-09-15 09:15 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{5FEACF98-042A-4A9C-9338-076D30EC2428}
2013-09-15 00:27 - 2013-09-15 00:27 - 00000000 ____D C:\Users\Darlene\AppData\Local\{ACD86EA0-D106-47D1-ADB6-6BFE91D9AFE6}
2013-09-14 23:37 - 2013-09-14 23:37 - 00000000 ____D C:\Users\Darlene\AppData\Local\{5884C53E-21E8-4D73-9E67-58A827A4A0B9}
2013-09-14 10:11 - 2013-09-14 10:12 - 00000000 ____D C:\Users\Darlene\AppData\Local\{9461CD23-637D-4F1F-A15D-9D9CC4F2244E}
2013-09-14 08:52 - 2013-09-14 08:53 - 00000000 ____D C:\Users\Darlene\AppData\Local\{AEBD61C0-6ED0-4403-BFDE-C415FA2115DB}
2013-09-13 19:29 - 2013-09-13 19:29 - 00000000 ____D C:\Users\Darlene\AppData\Local\{E2805083-C09D-4D30-BC5A-4AA0F9C25AC4}
2013-09-13 18:39 - 2013-09-13 18:39 - 00000000 ____D C:\Users\Darlene\AppData\Local\{9877C648-09D7-423B-A0EB-E8F46359E1CB}
2013-09-13 00:55 - 2013-09-13 00:56 - 00000000 ____D C:\Users\Darlene\AppData\Local\{8FD27D76-DA40-42D0-9069-E04884ADCBD4}
2013-09-12 23:41 - 2013-09-12 23:41 - 00000000 ____D C:\Users\Darlene\AppData\Local\{64CAED06-BC61-459C-9D6F-34209A4BBB00}
2013-09-12 23:40 - 2013-09-12 23:40 - 00000000 ____D C:\Users\Darlene\AppData\Local\{871132DB-6DBE-486E-832A-93AA2002A2A7}
2013-09-12 23:12 - 2013-09-12 23:12 - 00000000 ____D C:\Users\Darlene\AppData\Local\{95A64DFF-DA5A-4240-B0C5-78EF215AD5DB}
2013-09-12 10:52 - 2013-09-12 10:52 - 00000000 ____D C:\Users\Darlene\AppData\Local\{E1A3E8F2-9F6B-407E-9D7D-AB499984801D}
2013-09-11 09:01 - 2013-09-11 09:01 - 00000000 ____D C:\Users\Darlene\AppData\Local\{24A4B2A3-D1B0-4CE7-9701-49CCEDB61B58}
2013-09-10 17:21 - 2013-09-10 17:21 - 00000000 ____D C:\Users\Darlene\AppData\Local\{53937EC9-87F1-49A3-9474-7FFDD5B93360}
2013-09-10 09:25 - 2013-09-10 09:25 - 00000000 ____D C:\Users\Darlene\AppData\Local\{4743375F-37AA-41B2-B4B7-882F0BD479B1}
2013-09-10 09:07 - 2013-09-10 09:07 - 00000000 ____D C:\Users\Darlene\AppData\Local\{A80289C1-FE7E-4964-8E36-DC3D0B642229}
2013-09-09 18:03 - 2013-09-09 18:03 - 00000000 ____D C:\Users\Darlene\AppData\Local\{DDC5B70F-D2B0-4B33-931D-EA7E6B294B0F}
2013-09-09 18:02 - 2013-09-09 18:02 - 00000000 ____D C:\Users\Darlene\AppData\Local\{D9EB7331-8BA2-401E-B944-BAF422059FC0}
2013-09-09 16:55 - 2013-09-09 16:55 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{A1D86197-73AA-4412-AC12-F79EB9DD4B2B}
2013-09-09 00:58 - 2013-09-09 00:59 - 00000000 ____D C:\Users\Darlene\AppData\Local\{11B1BCA4-100F-4EA1-A2F6-CC60626BAECE}
2013-09-09 00:50 - 2013-09-09 00:50 - 00000000 ____D C:\Users\Darlene\AppData\Local\{59BA6E21-4E00-4C17-9E3B-72650A94DAE2}
2013-09-09 00:49 - 2013-09-08 16:27 - 00001050 _____ C:\Users\Darlene\Desktop\Free FreeCell Solitaire.lnk
2013-09-08 16:28 - 2013-09-08 16:28 - 00000000 ____D C:\ProgramData\TreeCardGames
2013-09-08 16:27 - 2013-09-08 16:27 - 00001038 _____ C:\Users\Public\Desktop\Free FreeCell Solitaire.lnk
2013-09-08 16:27 - 2013-09-08 16:27 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\TreeCardGames
2013-09-08 16:27 - 2013-09-08 16:27 - 00000000 ____D C:\Program Files (x86)\Free FreeCell Solitaire
2013-09-08 10:55 - 2013-09-08 10:55 - 00000000 ____D C:\Users\Darlene\AppData\Local\{4F54CC68-DC31-4D19-8CF9-CAE01A6FB9FB}
2013-09-07 10:22 - 2013-09-07 10:23 - 00000000 ____D C:\Users\Darlene\AppData\Local\{77605879-C14B-45B2-8B7B-FF9637F2F178}
2013-09-06 11:22 - 2013-09-06 11:23 - 00000000 ____D C:\Users\Darlene\AppData\Local\{09E6D503-F01A-4811-B019-9DA8CF81C633}
2013-09-05 10:29 - 2013-09-05 10:30 - 00000000 ____D C:\Users\Darlene\AppData\Local\{58E62AFD-DC4D-4DD8-9F07-C50CCA60006D}
2013-09-05 09:53 - 2013-09-05 09:53 - 00000000 ____D C:\Users\Darlene\AppData\Local\{7EDBAFE1-05D1-4B07-820C-78D69F85973B}
2013-09-04 21:15 - 2013-09-04 21:17 - 00000000 ____D C:\Users\Darlene\AppData\Local\{594FAE71-A3C5-4981-882E-39A98ED5140B}
2013-09-04 08:44 - 2013-09-04 08:44 - 00000000 ____D C:\Users\Darlene\AppData\Local\{E6C0D0A6-0A05-40CA-BF2E-15F2236E7FDA}
2013-09-03 11:34 - 2013-09-03 11:34 - 00000000 ____D C:\Users\Darlene\AppData\Local\{465DA25E-6909-496D-8797-E6EC7187E651}
2013-09-03 00:57 - 2013-09-11 00:52 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Tubyuv
2013-09-03 00:57 - 2013-09-11 00:22 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Iqlu
2013-09-03 00:57 - 2013-09-03 00:57 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Isfixo
2013-09-02 22:54 - 2013-09-02 22:54 - 00000000 ____D C:\Users\Darlene\AppData\Local\{9039777E-0622-4912-ADE0-46895A5AD31F}
2013-09-02 09:05 - 2013-09-02 09:05 - 00000000 ____D C:\Users\Darlene\AppData\Local\{F952E9C2-19F0-42C8-A090-881E78F5E166}
==================== One Month Modified Files and Folders =======
2013-10-02 15:35 - 2013-10-02 15:35 - 00000000 ____D C:\FRST
2013-10-02 15:35 - 2013-10-02 15:34 - 01954124 _____ (Farbar) C:\Users\Darlene\Downloads\FRST64.exe
2013-10-02 15:31 - 2013-10-02 15:31 - 00000000 ____D C:\Users\Darlene\AppData\Local\{DD316EC1-056E-4274-A73F-6AC7C7BA6A83}
2013-10-02 15:26 - 2012-05-19 21:21 - 00000896 ____H C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356847380-486099396-757606752-1000UA.job
2013-10-02 14:56 - 2012-05-27 16:43 - 00000830 ____H C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-02 14:46 - 2012-11-16 11:26 - 00000900 ____H C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-02 14:40 - 2011-12-30 11:14 - 01878104 _____ C:\Windows\WindowsUpdate.log
2013-10-02 14:39 - 2013-09-26 12:01 - 00015952 _____ C:\Users\Darlene\Documents\Currentbills2013-2014.xlsx
2013-10-02 14:32 - 2013-10-02 14:32 - 00000000 ____D C:\Users\Darlene\AppData\Local\{6F40D9FB-A010-44D6-B119-EBDFD65614EC}
2013-10-02 14:18 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-02 14:18 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-02 14:12 - 2013-09-30 18:08 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-10-02 14:12 - 2013-02-07 16:47 - 00000476 ____H C:\Windows\Tasks\SDMsgUpdate (TE).job
2013-10-02 14:11 - 2012-11-16 11:26 - 00000896 ____H C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-02 14:11 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-02 14:11 - 2009-07-14 00:51 - 00097203 ____H C:\Windows\setupact.log
2013-10-02 14:05 - 2013-10-02 14:04 - 00275181 _____ C:\Users\Darlene\Downloads\WindowsUpdateDiagnostic (1).diagcab
2013-10-02 13:45 - 2013-10-02 13:45 - 00000000 ____D C:\Users\Darlene\AppData\Local\{C986F4FA-C69E-4C68-8624-EB7885CE996B}
2013-10-02 09:37 - 2013-10-02 09:37 - 00985600 _____ C:\Users\Darlene\Downloads\MicrosoftFixit50123 (2).msi
2013-10-01 23:17 - 2013-10-01 23:16 - 00000000 ____D C:\Users\Darlene\AppData\Local\{E2B9CC94-94E1-459A-8C1A-E6F2578ADE17}
2013-10-01 23:00 - 2013-10-01 23:00 - 00000000 ____D C:\Users\Darlene\AppData\Local\{62DA0E00-6736-462C-A486-971EB21F510A}
2013-10-01 21:59 - 2013-10-01 21:59 - 00000000 ____D C:\Users\Darlene\AppData\Local\{2B1C21E4-A921-48F0-BC51-5747D9356D02}
2013-10-01 21:26 - 2012-05-19 21:21 - 00000844 ____H C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356847380-486099396-757606752-1000Core.job
2013-10-01 21:03 - 2012-05-17 23:01 - 00803792 ____H C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-01 17:50 - 2013-10-01 17:50 - 00985600 _____ C:\Users\Darlene\Downloads\MicrosoftFixit50123 (1).msi
2013-10-01 17:46 - 2012-06-12 15:46 - 00000000 ____D C:\Users\Darlene
2013-10-01 17:45 - 2012-07-06 07:56 - 00000000 ____D C:\Users\Guest
2013-10-01 17:45 - 2012-06-12 15:46 - 00000000 ____D C:\Users\Darlene\AppData\Local\PowerCinema
2013-10-01 17:45 - 2012-06-12 15:41 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\PowerCinema
2013-10-01 17:45 - 2012-06-12 15:41 - 00000000 ____D C:\Users\Terry.OURLAPTOP
2013-10-01 17:45 - 2012-05-17 23:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-10-01 17:45 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\registration
2013-10-01 16:14 - 2013-10-01 16:14 - 00275181 _____ C:\Users\Darlene\Downloads\WindowsUpdateDiagnostic.diagcab
2013-10-01 15:53 - 2009-07-14 01:13 - 00801466 ____H C:\Windows\system32\PerfStringBackup.INI
2013-10-01 15:45 - 2013-10-01 15:33 - 00000000 ____D C:\Windows\system32\MRT
2013-10-01 14:20 - 2013-10-01 14:20 - 00003094 _____ C:\Users\Darlene\Documents\.reg
2013-10-01 04:42 - 2013-10-01 04:42 - 00000000 ____D C:\Users\Darlene\AppData\Local\{5B9A0F95-35D9-4CEF-9424-0ACF1D697A66}
2013-10-01 04:37 - 2013-10-01 04:37 - 00032512 ____H C:\Windows\system32\Drivers\hitmanpro37.sys
2013-10-01 04:36 - 2013-10-01 04:36 - 00011118 _____ C:\Windows\system32\.crusader
2013-10-01 04:36 - 2013-10-01 04:16 - 00000000 ____D C:\ProgramData\HitmanPro
2013-10-01 04:14 - 2013-10-01 03:54 - 00000000 ____D C:\Users\Darlene\Desktop\RK_Quarantine
2013-10-01 04:13 - 2013-10-01 04:13 - 00001495 _____ C:\Users\Darlene\Desktop\RKreport[0]_S_10012013_041356.txt
2013-10-01 04:00 - 2013-10-01 04:00 - 00006256 _____ C:\Users\Darlene\Desktop\RKreport[0]_D_10012013_040030.txt
2013-10-01 03:57 - 2013-10-01 03:57 - 00004455 _____ C:\Users\Darlene\Desktop\RKreport[0]_S_10012013_035701.txt
2013-10-01 03:49 - 2010-11-20 23:47 - 00284044 ____H C:\Windows\PFRO.log
2013-10-01 00:23 - 2013-06-20 13:23 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Systweak
2013-10-01 00:06 - 2013-10-01 00:06 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-01 00:06 - 2013-10-01 00:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-01 00:04 - 2013-10-01 00:01 - 00006520 _____ C:\Users\Darlene\Desktop\Rkill.txt
2013-10-01 00:01 - 2013-10-01 00:01 - 00000000 ____D C:\Users\Darlene\Desktop\rkill
2013-09-30 23:57 - 2013-09-30 23:57 - 00000805 _____ C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Internet Security.lnk
2013-09-30 23:57 - 2013-09-30 23:57 - 00000097 _____ C:\Users\Darlene\AppData\Roaming\avbase.dat
2013-09-30 23:08 - 2012-07-16 23:31 - 00002186 _____ C:\Windows\epplauncher.mif
2013-09-30 20:16 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-30 20:16 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\AppCompat
2013-09-30 19:25 - 2013-07-26 14:54 - 00000000 ____D C:\Program Files (x86)\SafeSaver
2013-09-30 18:08 - 2013-09-30 18:08 - 00001926 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-30 18:08 - 2013-09-30 18:08 - 00000000 ____H C:\Windows\SysWOW64\config.nt
2013-09-30 18:07 - 2013-09-30 18:07 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-30 18:07 - 2013-09-30 18:06 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-30 07:31 - 2013-09-30 07:31 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{4D549AA8-9609-44B2-9A11-C76D47BC7631}
2013-09-30 00:06 - 2013-09-30 00:06 - 00000000 ____D C:\Users\Darlene\AppData\Local\{A91B8D18-CC74-4355-BBEB-4AA1713D71CA}
2013-09-29 22:55 - 2013-09-29 22:55 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-09-29 21:51 - 2013-09-29 21:51 - 00000000 ____D C:\Users\Darlene\AppData\Local\{49DE11D9-EB65-4303-8141-ADEFBFEB710C}
2013-09-29 09:20 - 2013-09-29 09:20 - 00000000 ____D C:\Users\Darlene\AppData\Local\{BBC27667-FEE7-4E5C-BAB2-E64C2C5EB140}
2013-09-29 00:05 - 2012-06-14 21:49 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\SoftGrid Client
2013-09-28 14:39 - 2013-09-28 14:39 - 00000000 ____D C:\Users\Darlene\AppData\Local\{5135ADDB-1DA8-48D0-9BF8-0DA351B276B3}
2013-09-28 10:11 - 2013-09-28 10:11 - 00000000 ____D C:\Users\Darlene\AppData\Local\{79B7B415-7F45-4A03-B146-40D8129D7284}
2013-09-27 22:01 - 2013-09-27 22:01 - 00000000 ____D C:\Users\Darlene\AppData\Local\{CF9FDD06-14EA-4AE7-9098-2C4727F17C94}
2013-09-27 20:09 - 2013-09-27 20:09 - 00000000 ____D C:\Users\Darlene\AppData\Local\{89ED9516-69DF-43A0-9906-4AB89C6DBC96}
2013-09-27 12:32 - 2013-09-27 12:32 - 00000000 ____D C:\Users\Darlene\AppData\Local\{7A6A7889-C80C-45C7-99F1-C8D6CECDB945}
2013-09-26 23:42 - 2013-09-26 23:41 - 00000000 ____D C:\Users\Darlene\AppData\Local\{A0FDA72B-4D04-4526-A36A-0D81D298B2D0}
2013-09-26 12:15 - 2012-12-18 13:19 - 00016468 _____ C:\Users\Darlene\Documents\bills2013.xlsx
2013-09-26 11:21 - 2013-09-26 11:21 - 00010484 _____ C:\Users\Darlene\Documents\Book3.xlsx
2013-09-26 11:21 - 2013-07-22 17:00 - 00012978 _____ C:\Users\Darlene\Documents\billsbackpage2013July.xlsx
2013-09-26 09:58 - 2013-09-26 09:58 - 00000000 ____D C:\Users\Darlene\AppData\Local\{38E7A3CB-5CF6-4C66-8944-5CC4846BB467}
2013-09-25 13:46 - 2013-09-25 13:45 - 00000000 ____D C:\Users\Darlene\AppData\Local\{97411F6C-942C-4B58-8D17-F9DF80C87155}
2013-09-25 11:42 - 2013-09-25 11:42 - 00000000 ____D C:\Users\Darlene\AppData\Local\{83C79716-B343-4C1D-9CFF-20F4E4228BE6}
2013-09-25 11:19 - 2013-09-25 11:19 - 00000000 ____D C:\Users\Darlene\AppData\Local\{2EF1C98D-C360-45D5-A6C0-7FC347F3FF6A}
2013-09-25 11:13 - 2013-09-25 11:13 - 00000000 ____D C:\Users\Darlene\AppData\Local\{9B92A6A3-0C9F-4EBA-8207-7616853D3A2E}
2013-09-25 09:35 - 2013-09-25 09:35 - 00000000 ____D C:\Users\Darlene\AppData\Local\{92670ECE-BA85-4837-970F-02BDE508111E}
2013-09-24 21:23 - 2013-09-24 21:22 - 00000000 ____D C:\Users\Darlene\AppData\Local\{3CB7EA54-D739-452C-8203-0EAB739A81D4}
2013-09-24 09:03 - 2013-09-24 09:02 - 00000000 ____D C:\Users\Darlene\AppData\Local\{1ED39084-168C-4EC8-AC82-5B2EA74180FE}
2013-09-23 19:36 - 2013-01-22 16:48 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Softarama
2013-09-23 19:31 - 2011-12-30 11:25 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-09-23 19:31 - 2011-10-13 11:17 - 00000000 ____D C:\ProgramData\McAfee
2013-09-23 19:25 - 2013-01-22 18:09 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-09-23 19:24 - 2013-02-06 18:08 - 00000000 ____D C:\Program Files\McAfee
2013-09-23 19:14 - 2013-09-23 19:14 - 00000000 ____D C:\MATS
2013-09-23 13:34 - 2013-09-20 22:18 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-23 11:35 - 2013-09-20 22:18 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-23 11:34 - 2013-09-23 11:08 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-09-23 11:34 - 2013-09-20 22:18 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Delta
2013-09-23 11:12 - 2013-09-20 22:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-23 11:12 - 2012-11-13 02:01 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Mozilla
2013-09-23 11:02 - 2013-09-23 11:02 - 01565744 _____ C:\Users\Darlene\Downloads\AVG_Remover_en.exe
2013-09-23 10:40 - 2013-09-23 10:40 - 00000000 ____D C:\Users\Darlene\AppData\Local\{4D6EDFD2-810C-4D35-890C-7F1FF2246477}
2013-09-23 09:40 - 2013-09-23 09:40 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-23 09:39 - 2013-09-23 09:38 - 78407592 _____ (AVG) C:\Users\Darlene\Downloads\avg_tuh_stf_all_2014_146_24c4(1).exe
2013-09-23 09:32 - 2013-09-23 09:31 - 78407592 _____ (AVG) C:\Users\Darlene\Downloads\avg_tuh_stf_all_2014_146_24c4.exe
2013-09-22 21:06 - 2013-09-22 20:26 - 00000000 ____D C:\Users\Darlene\AppData\Local\Avg2014
2013-09-22 20:36 - 2013-09-22 20:36 - 209715200 _____ C:\Users\Darlene\Documents\Data Safe.avgfv
2013-09-22 20:31 - 2013-09-22 20:31 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-09-22 20:31 - 2013-09-22 20:31 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\AVG2014
2013-09-22 20:31 - 2013-09-22 20:30 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-22 20:30 - 2013-09-22 20:30 - 00000969 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-09-22 20:29 - 2013-09-22 20:29 - 00000000 ____D C:\Program Files (x86)\AVG
2013-09-22 19:40 - 2013-09-22 19:40 - 00910992 _____ (Symantec Corporation) C:\Users\Darlene\Downloads\AutoDetectPkg(1).exe
2013-09-22 19:36 - 2013-09-22 19:35 - 00000000 ____D C:\Users\Darlene\AppData\Local\{25829028-D7F9-4BB9-BF00-6B909DEA6F0F}
2013-09-22 19:12 - 2013-09-22 19:12 - 00985600 _____ C:\Users\Darlene\Downloads\MicrosoftFixit50123.msi
2013-09-22 18:57 - 2013-09-22 18:57 - 00000000 ____D C:\Users\Darlene\AppData\Local\{AD7B68B9-A772-46CF-901A-75B22046F921}
2013-09-22 18:54 - 2013-09-22 18:54 - 00000000 ____D C:\Users\Darlene\AppData\Local\{95CC7150-0354-44A8-836B-F0DA77D8FAEC}
2013-09-22 05:41 - 2013-09-22 05:41 - 00000000 ____D C:\Users\Darlene\AppData\Local\avgchrome
2013-09-21 21:02 - 2013-09-21 21:01 - 00000000 ____D C:\Users\Darlene\AppData\Local\{0426E805-4232-409C-AF73-6FEEDCD81122}
2013-09-21 14:47 - 2013-09-21 14:47 - 00000000 ____D C:\Users\Darlene\AppData\Local\{012AD5D6-3786-4428-9206-A11820EEC469}
2013-09-21 10:10 - 2013-09-21 10:10 - 00000000 ____D C:\Users\Darlene\AppData\Local\{4140A045-E7AA-4CCC-94F3-F08AF8740337}
2013-09-20 22:19 - 2013-09-20 22:19 - 00000000 ____D C:\Users\Darlene\AppData\Local\Mozilla
2013-09-20 22:19 - 2013-09-20 22:19 - 00000000 ____D C:\ProgramData\Mozilla
2013-09-20 22:18 - 2013-09-20 22:18 - 22404568 _____ (Mozilla) C:\Users\Darlene\Downloads\Firefox_Setup [1].exe
2013-09-20 22:18 - 2013-09-20 22:18 - 00001886 _____ C:\Users\Darlene\Desktop\Search.lnk
2013-09-20 22:18 - 2013-09-20 22:18 - 00000000 ___HD C:\Windows\SysWOW64\searchplugins
2013-09-20 22:18 - 2013-09-20 22:18 - 00000000 ___HD C:\Windows\SysWOW64\Extensions
2013-09-20 22:18 - 2013-09-20 22:18 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\UpdaterEX
2013-09-20 22:18 - 2013-09-20 22:18 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-09-20 22:18 - 2013-09-20 22:18 - 00000000 ____D C:\ProgramData\Babylon
2013-09-20 22:18 - 2013-09-20 22:18 - 00000000 ____D C:\Program Files (x86)\Delta
2013-09-20 18:56 - 2013-09-20 18:55 - 00000000 ____D C:\Users\Darlene\AppData\Local\{F470A923-84E5-4B31-A95D-7BD413980AB7}
2013-09-20 15:38 - 2013-09-20 15:38 - 00000000 ____D C:\Users\Darlene\AppData\Local\{3C8DC1C1-CCAE-4F15-92CC-11DE3B5B7FDC}
2013-09-20 11:16 - 2013-09-20 11:16 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{E4A54E6A-A62E-4F52-B555-D764A2894CEA}
2013-09-19 15:56 - 2012-05-27 16:43 - 00692616 ____H (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 15:56 - 2012-05-27 16:43 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 15:56 - 2011-10-13 11:29 - 00071048 ____H (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-19 11:31 - 2013-09-19 11:30 - 00000000 ____D C:\Users\Darlene\AppData\Local\{85071C38-DEF9-436F-886B-26920DD1241B}
2013-09-18 13:44 - 2013-09-18 13:43 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{C5C33947-A5D5-4E0F-8B5A-CC7FFD6059AF}
2013-09-18 06:11 - 2013-09-18 06:10 - 00000000 ____D C:\Users\Darlene\AppData\Local\{88715AA9-1E7E-4A75-BC5A-8CA637DC84FC}
2013-09-17 18:10 - 2013-09-17 18:09 - 00000000 ____D C:\Users\Darlene\AppData\Local\{6B2BA670-CDB5-457A-B447-24F8B83948F6}
2013-09-17 12:40 - 2013-09-17 12:40 - 00000000 ____D C:\Users\Darlene\AppData\Local\{FCE585D4-824A-42B6-92C7-79BFF92493B9}
2013-09-16 15:19 - 2012-11-13 01:48 - 00000000 ____D C:\Users\Darlene\Documents\Cook'n10
2013-09-16 12:26 - 2013-09-16 12:25 - 00000000 ____D C:\Users\Darlene\AppData\Local\{BD5E2EC9-B468-4B77-B572-ABCDFB244DBA}
2013-09-15 17:51 - 2013-09-15 17:50 - 00000000 ____D C:\Users\Darlene\AppData\Local\{69072D5C-1A5F-47FE-966F-4262066F668B}
2013-09-15 09:15 - 2013-09-15 09:14 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{5FEACF98-042A-4A9C-9338-076D30EC2428}
2013-09-15 00:27 - 2013-09-15 00:27 - 00000000 ____D C:\Users\Darlene\AppData\Local\{ACD86EA0-D106-47D1-ADB6-6BFE91D9AFE6}
2013-09-14 23:37 - 2013-09-14 23:37 - 00000000 ____D C:\Users\Darlene\AppData\Local\{5884C53E-21E8-4D73-9E67-58A827A4A0B9}
2013-09-14 23:19 - 2013-07-26 14:53 - 00000000 ____D C:\ProgramData\safe asave
2013-09-14 23:19 - 2013-05-23 09:24 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Roaming\SearchProtect
2013-09-14 23:19 - 2013-05-22 22:29 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\SearchProtect
2013-09-14 23:19 - 2013-05-22 22:29 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-09-14 10:12 - 2013-09-14 10:11 - 00000000 ____D C:\Users\Darlene\AppData\Local\{9461CD23-637D-4F1F-A15D-9D9CC4F2244E}
2013-09-14 08:53 - 2013-09-14 08:52 - 00000000 ____D C:\Users\Darlene\AppData\Local\{AEBD61C0-6ED0-4403-BFDE-C415FA2115DB}
2013-09-13 19:29 - 2013-09-13 19:29 - 00000000 ____D C:\Users\Darlene\AppData\Local\{E2805083-C09D-4D30-BC5A-4AA0F9C25AC4}
2013-09-13 18:39 - 2013-09-13 18:39 - 00000000 ____D C:\Users\Darlene\AppData\Local\{9877C648-09D7-423B-A0EB-E8F46359E1CB}
2013-09-13 00:56 - 2013-09-13 00:55 - 00000000 ____D C:\Users\Darlene\AppData\Local\{8FD27D76-DA40-42D0-9069-E04884ADCBD4}
2013-09-12 23:41 - 2013-09-12 23:41 - 00000000 ____D C:\Users\Darlene\AppData\Local\{64CAED06-BC61-459C-9D6F-34209A4BBB00}
2013-09-12 23:40 - 2013-09-12 23:40 - 00000000 ____D C:\Users\Darlene\AppData\Local\{871132DB-6DBE-486E-832A-93AA2002A2A7}
2013-09-12 23:12 - 2013-09-12 23:12 - 00000000 ____D C:\Users\Darlene\AppData\Local\{95A64DFF-DA5A-4240-B0C5-78EF215AD5DB}
2013-09-12 10:52 - 2013-09-12 10:52 - 00000000 ____D C:\Users\Darlene\AppData\Local\{E1A3E8F2-9F6B-407E-9D7D-AB499984801D}
2013-09-11 09:27 - 2009-07-14 01:08 - 00032570 ____H C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-11 09:01 - 2013-09-11 09:01 - 00000000 ____D C:\Users\Darlene\AppData\Local\{24A4B2A3-D1B0-4CE7-9701-49CCEDB61B58}
2013-09-11 00:52 - 2013-09-03 00:57 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Tubyuv
2013-09-11 00:22 - 2013-09-03 00:57 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Iqlu
2013-09-10 17:21 - 2013-09-10 17:21 - 00000000 ____D C:\Users\Darlene\AppData\Local\{53937EC9-87F1-49A3-9474-7FFDD5B93360}
2013-09-10 09:25 - 2013-09-10 09:25 - 00000000 ____D C:\Users\Darlene\AppData\Local\{4743375F-37AA-41B2-B4B7-882F0BD479B1}
2013-09-10 09:07 - 2013-09-10 09:07 - 00000000 ____D C:\Users\Darlene\AppData\Local\{A80289C1-FE7E-4964-8E36-DC3D0B642229}
2013-09-09 18:03 - 2013-09-09 18:03 - 00000000 ____D C:\Users\Darlene\AppData\Local\{DDC5B70F-D2B0-4B33-931D-EA7E6B294B0F}
2013-09-09 18:02 - 2013-09-09 18:02 - 00000000 ____D C:\Users\Darlene\AppData\Local\{D9EB7331-8BA2-401E-B944-BAF422059FC0}
2013-09-09 16:55 - 2013-09-09 16:55 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{A1D86197-73AA-4412-AC12-F79EB9DD4B2B}
2013-09-09 00:59 - 2013-09-09 00:58 - 00000000 ____D C:\Users\Darlene\AppData\Local\{11B1BCA4-100F-4EA1-A2F6-CC60626BAECE}
2013-09-09 00:50 - 2013-09-09 00:50 - 00000000 ____D C:\Users\Darlene\AppData\Local\{59BA6E21-4E00-4C17-9E3B-72650A94DAE2}
2013-09-08 16:28 - 2013-09-08 16:28 - 00000000 ____D C:\ProgramData\TreeCardGames
2013-09-08 16:27 - 2013-09-09 00:49 - 00001050 _____ C:\Users\Darlene\Desktop\Free FreeCell Solitaire.lnk
2013-09-08 16:27 - 2013-09-08 16:27 - 00001038 _____ C:\Users\Public\Desktop\Free FreeCell Solitaire.lnk
2013-09-08 16:27 - 2013-09-08 16:27 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\TreeCardGames
2013-09-08 16:27 - 2013-09-08 16:27 - 00000000 ____D C:\Program Files (x86)\Free FreeCell Solitaire
2013-09-08 10:55 - 2013-09-08 10:55 - 00000000 ____D C:\Users\Darlene\AppData\Local\{4F54CC68-DC31-4D19-8CF9-CAE01A6FB9FB}
2013-09-07 10:58 - 2013-01-03 02:09 - 00000000 ____D C:\Users\Darlene\AppData\Local\Apple Computer
2013-09-07 10:23 - 2013-09-07 10:22 - 00000000 ____D C:\Users\Darlene\AppData\Local\{77605879-C14B-45B2-8B7B-FF9637F2F178}
2013-09-06 12:14 - 2012-07-31 21:59 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Skype
2013-09-06 11:23 - 2013-09-06 11:22 - 00000000 ____D C:\Users\Darlene\AppData\Local\{09E6D503-F01A-4811-B019-9DA8CF81C633}
2013-09-05 10:30 - 2013-09-05 10:29 - 00000000 ____D C:\Users\Darlene\AppData\Local\{58E62AFD-DC4D-4DD8-9F07-C50CCA60006D}
2013-09-05 09:53 - 2013-09-05 09:53 - 00000000 ____D C:\Users\Darlene\AppData\Local\{7EDBAFE1-05D1-4B07-820C-78D69F85973B}
2013-09-04 21:17 - 2013-09-04 21:15 - 00000000 ____D C:\Users\Darlene\AppData\Local\{594FAE71-A3C5-4981-882E-39A98ED5140B}
2013-09-04 08:44 - 2013-09-04 08:44 - 00000000 ____D C:\Users\Darlene\AppData\Local\{E6C0D0A6-0A05-40CA-BF2E-15F2236E7FDA}
2013-09-03 15:52 - 2012-07-31 10:22 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-03 11:34 - 2013-09-03 11:34 - 00000000 ____D C:\Users\Darlene\AppData\Local\{465DA25E-6909-496D-8797-E6EC7187E651}
2013-09-03 00:57 - 2013-09-03 00:57 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Isfixo
2013-09-03 00:57 - 2012-07-31 10:23 - 00000000 ____D C:\Users\Darlene\AppData\Local\Google
2013-09-02 22:54 - 2013-09-02 22:54 - 00000000 ____D C:\Users\Darlene\AppData\Local\{9039777E-0622-4912-ADE0-46895A5AD31F}
2013-09-02 09:05 - 2013-09-02 09:05 - 00000000 ____D C:\Users\Darlene\AppData\Local\{F952E9C2-19F0-42C8-A090-881E78F5E166}
Files to move or delete:
====================
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Some content of TEMP:
====================
C:\Users\Darlene\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Darlene\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Darlene\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Darlene\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Darlene\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Darlene\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Darlene\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Darlene\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Darlene\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\Darlene\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Darlene\AppData\Local\Temp\oi_{C14659FA-5097-4F0D-840F-BBCB7088B742}.exe
C:\Users\Darlene\AppData\Local\Temp\oi_{DEB14F0D-5B55-409A-933F-5DF5C1FC33D6}.exe
C:\Users\Darlene\AppData\Local\Temp\SendMsg.dll
C:\Users\Darlene\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Darlene\AppData\Local\Temp\tbHot0.dll
C:\Users\Darlene\AppData\Local\Temp\tbVis0.dll
C:\Users\Darlene\AppData\Local\Temp\tbWhit.dll
C:\Users\Darlene\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Darlene\AppData\Local\Temp\VisualBeeSilent.exe

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-01 02:35

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Darlene at 2013-10-02 15:39:42
Running from C:\Users\Darlene\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
1 Penguin 100 Cases (x32)
Acer Backup Manager (x32 Version: 3.0.0.99)
Acer Crystal Eye Webcam (x32 Version: 1.5.2904.00)
Acer ePower Management (x32 Version: 6.00.3008)
Acer eRecovery Management (x32 Version: 5.00.3504)
Acer Games (x32 Version: 1.0.2.5)
Acer Registration (x32 Version: 1.04.3504)
Acer ScreenSaver (x32 Version: 1.1.0517.2011)
Acer Updater (x32 Version: 1.02.3502)
Adobe AIR (x32 Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98)
Agatha Christie: Dead Man's Folly (x32)
Alcor Micro USB Card Reader (x32 Version: 1.2.42.68439)
Amazing Adventures: The Lost Tomb (x32)
Antique Mysteries: Secrets of Howard's Mansion (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Arizona Rose and the Pirates' Riddles (x32)
Ask Toolbar (x32 Version: 1.15.4.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.1.42)
avast! Free Antivirus (x32 Version: 8.0.1497.0)
Avenue Flo (x32)
Avenue Flo(TM) - Special Delivery (x32)
Avenue Flo(TM) (x32)
Avenue Flo: Special Delivery (x32)
Avery Toolbar Updater (HKCU Version: 1.2.2.23821)
Backup Manager V3 (x32 Version: 3.0.0.99)
BE Downloadable Edition (x32 Version: 1.1)
BE Downloadable Edition (x32)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bible Verser Toolbar (x32 Version: 6.8.9.0)
Big City Adventure: London Story (x32)
Big Fish Games: Game Manager (x32 Version: 3.0.1.60)
BitGuard (x32)
Bonjour (Version: 3.0.0.10)
Brain Challenge (x32)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97)
Castle: Never Judge a Book by Its Cover (x32)
Chronicles of Albian (x32 Version: 2.2.0.95)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
City of Fools (x32)
City of Secrets (x32)
clear.fi (x32 Version: 1.0.1517_36458)
clear.fi (x32 Version: 1.0.2024.00)
clear.fi (x32 Version: 9.0.8026)
clear.fi Client (x32 Version: 1.00.3500)
Clutter II: He Said, She Said (x32)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Cook'n (x32)
Cook'n Recipe Browser (x32)
Cradle of Rome 2 (x32 Version: 2.2.0.95)
Crazy Machines (x32)
Cute Knight (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
Delta toolbar (x32 Version: 1.8.24.6)
Detective Quest: The Crystal Slipper (x32)
Dora's World Adventure (x32 Version: 2.2.0.95)
Dream Chronicles: The Book of Air (x32)
eBay Worldwide (x32 Version: 2.2.0409)
Efficient Diary Pro 3.0 (x32)
Emerald City Confidential (x32)
Escape the Emerald Star (x32)
Escape the Museum (x32)
e-Sword (x32 Version: 10.01.0000)
Evernote v. 4.5.1 (x32 Version: 4.5.1.5451)
Everyday Jigsaw (x32)
Extended Update (HKCU)
eXtreme Movie Manager 7.2.3.6 - Full Install! (x32)
EZDownloader (x32 Version: 1.0)
FATE: The Cursed King (x32 Version: 2.2.0.97)
Fierce Tales: The Dog's Heart (x32)
Fierce Tales: The Dog's Heart Collector's Edition (x32)
Files Opened (x32 Version: 1.0)
Final Cut: Death on the Silver Screen (x32)
Final Drive: Nitro (x32 Version: 2.2.0.95)
Fooz Kids (x32 Version: 3.0.8)
Fooz Kids Platform (x32 Version: 2.1)
Forgotten Riddles - The Mayan Princess (x32)
Found: A Hidden Object Adventure - Free to Play (x32)
Freddi Fish(R) 5 The Case of The Creature of Coral Cove (x32)
Free DWG Viewer 7.1 (x32 Version: 7.1)
Free FreeCell Solitaire 2012 v2.1 (x32)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
GoodSync (Version: 9.4.8.8)
Google Chrome (x32 Version: 24.0.1312.52)
Google Earth (x32 Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.123)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95)
Identity Card (x32 Version: 1.00.3501)
Inspector Parker (x32)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2342)
Intel(R) Rapid Storage Technology (x32 Version: 10.0.0.1046)
iSEEK AnswerWorks English Runtime (x32 Version: 010.000.0101)
iTunes (Version: 11.0.1.12)
iTunes (Version: 11.0.2.26)
Java 7 Update 9 (x32 Version: 7.0.90)
Java Auto Updater (x32 Version: 2.1.9.0)
JavaFX 2.1.0 (x32 Version: 2.1.0)
Jewel Match 3 (x32 Version: 2.2.0.97)
Jodie Drake and the World in Peril (x32)
Journey: The Heart of Gaia (x32)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kobo (x32 Version: 3.0.4)
KraiSoft Games Launcher (x32)
Kuros (x32)
Launch Manager (x32 Version: 5.1.2)
Legends of the Wild West: Golden Hill (x32)
Living Cookbook 2013 (x32 Version: 4.0.28)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5131.5000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Murder, She Wrote (x32)
Murder, She Wrote 2: Return to Cabot Cove (x32)
Mushroom Age (x32)
My digital Diary 3.2b (x32 Version: 3.2b)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98)
Mystery P.I.: The Curious Case of Counterfeit Cove (x32)
Mystery Trackers: Raincliff (x32)
MyWinLocker (Version: 4.0.14.27)
MyWinLocker 4 (x32 Version: 4.0.14.27)
MyWinLocker Suite (x32 Version: 4.0.14.19)
Nancy Drew(R) - Phantom of Venice (x32)
Nancy Drew: The Final Scene (x32)
newsXpresso (x32 Version: 1.0.0.40)
NTI Media Maker 9 (x32 Version: 9.0.2.9002)
NutriBase 5 Plus v.5.17 (x32)
NutriBase Palm (x32)
Palm Desktop (x32 Version: 4.1.0300)
Penguins! (x32 Version: 2.2.0.95)
Picasa 3 (x32 Version: 3.9)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.97)
Polar Golfer (x32 Version: 2.2.0.95)
Puppetshow: Return to Joyville (x32)
Quicken 2012 (x32 Version: 21.1.2.14)
QuickTime (x32 Version: 7.74.80.86)
RealMYST (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6324)
RoboForm 7-8-9-5 (All Users) (x32 Version: 7-8-9-5)
Royal Trouble (x32)
SafeSaver 1.74 (x32)
Shredder (Version: 2.0.8.9)
Shredder (x32 Version: 2.0.8.9)
Skype Click to Call (x32 Version: 6.11.13348)
Skype 5.10 (x32 Version: 5.10.116)
SmartDraw 2014 (x32)
SmartPCFixer 4.2 (Version: 4.2)
SSC Service Utility v4.30 (x32)
Strange Cases: The Secrets of Grey Mist Lake (x32)
Swag Bucks Toolbar (x32 Version: 6.8.9.0)
Syberia - Part 1 (x32)
Synaptics Pointing Device Driver (Version: 15.1.18.0)
Tesla's Tower: The Wardenclyffe Mystery (x32)
The Great Unknown: Houdini's Castle (x32)
The Legend of Sleepy Hollow: Jar of Marbles III - Free to Play (x32)
The Secret of Margrave Manor (x32)
The Surprising Adventures of Munchausen (x32)
The Tiny Bang Story (x32)
Torchlight (x32 Version: 2.2.0.97)
Triazzle Island (x32)
Unfinished Tales: Illicit Love (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update Installer for WildTangent Games App (x32)
Vault Cracker (x32)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
Welcome Center (x32 Version: 1.02.3504)
WildTangent Games App (x32 Version: 4.0.10.2)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
World of Goo (x32)
Yontoo 1.10.02 (Version: 1.10.02)
Zoo Vet 2: Endangered Animals (x32)
Zuma's Revenge (x32 Version: 2.2.0.97)
==================== Restore Points =========================
27-09-2013 04:31:51 Windows Update
28-09-2013 07:00:10 Windows Update
29-09-2013 04:06:00 Windows Update
30-09-2013 03:05:16 Windows Defender Checkpoint
30-09-2013 22:06:38 avast! Free Antivirus Setup
01-10-2013 19:20:02 Windows Update
01-10-2013 19:23:20 Windows Update
01-10-2013 19:47:23 Windows Update
01-10-2013 19:51:07 Windows Update
01-10-2013 19:59:29 Windows Update
01-10-2013 20:00:28 Windows Update
01-10-2013 20:04:19 Windows Update
01-10-2013 20:08:36 Installed Microsoft Fix it 50123
01-10-2013 20:35:39 Restore Operation
01-10-2013 20:42:07 Windows Update
01-10-2013 21:42:08 Restore Operation
01-10-2013 21:51:00 Installed Microsoft Fix it 50123
01-10-2013 21:55:25 Windows Update
01-10-2013 22:29:28 Windows Update
01-10-2013 22:30:06 Windows Update
01-10-2013 22:31:06 Windows Update
01-10-2013 22:37:00 Windows Update
02-10-2013 01:00:11 Windows Update
02-10-2013 01:02:34 Windows Update
02-10-2013 01:03:10 Windows Update
02-10-2013 01:34:06 Windows Update
02-10-2013 01:56:52 Removed Norton Online Backup
02-10-2013 13:37:58 Installed Microsoft Fix it 50123
02-10-2013 17:59:00 Windows Update
==================== Hosts content: ==========================
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ___AH C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05C6340A-B8EB-4FA1-8A0B-C9BE94A8A1BB} - System32\Tasks\{9133A447-26E0-482E-92E9-D3F7111CBFC8} => C:\Program Files\nb5\nb5plus.exe [2004-09-07] ()
Task: {19BB89AA-4F66-4D9F-9454-D1C1963A3ACD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-356847380-486099396-757606752-1000UA => C:\Users\ða\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {19C59510-CC2B-45C0-BCB6-C312560E87EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-19] (Adobe Systems Incorporated)
Task: {3341B8B5-1592-440D-A3BE-1FB172774F28} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-06-25] (Siber Systems)
Task: {465A9098-DC59-4F57-A584-168664173114} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {56DDEF99-B0D1-4953-86ED-3F6A47A45041} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {5BCA48FB-38A3-4155-9F52-6226833AFDE8} - System32\Tasks\{8544ABD5-7001-4940-9D58-952F255E1D7B} => Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?source=lightinstaller&page=tsProgressBar
Task: {5FD043F9-4DC8-4A17-9B88-BF68D8978CF0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {61D6FFC8-2E86-40E2-88C1-89B5612A81F6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-356847380-486099396-757606752-1000Core => C:\Users\ða\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {63486991-8658-48D2-8DD5-E87DB8B0828C} - System32\Tasks\BitGuard => Sc.exe start BitGuard
Task: {76FF869E-65FD-4A18-A364-F91859E9E778} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {7DAE602B-A5E3-4D66-864A-D967B3624444} - System32\Tasks\{EC0ED304-7C11-42F3-A84C-FEA256206DDE} => C:\Program Files\nb5\nb5plus.exe [2004-09-07] ()
Task: {8B6853C5-526D-4BCF-A8FA-3B63B6DA1278} - System32\Tasks\{C96053A2-5E72-4648-8315-970C4D02C761} => C:\Program Files\nb5\nb5plus.exe [2004-09-07] ()
Task: {8E5C7601-A587-4CE2-9FB2-DDAAD94C13D7} - System32\Tasks\Open URL by RoboForm => C:\Windows\System32\url.dll [2012-11-14] (Microsoft Corporation)
Task: {93152721-79A3-4C6E-910D-B0DBE71854B6} - System32\Tasks\{29FA96AB-CF7B-4493-B0D2-69BE0D9A9100} => C:\Program Files\nb5\nb5plus.exe [2004-09-07] ()
Task: {970B3330-C592-4F10-B866-CA386B06A506} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {9FCB3D77-7F57-4034-B991-706FEB4AA182} - System32\Tasks\{838E15AD-3EE6-4DEA-9DC7-3A83E36DBF7B} => C:\Program Files\nb5\nb5plus.exe [2004-09-07] ()
Task: {AFECC124-E9E4-4FD5-94C0-EB1DA1B1797E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16] (Google Inc.)
Task: {B203654D-65C2-4E51-ADD4-6D6313D3B84C} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {B5902B47-E2CF-4D71-9853-E0779DF9CBCD} - System32\Tasks\{11CA2A88-CCBC-41FC-83DD-AA71C40AA90C} => C:\Program Files\nb5\nb5plus.exe [2004-09-07] ()
Task: {B6EB6871-6B3B-49BE-9B4A-23BA7B6A2176} - System32\Tasks\{FFD01B76-D03E-4A8C-9476-013DD8C59FD1} => C:\Program Files (x86)\wareconsult\My digital Diary 3\mdd3.exe [2006-03-31] (wareconsult GmbH & Co KG)
Task: {BA5DD4B0-5DA5-4DBB-A4E8-74046ED64B40} - System32\Tasks\Run RoboForm Process => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-06-25] (Siber Systems)
Task: {C211C5FC-6D7F-413A-B3A7-5701111EEDED} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C7DB6831-1FD8-470A-B525-00CFAFD94DDB} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe
Task: {CA26E753-B5F2-4781-824B-44380CFE2529} - System32\Tasks\{E87D48D7-1A64-42E0-84EF-0FBADE0A9543} => C:\Program Files\nb5\nb5plus.exe [2004-09-07] ()
Task: {D0B11944-7C2C-48D6-8DD3-C1A0DF784E39} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D3A6811C-A8D7-4C9E-B0E6-74119D4E9ADA} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {D847C518-6874-4117-967C-8A7583DFEE28} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16] (Google Inc.)
Task: {E01B5CBD-4BDC-4296-9CBA-4874FC26843F} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {E8B33F9D-8FD0-4E21-BF76-83E895ED7A51} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files (x86)\SmartDraw 2014\Messages\SDNotify.exe [2012-08-13] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356847380-486099396-757606752-1000Core.job => C:\Users\ða\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356847380-486099396-757606752-1000UA.job => C:\Users\ða\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe
Task: C:\Windows\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe
==================== Loaded Modules (whitelisted) =============
2013-10-02 09:27 - 2013-10-02 04:28 - 02102784 _____ () C:\Program Files\AVAST Software\Avast\defs\13100200\algo.dll
2011-08-24 22:03 - 2011-08-24 22:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:05F547A9
AlternateDataStreams: C:\ProgramData\Temp:0ADCCF52
AlternateDataStreams: C:\ProgramData\Temp:120B3AFD
AlternateDataStreams: C:\ProgramData\Temp:12F3508C
AlternateDataStreams: C:\ProgramData\Temp:14362DF8
AlternateDataStreams: C:\ProgramData\Temp:195E8317
AlternateDataStreams: C:\ProgramData\Temp:1C88C8E5
AlternateDataStreams: C:\ProgramData\Temp:27D1368B
AlternateDataStreams: C:\ProgramData\Temp:2C678471
AlternateDataStreams: C:\ProgramData\Temp:32A82570
AlternateDataStreams: C:\ProgramData\Temp:3313A48D
AlternateDataStreams: C:\ProgramData\Temp:38B32B54
AlternateDataStreams: C:\ProgramData\Temp:3ADE134E
AlternateDataStreams: C:\ProgramData\Temp:3BC173E4
AlternateDataStreams: C:\ProgramData\Temp:3C5ABDC7
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA
AlternateDataStreams: C:\ProgramData\Temp:50DD4118
AlternateDataStreams: C:\ProgramData\Temp:5511B474
AlternateDataStreams: C:\ProgramData\Temp:5DB36C47
AlternateDataStreams: C:\ProgramData\Temp:6AF67671
AlternateDataStreams: C:\ProgramData\Temp:6B2FBF73
AlternateDataStreams: C:\ProgramData\Temp:73AFBB96
AlternateDataStreams: C:\ProgramData\Temp:80FE037D
AlternateDataStreams: C:\ProgramData\Temp:88981452
AlternateDataStreams: C:\ProgramData\Temp:89CF6F9C
AlternateDataStreams: C:\ProgramData\Temp:8DD20B4A
AlternateDataStreams: C:\ProgramData\Temp:8E11CC80
AlternateDataStreams: C:\ProgramData\Temp:8F6B75BF
AlternateDataStreams: C:\ProgramData\Temp:8FC568E1
AlternateDataStreams: C:\ProgramData\Temp:9338F136
AlternateDataStreams: C:\ProgramData\Temp:934CA750
AlternateDataStreams: C:\ProgramData\Temp:9725F1BC
AlternateDataStreams: C:\ProgramData\Temp:9B285B76
AlternateDataStreams: C:\ProgramData\Temp:9BB8C675
AlternateDataStreams: C:\ProgramData\Temp:9FCF32A8
AlternateDataStreams: C:\ProgramData\Temp:A6881EE7
AlternateDataStreams: C:\ProgramData\Temp:AFB24B00
AlternateDataStreams: C:\ProgramData\Temp:B3A5945E
AlternateDataStreams: C:\ProgramData\Temp:B4530133
AlternateDataStreams: C:\ProgramData\Temp:B504E4C2
AlternateDataStreams: C:\ProgramData\Temp:B61767F5
AlternateDataStreams: C:\ProgramData\Temp:BF07EA98
AlternateDataStreams: C:\ProgramData\Temp055FC10
AlternateDataStreams: C:\ProgramData\Temp8F9D810
AlternateDataStreams: C:\ProgramData\TempE3ABE3D
AlternateDataStreams: C:\ProgramData\Temp:E0A09032
AlternateDataStreams: C:\ProgramData\Temp:E7B49FBF
AlternateDataStreams: C:\ProgramData\Temp:E8BF029E
AlternateDataStreams: C:\ProgramData\Temp:EFBD4447
AlternateDataStreams: C:\ProgramData\Temp:FBA79096
AlternateDataStreams: C:\ProgramData\Temp:FF717A18
==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (10/02/2013 02:14:42 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
Error: (10/02/2013 02:14:11 PM) (Source: CVHSVC) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
Error: (10/02/2013 02:13:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/02/2013 02:00:16 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Click-to-Run 2010 - Update 'Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\MSIa4aca.LOG.
Error: (10/02/2013 02:00:16 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service MAV Client PerfMon Provider (MAV Client PerfMon Provider) failed. The first DWORD in the Data section contains the error code.
Error: (10/02/2013 02:00:16 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to update the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the error code.
Error: (10/02/2013 02:00:14 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service MAV Client PerfMon Provider (MAV Client PerfMon Provider) failed. The first DWORD in the Data section contains the error code.
Error: (10/02/2013 02:00:14 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to update the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the error code.
Error: (10/02/2013 09:52:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/02/2013 09:47:50 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

System errors:
=============
Error: (10/02/2013 02:12:36 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service depends on the Server service which failed to start because of the following error: 
%%1068
Error: (10/02/2013 02:12:36 PM) (Source: Service Control Manager) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error: 
%%1058
Error: (10/02/2013 02:12:36 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service depends on the Server service which failed to start because of the following error: 
%%1068
Error: (10/02/2013 02:12:36 PM) (Source: Service Control Manager) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error: 
%%1058
Error: (10/02/2013 02:12:25 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service depends on the Server service which failed to start because of the following error: 
%%1068
Error: (10/02/2013 02:12:25 PM) (Source: Service Control Manager) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error: 
%%1058
Error: (10/02/2013 02:11:29 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
Error: (10/02/2013 02:11:26 PM) (Source: Service Control Manager) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error: 
%%1058
Error: (10/02/2013 02:11:23 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%2
Error: (10/02/2013 02:11:16 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a36\SystemRoot\System32\Config\SOFTWARE

Microsoft Office Sessions:
=========================
Error: (10/02/2013 02:14:42 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed
Error: (10/02/2013 02:14:11 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2
Error: (10/02/2013 02:13:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/02/2013 02:00:16 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft Office Click-to-Run 2010Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition1603C:\Windows\TEMP\MSIa4aca.LOG(NULL)(NULL)
Error: (10/02/2013 02:00:16 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: MAV Client PerfMon ProviderMAV Client PerfMon Provider8050000004D070000
Error: (10/02/2013 02:00:16 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 009120500000058F2010025030000
Error: (10/02/2013 02:00:14 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: MAV Client PerfMon ProviderMAV Client PerfMon Provider8050000004D070000
Error: (10/02/2013 02:00:14 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 009120500000058F2010025030000
Error: (10/02/2013 09:52:22 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/02/2013 09:47:50 AM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

==================== Memory info =========================== 
Percentage of memory in use: 42%
Total physical RAM: 3766.81 MB
Available physical RAM: 2177.95 MB
Total Pagefile: 7531.82 MB
Available Pagefile: 5913.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:281.99 GB) (Free:207.16 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 70A4F9A6)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=282 GB) - (Type=07 NTFS)
==================== End Of Log ============================

hope this helps


----------



## Cookiegal (Aug 27, 2003)

You have cut off the top portion of the log and I need to see that.

Please repost the entire FRST log (just the first one)


----------



## ldarlene (Sep 6, 2008)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Darlene (administrator) on OURLAPTOP on 02-10-2013 17:05:33
Running from C:\Users\Darlene\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [EfficientDiaryPro] - [x]
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Guest\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2013-06-25] (Siber Systems)
HKU\Terry.OURLAPTOP\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2013-06-25] (Siber Systems)
HKU\Terry.OURLAPTOP\...\Run: [SearchProtect] - C:\Users\Terry.OURLAPTOP\AppData\Roaming\SearchProtect\bin\cltmng.exe
AppInit_DLLs-x32: c:\progra~2\safesa~1\sprote~1.dll [ ] ()
BootExecute: autocheck autochk * bootdelete
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
URLSearchHook: (No Name) - {57e11d25-85f5-47e0-b044-cd2580fbac32} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.golsearch.com/?q={search...273718517A&affID=119357&tt=160913_c1&tsp=5012
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.golsearch.com/?q={search...273718517A&affID=119357&tt=160913_c1&tsp=5012
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File
BHO-x32: Bible Verser Toolbar - {57e11d25-85f5-47e0-b044-cd2580fbac32} - C:\Program Files (x86)\Bible_Verser\prxtbBibl.dll (Conduit Ltd.)
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Bible Verser Toolbar - {57e11d25-85f5-47e0-b044-cd2580fbac32} - C:\Program Files (x86)\Bible_Verser\prxtbBibl.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - No File
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKCU - No Name - {57E11D25-85F5-47E0-B044-CD2580FBAC32} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome: 
=======
CHR HomePage: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=040706273718517A&affID=119357&tt=160913_c1&tsp=5012
CHR RestoreOnStartup: "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=040706273718517A&affID=119357&tt=160913_c1&tsp=5012"
CHR DefaultSearchURL: (Delta Search) - http://www2.delta-search.com/?q={se...273718517A&affID=119357&tt=160913_c1&tsp=5012
CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Windows Live\u00C2\u2122 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Avery Toolbar) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanoehjhfnnichccofiabhckegmaaj\7.15.4.33337_0
CHR Extension: (YouTube) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (TidyNetwork.com ) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfjkmfhbimklfepkjmcpfajcojikheka\5.0.0.0_0
CHR Extension: (Discount Buddy) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbgonfbgjdmlkjofohofdjnakkfppge\1.24.17_0
CHR Extension: (PricePeep) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.3_0
CHR Extension: (Skype Click to Call) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (safe asave) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndppnjnhomgndlbebhccpbkfomncohhe\1
CHR Extension: (Gmail) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [aaaanoehjhfnnichccofiabhckegmaaj] - C:\Users\Darlene\AppData\Local\APN\GoogleCRXs\aaaanoehjhfnnichccofiabhckegmaaj_7.15.4.0.crx
CHR HKLM-x32\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Darlene\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Darlene\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\A40CE~1\AppData\Local\Temp\YontooLayers.crx
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S4 GsServer; C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [5802128 2013-04-02] ()
S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
S3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
==================== Drivers (Whitelisted) ====================
S3 AceecaUSBDx64; C:\Windows\System32\DRIVERS\AceecaUSBDx64.sys [66552 2012-10-18] (PalmSource, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2013-10-01] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
S1 zkxhczhf; \??\C:\Windows\system32\drivers\zkxhczhf.sys [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-10-02 17:05 - 2013-10-02 17:05 - 01954124 _____ (Farbar) C:\Users\Darlene\Desktop\FRST64.exe
2013-10-02 15:40 - 2013-10-02 15:45 - 00048737 _____ C:\Users\Darlene\Downloads\FRST.txt
2013-10-02 15:39 - 2013-10-02 15:40 - 00028966 _____ C:\Users\Darlene\Downloads\Addition.txt
2013-10-02 15:35 - 2013-10-02 15:35 - 00000000 ____D C:\FRST
2013-10-02 15:34 - 2013-10-02 15:35 - 01954124 _____ (Farbar) C:\Users\Darlene\Downloads\FRST64.exe
2013-10-02 15:31 - 2013-10-02 15:31 - 00000000 ____D C:\Users\Darlene\AppData\Local\{DD316EC1-056E-4274-A73F-6AC7C7BA6A83}
2013-10-02 14:32 - 2013-10-02 14:32 - 00000000 ____D C:\Users\Darlene\AppData\Local\{6F40D9FB-A010-44D6-B119-EBDFD65614EC}
2013-10-02 14:04 - 2013-10-02 14:05 - 00275181 _____ C:\Users\Darlene\Downloads\WindowsUpdateDiagnostic (1).diagcab
2013-10-02 13:45 - 2013-10-02 13:45 - 00000000 ____D C:\Users\Darlene\AppData\Local\{C986F4FA-C69E-4C68-8624-EB7885CE996B}
2013-10-02 09:37 - 2013-10-02 09:37 - 00985600 _____ C:\Users\Darlene\Downloads\MicrosoftFixit50123 (2).msi
2013-10-01 23:16 - 2013-10-01 23:17 - 00000000 ____D C:\Users\Darlene\AppData\Local\{E2B9CC94-94E1-459A-8C1A-E6F2578ADE17}
2013-10-01 23:00 - 2013-10-01 23:00 - 00000000 ____D C:\Users\Darlene\AppData\Local\{62DA0E00-6736-462C-A486-971EB21F510A}
2013-10-01 21:59 - 2013-10-01 21:59 - 00000000 ____D C:\Users\Darlene\AppData\Local\{2B1C21E4-A921-48F0-BC51-5747D9356D02}
2013-10-01 17:50 - 2013-10-01 17:50 - 00985600 _____ C:\Users\Darlene\Downloads\MicrosoftFixit50123 (1).msi
2013-10-01 16:14 - 2013-10-01 16:14 - 00275181 _____ C:\Users\Darlene\Downloads\WindowsUpdateDiagnostic.diagcab
2013-10-01 15:33 - 2013-10-01 15:45 - 00000000 ____D C:\Windows\system32\MRT
2013-10-01 14:20 - 2013-10-01 14:20 - 00003094 _____ C:\Users\Darlene\Documents\.reg
2013-10-01 04:42 - 2013-10-01 04:42 - 00000000 ____D C:\Users\Darlene\AppData\Local\{5B9A0F95-35D9-4CEF-9424-0ACF1D697A66}
2013-10-01 04:37 - 2013-10-01 04:37 - 00032512 ____H C:\Windows\system32\Drivers\hitmanpro37.sys
2013-10-01 04:36 - 2013-10-01 04:36 - 00011118 _____ C:\Windows\system32\.crusader
2013-10-01 04:16 - 2013-10-01 04:36 - 00000000 ____D C:\ProgramData\HitmanPro
2013-10-01 04:13 - 2013-10-01 04:13 - 00001495 _____ C:\Users\Darlene\Desktop\RKreport[0]_S_10012013_041356.txt
2013-10-01 04:00 - 2013-10-01 04:00 - 00006256 _____ C:\Users\Darlene\Desktop\RKreport[0]_D_10012013_040030.txt
2013-10-01 03:57 - 2013-10-01 03:57 - 00004455 _____ C:\Users\Darlene\Desktop\RKreport[0]_S_10012013_035701.txt
2013-10-01 03:54 - 2013-10-01 04:14 - 00000000 ____D C:\Users\Darlene\Desktop\RK_Quarantine
2013-10-01 00:06 - 2013-10-01 00:06 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-01 00:06 - 2013-10-01 00:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-01 00:06 - 2013-04-04 14:50 - 00025928 ____H (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-01 00:01 - 2013-10-01 00:04 - 00006520 _____ C:\Users\Darlene\Desktop\Rkill.txt
2013-10-01 00:01 - 2013-10-01 00:01 - 00000000 ____D C:\Users\Darlene\Desktop\rkill
2013-09-30 23:57 - 2013-09-30 23:57 - 00000805 _____ C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Internet Security.lnk
2013-09-30 23:57 - 2013-09-30 23:57 - 00000097 _____ C:\Users\Darlene\AppData\Roaming\avbase.dat
2013-09-30 18:08 - 2013-10-02 14:12 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-30 18:08 - 2013-09-30 18:08 - 00001926 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-30 18:08 - 2013-09-30 18:08 - 00000000 ____H C:\Windows\SysWOW64\config.nt
2013-09-30 18:08 - 2013-08-30 03:48 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-30 18:08 - 2013-08-30 03:48 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-30 18:08 - 2013-08-30 03:48 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-30 18:08 - 2013-08-30 03:48 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-30 18:08 - 2013-08-30 03:48 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-30 18:08 - 2013-08-30 03:48 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-30 18:08 - 2013-08-30 03:48 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-30 18:08 - 2013-08-30 03:48 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-30 18:08 - 2013-08-30 03:47 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-09-30 18:07 - 2013-09-30 18:07 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-30 18:07 - 2013-08-30 03:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-30 18:06 - 2013-09-30 18:07 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-30 07:31 - 2013-09-30 07:31 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{4D549AA8-9609-44B2-9A11-C76D47BC7631}
2013-09-30 00:06 - 2013-09-30 00:06 - 00000000 ____D C:\Users\Darlene\AppData\Local\{A91B8D18-CC74-4355-BBEB-4AA1713D71CA}
2013-09-29 22:55 - 2013-09-29 22:55 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-09-29 21:51 - 2013-09-29 21:51 - 00000000 ____D C:\Users\Darlene\AppData\Local\{49DE11D9-EB65-4303-8141-ADEFBFEB710C}
2013-09-29 09:20 - 2013-09-29 09:20 - 00000000 ____D C:\Users\Darlene\AppData\Local\{BBC27667-FEE7-4E5C-BAB2-E64C2C5EB140}
2013-09-28 14:39 - 2013-09-28 14:39 - 00000000 ____D C:\Users\Darlene\AppData\Local\{5135ADDB-1DA8-48D0-9BF8-0DA351B276B3}
2013-09-28 10:11 - 2013-09-28 10:11 - 00000000 ____D C:\Users\Darlene\AppData\Local\{79B7B415-7F45-4A03-B146-40D8129D7284}
2013-09-27 22:01 - 2013-09-27 22:01 - 00000000 ____D C:\Users\Darlene\AppData\Local\{CF9FDD06-14EA-4AE7-9098-2C4727F17C94}
2013-09-27 20:09 - 2013-09-27 20:09 - 00000000 ____D C:\Users\Darlene\AppData\Local\{89ED9516-69DF-43A0-9906-4AB89C6DBC96}
2013-09-27 12:32 - 2013-09-27 12:32 - 00000000 ____D C:\Users\Darlene\AppData\Local\{7A6A7889-C80C-45C7-99F1-C8D6CECDB945}
2013-09-26 23:41 - 2013-09-26 23:42 - 00000000 ____D C:\Users\Darlene\AppData\Local\{A0FDA72B-4D04-4526-A36A-0D81D298B2D0}
2013-09-26 12:01 - 2013-10-02 14:39 - 00015952 _____ C:\Users\Darlene\Documents\Currentbills2013-2014.xlsx
2013-09-26 11:21 - 2013-09-26 11:21 - 00010484 _____ C:\Users\Darlene\Documents\Book3.xlsx
2013-09-26 09:58 - 2013-09-26 09:58 - 00000000 ____D C:\Users\Darlene\AppData\Local\{38E7A3CB-5CF6-4C66-8944-5CC4846BB467}
2013-09-25 13:45 - 2013-09-25 13:46 - 00000000 ____D C:\Users\Darlene\AppData\Local\{97411F6C-942C-4B58-8D17-F9DF80C87155}
2013-09-25 11:42 - 2013-09-25 11:42 - 00000000 ____D C:\Users\Darlene\AppData\Local\{83C79716-B343-4C1D-9CFF-20F4E4228BE6}
2013-09-25 11:19 - 2013-09-25 11:19 - 00000000 ____D C:\Users\Darlene\AppData\Local\{2EF1C98D-C360-45D5-A6C0-7FC347F3FF6A}
2013-09-25 11:13 - 2013-09-25 11:13 - 00000000 ____D C:\Users\Darlene\AppData\Local\{9B92A6A3-0C9F-4EBA-8207-7616853D3A2E}
2013-09-25 09:35 - 2013-09-25 09:35 - 00000000 ____D C:\Users\Darlene\AppData\Local\{92670ECE-BA85-4837-970F-02BDE508111E}
2013-09-24 21:22 - 2013-09-24 21:23 - 00000000 ____D C:\Users\Darlene\AppData\Local\{3CB7EA54-D739-452C-8203-0EAB739A81D4}
2013-09-24 09:02 - 2013-09-24 09:03 - 00000000 ____D C:\Users\Darlene\AppData\Local\{1ED39084-168C-4EC8-AC82-5B2EA74180FE}
2013-09-23 19:14 - 2013-09-23 19:14 - 00000000 ____D C:\MATS
2013-09-23 11:08 - 2013-09-23 11:34 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-09-23 11:02 - 2013-09-23 11:02 - 01565744 _____ C:\Users\Darlene\Downloads\AVG_Remover_en.exe
2013-09-23 10:40 - 2013-09-23 10:40 - 00000000 ____D C:\Users\Darlene\AppData\Local\{4D6EDFD2-810C-4D35-890C-7F1FF2246477}
2013-09-23 09:40 - 2013-09-23 09:40 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-23 09:38 - 2013-09-23 09:39 - 78407592 _____ (AVG) C:\Users\Darlene\Downloads\avg_tuh_stf_all_2014_146_24c4(1).exe
2013-09-23 09:31 - 2013-09-23 09:32 - 78407592 _____ (AVG) C:\Users\Darlene\Downloads\avg_tuh_stf_all_2014_146_24c4.exe
2013-09-22 20:36 - 2013-09-22 20:36 - 209715200 _____ C:\Users\Darlene\Documents\Data Safe.avgfv
2013-09-22 20:31 - 2013-09-22 20:31 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-09-22 20:31 - 2013-09-22 20:31 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\AVG2014
2013-09-22 20:30 - 2013-09-22 20:31 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-22 20:30 - 2013-09-22 20:30 - 00000969 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-09-22 20:29 - 2013-09-22 20:29 - 00000000 ____D C:\Program Files (x86)\AVG
2013-09-22 20:26 - 2013-09-22 21:06 - 00000000 ____D C:\Users\Darlene\AppData\Local\Avg2014
2013-09-22 19:40 - 2013-09-22 19:40 - 00910992 _____ (Symantec Corporation) C:\Users\Darlene\Downloads\AutoDetectPkg(1).exe
2013-09-22 19:35 - 2013-09-22 19:36 - 00000000 ____D C:\Users\Darlene\AppData\Local\{25829028-D7F9-4BB9-BF00-6B909DEA6F0F}
2013-09-22 19:12 - 2013-09-22 19:12 - 00985600 _____ C:\Users\Darlene\Downloads\MicrosoftFixit50123.msi
2013-09-22 18:57 - 2013-09-22 18:57 - 00000000 ____D C:\Users\Darlene\AppData\Local\{AD7B68B9-A772-46CF-901A-75B22046F921}
2013-09-22 18:54 - 2013-09-22 18:54 - 00000000 ____D C:\Users\Darlene\AppData\Local\{95CC7150-0354-44A8-836B-F0DA77D8FAEC}
2013-09-22 05:41 - 2013-09-22 05:41 - 00000000 ____D C:\Users\Darlene\AppData\Local\avgchrome
2013-09-21 21:01 - 2013-09-21 21:02 - 00000000 ____D C:\Users\Darlene\AppData\Local\{0426E805-4232-409C-AF73-6FEEDCD81122}
2013-09-21 14:47 - 2013-09-21 14:47 - 00000000 ____D C:\Users\Darlene\AppData\Local\{012AD5D6-3786-4428-9206-A11820EEC469}
2013-09-21 10:10 - 2013-09-21 10:10 - 00000000 ____D C:\Users\Darlene\AppData\Local\{4140A045-E7AA-4CCC-94F3-F08AF8740337}
2013-09-20 22:19 - 2013-09-20 22:19 - 00000000 ____D C:\Users\Darlene\AppData\Local\Mozilla
2013-09-20 22:19 - 2013-09-20 22:19 - 00000000 ____D C:\ProgramData\Mozilla
2013-09-20 22:18 - 2013-09-23 13:34 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-20 22:18 - 2013-09-23 11:35 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-20 22:18 - 2013-09-23 11:34 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Delta
2013-09-20 22:18 - 2013-09-23 11:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-20 22:18 - 2013-09-20 22:18 - 22404568 _____ (Mozilla) C:\Users\Darlene\Downloads\Firefox_Setup [1].exe
2013-09-20 22:18 - 2013-09-20 22:18 - 00001886 _____ C:\Users\Darlene\Desktop\Search.lnk
2013-09-20 22:18 - 2013-09-20 22:18 - 00000000 ___HD C:\Windows\SysWOW64\searchplugins
2013-09-20 22:18 - 2013-09-20 22:18 - 00000000 ___HD C:\Windows\SysWOW64\Extensions
2013-09-20 22:18 - 2013-09-20 22:18 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\UpdaterEX
2013-09-20 22:18 - 2013-09-20 22:18 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-09-20 22:18 - 2013-09-20 22:18 - 00000000 ____D C:\ProgramData\Babylon
2013-09-20 22:18 - 2013-09-20 22:18 - 00000000 ____D C:\Program Files (x86)\Delta
2013-09-20 18:55 - 2013-09-20 18:56 - 00000000 ____D C:\Users\Darlene\AppData\Local\{F470A923-84E5-4B31-A95D-7BD413980AB7}
2013-09-20 15:38 - 2013-09-20 15:38 - 00000000 ____D C:\Users\Darlene\AppData\Local\{3C8DC1C1-CCAE-4F15-92CC-11DE3B5B7FDC}
2013-09-20 11:16 - 2013-09-20 11:16 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{E4A54E6A-A62E-4F52-B555-D764A2894CEA}
2013-09-19 11:30 - 2013-09-19 11:31 - 00000000 ____D C:\Users\Darlene\AppData\Local\{85071C38-DEF9-436F-886B-26920DD1241B}
2013-09-18 13:43 - 2013-09-18 13:44 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{C5C33947-A5D5-4E0F-8B5A-CC7FFD6059AF}
2013-09-18 06:10 - 2013-09-18 06:11 - 00000000 ____D C:\Users\Darlene\AppData\Local\{88715AA9-1E7E-4A75-BC5A-8CA637DC84FC}
2013-09-17 18:09 - 2013-09-17 18:10 - 00000000 ____D C:\Users\Darlene\AppData\Local\{6B2BA670-CDB5-457A-B447-24F8B83948F6}
2013-09-17 12:40 - 2013-09-17 12:40 - 00000000 ____D C:\Users\Darlene\AppData\Local\{FCE585D4-824A-42B6-92C7-79BFF92493B9}
2013-09-16 12:25 - 2013-09-16 12:26 - 00000000 ____D C:\Users\Darlene\AppData\Local\{BD5E2EC9-B468-4B77-B572-ABCDFB244DBA}
2013-09-15 17:50 - 2013-09-15 17:51 - 00000000 ____D C:\Users\Darlene\AppData\Local\{69072D5C-1A5F-47FE-966F-4262066F668B}
2013-09-15 09:14 - 2013-09-15 09:15 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{5FEACF98-042A-4A9C-9338-076D30EC2428}
2013-09-15 00:27 - 2013-09-15 00:27 - 00000000 ____D C:\Users\Darlene\AppData\Local\{ACD86EA0-D106-47D1-ADB6-6BFE91D9AFE6}
2013-09-14 23:37 - 2013-09-14 23:37 - 00000000 ____D C:\Users\Darlene\AppData\Local\{5884C53E-21E8-4D73-9E67-58A827A4A0B9}
2013-09-14 10:11 - 2013-09-14 10:12 - 00000000 ____D C:\Users\Darlene\AppData\Local\{9461CD23-637D-4F1F-A15D-9D9CC4F2244E}
2013-09-14 08:52 - 2013-09-14 08:53 - 00000000 ____D C:\Users\Darlene\AppData\Local\{AEBD61C0-6ED0-4403-BFDE-C415FA2115DB}
2013-09-13 19:29 - 2013-09-13 19:29 - 00000000 ____D C:\Users\Darlene\AppData\Local\{E2805083-C09D-4D30-BC5A-4AA0F9C25AC4}
2013-09-13 18:39 - 2013-09-13 18:39 - 00000000 ____D C:\Users\Darlene\AppData\Local\{9877C648-09D7-423B-A0EB-E8F46359E1CB}
2013-09-13 00:55 - 2013-09-13 00:56 - 00000000 ____D C:\Users\Darlene\AppData\Local\{8FD27D76-DA40-42D0-9069-E04884ADCBD4}
2013-09-12 23:41 - 2013-09-12 23:41 - 00000000 ____D C:\Users\Darlene\AppData\Local\{64CAED06-BC61-459C-9D6F-34209A4BBB00}
2013-09-12 23:40 - 2013-09-12 23:40 - 00000000 ____D C:\Users\Darlene\AppData\Local\{871132DB-6DBE-486E-832A-93AA2002A2A7}
2013-09-12 23:12 - 2013-09-12 23:12 - 00000000 ____D C:\Users\Darlene\AppData\Local\{95A64DFF-DA5A-4240-B0C5-78EF215AD5DB}
2013-09-12 10:52 - 2013-09-12 10:52 - 00000000 ____D C:\Users\Darlene\AppData\Local\{E1A3E8F2-9F6B-407E-9D7D-AB499984801D}
2013-09-11 09:01 - 2013-09-11 09:01 - 00000000 ____D C:\Users\Darlene\AppData\Local\{24A4B2A3-D1B0-4CE7-9701-49CCEDB61B58}
2013-09-10 17:21 - 2013-09-10 17:21 - 00000000 ____D C:\Users\Darlene\AppData\Local\{53937EC9-87F1-49A3-9474-7FFDD5B93360}
2013-09-10 09:25 - 2013-09-10 09:25 - 00000000 ____D C:\Users\Darlene\AppData\Local\{4743375F-37AA-41B2-B4B7-882F0BD479B1}
2013-09-10 09:07 - 2013-09-10 09:07 - 00000000 ____D C:\Users\Darlene\AppData\Local\{A80289C1-FE7E-4964-8E36-DC3D0B642229}
2013-09-09 18:03 - 2013-09-09 18:03 - 00000000 ____D C:\Users\Darlene\AppData\Local\{DDC5B70F-D2B0-4B33-931D-EA7E6B294B0F}
2013-09-09 18:02 - 2013-09-09 18:02 - 00000000 ____D C:\Users\Darlene\AppData\Local\{D9EB7331-8BA2-401E-B944-BAF422059FC0}
2013-09-09 16:55 - 2013-09-09 16:55 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{A1D86197-73AA-4412-AC12-F79EB9DD4B2B}
2013-09-09 00:58 - 2013-09-09 00:59 - 00000000 ____D C:\Users\Darlene\AppData\Local\{11B1BCA4-100F-4EA1-A2F6-CC60626BAECE}
2013-09-09 00:50 - 2013-09-09 00:50 - 00000000 ____D C:\Users\Darlene\AppData\Local\{59BA6E21-4E00-4C17-9E3B-72650A94DAE2}
2013-09-09 00:49 - 2013-09-08 16:27 - 00001050 _____ C:\Users\Darlene\Desktop\Free FreeCell Solitaire.lnk
2013-09-08 16:28 - 2013-09-08 16:28 - 00000000 ____D C:\ProgramData\TreeCardGames
2013-09-08 16:27 - 2013-09-08 16:27 - 00001038 _____ C:\Users\Public\Desktop\Free FreeCell Solitaire.lnk
2013-09-08 16:27 - 2013-09-08 16:27 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\TreeCardGames
2013-09-08 16:27 - 2013-09-08 16:27 - 00000000 ____D C:\Program Files (x86)\Free FreeCell Solitaire
2013-09-08 10:55 - 2013-09-08 10:55 - 00000000 ____D C:\Users\Darlene\AppData\Local\{4F54CC68-DC31-4D19-8CF9-CAE01A6FB9FB}
2013-09-07 10:22 - 2013-09-07 10:23 - 00000000 ____D C:\Users\Darlene\AppData\Local\{77605879-C14B-45B2-8B7B-FF9637F2F178}
2013-09-06 11:22 - 2013-09-06 11:23 - 00000000 ____D C:\Users\Darlene\AppData\Local\{09E6D503-F01A-4811-B019-9DA8CF81C633}
2013-09-05 10:29 - 2013-09-05 10:30 - 00000000 ____D C:\Users\Darlene\AppData\Local\{58E62AFD-DC4D-4DD8-9F07-C50CCA60006D}
2013-09-05 09:53 - 2013-09-05 09:53 - 00000000 ____D C:\Users\Darlene\AppData\Local\{7EDBAFE1-05D1-4B07-820C-78D69F85973B}
2013-09-04 21:15 - 2013-09-04 21:17 - 00000000 ____D C:\Users\Darlene\AppData\Local\{594FAE71-A3C5-4981-882E-39A98ED5140B}
2013-09-04 08:44 - 2013-09-04 08:44 - 00000000 ____D C:\Users\Darlene\AppData\Local\{E6C0D0A6-0A05-40CA-BF2E-15F2236E7FDA}
2013-09-03 11:34 - 2013-09-03 11:34 - 00000000 ____D C:\Users\Darlene\AppData\Local\{465DA25E-6909-496D-8797-E6EC7187E651}
2013-09-03 00:57 - 2013-09-11 00:52 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Tubyuv
2013-09-03 00:57 - 2013-09-11 00:22 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Iqlu
2013-09-03 00:57 - 2013-09-03 00:57 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Isfixo
2013-09-02 22:54 - 2013-09-02 22:54 - 00000000 ____D C:\Users\Darlene\AppData\Local\{9039777E-0622-4912-ADE0-46895A5AD31F}
2013-09-02 09:05 - 2013-09-02 09:05 - 00000000 ____D C:\Users\Darlene\AppData\Local\{F952E9C2-19F0-42C8-A090-881E78F5E166}
==================== One Month Modified Files and Folders =======
2013-10-02 17:05 - 2013-10-02 17:05 - 01954124 _____ (Farbar) C:\Users\Darlene\Desktop\FRST64.exe
2013-10-02 16:56 - 2012-05-27 16:43 - 00000830 ____H C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-02 16:46 - 2012-11-16 11:26 - 00000900 ____H C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-02 16:26 - 2012-05-19 21:21 - 00000896 ____H C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356847380-486099396-757606752-1000UA.job
2013-10-02 15:45 - 2013-10-02 15:40 - 00048737 _____ C:\Users\Darlene\Downloads\FRST.txt
2013-10-02 15:40 - 2013-10-02 15:39 - 00028966 _____ C:\Users\Darlene\Downloads\Addition.txt
2013-10-02 15:35 - 2013-10-02 15:35 - 00000000 ____D C:\FRST
2013-10-02 15:35 - 2013-10-02 15:34 - 01954124 _____ (Farbar) C:\Users\Darlene\Downloads\FRST64.exe
2013-10-02 15:31 - 2013-10-02 15:31 - 00000000 ____D C:\Users\Darlene\AppData\Local\{DD316EC1-056E-4274-A73F-6AC7C7BA6A83}
2013-10-02 14:40 - 2011-12-30 11:14 - 01878104 _____ C:\Windows\WindowsUpdate.log
2013-10-02 14:39 - 2013-09-26 12:01 - 00015952 _____ C:\Users\Darlene\Documents\Currentbills2013-2014.xlsx
2013-10-02 14:32 - 2013-10-02 14:32 - 00000000 ____D C:\Users\Darlene\AppData\Local\{6F40D9FB-A010-44D6-B119-EBDFD65614EC}
2013-10-02 14:18 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-02 14:18 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-02 14:12 - 2013-09-30 18:08 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-10-02 14:12 - 2013-02-07 16:47 - 00000476 ____H C:\Windows\Tasks\SDMsgUpdate (TE).job
2013-10-02 14:11 - 2012-11-16 11:26 - 00000896 ____H C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-02 14:11 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-02 14:11 - 2009-07-14 00:51 - 00097203 ____H C:\Windows\setupact.log
2013-10-02 14:05 - 2013-10-02 14:04 - 00275181 _____ C:\Users\Darlene\Downloads\WindowsUpdateDiagnostic (1).diagcab
2013-10-02 13:45 - 2013-10-02 13:45 - 00000000 ____D C:\Users\Darlene\AppData\Local\{C986F4FA-C69E-4C68-8624-EB7885CE996B}
2013-10-02 09:37 - 2013-10-02 09:37 - 00985600 _____ C:\Users\Darlene\Downloads\MicrosoftFixit50123 (2).msi
2013-10-01 23:17 - 2013-10-01 23:16 - 00000000 ____D C:\Users\Darlene\AppData\Local\{E2B9CC94-94E1-459A-8C1A-E6F2578ADE17}
2013-10-01 23:00 - 2013-10-01 23:00 - 00000000 ____D C:\Users\Darlene\AppData\Local\{62DA0E00-6736-462C-A486-971EB21F510A}
2013-10-01 21:59 - 2013-10-01 21:59 - 00000000 ____D C:\Users\Darlene\AppData\Local\{2B1C21E4-A921-48F0-BC51-5747D9356D02}
2013-10-01 21:26 - 2012-05-19 21:21 - 00000844 ____H C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356847380-486099396-757606752-1000Core.job
2013-10-01 21:03 - 2012-05-17 23:01 - 00803792 ____H C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-01 17:50 - 2013-10-01 17:50 - 00985600 _____ C:\Users\Darlene\Downloads\MicrosoftFixit50123 (1).msi
2013-10-01 17:46 - 2012-06-12 15:46 - 00000000 ____D C:\Users\Darlene
2013-10-01 17:45 - 2012-07-06 07:56 - 00000000 ____D C:\Users\Guest
2013-10-01 17:45 - 2012-06-12 15:46 - 00000000 ____D C:\Users\Darlene\AppData\Local\PowerCinema
2013-10-01 17:45 - 2012-06-12 15:41 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\PowerCinema
2013-10-01 17:45 - 2012-06-12 15:41 - 00000000 ____D C:\Users\Terry.OURLAPTOP
2013-10-01 17:45 - 2012-05-17 23:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-10-01 17:45 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\registration
2013-10-01 16:14 - 2013-10-01 16:14 - 00275181 _____ C:\Users\Darlene\Downloads\WindowsUpdateDiagnostic.diagcab
2013-10-01 15:53 - 2009-07-14 01:13 - 00801466 ____H C:\Windows\system32\PerfStringBackup.INI
2013-10-01 15:45 - 2013-10-01 15:33 - 00000000 ____D C:\Windows\system32\MRT
2013-10-01 14:20 - 2013-10-01 14:20 - 00003094 _____ C:\Users\Darlene\Documents\.reg
2013-10-01 04:42 - 2013-10-01 04:42 - 00000000 ____D C:\Users\Darlene\AppData\Local\{5B9A0F95-35D9-4CEF-9424-0ACF1D697A66}
2013-10-01 04:37 - 2013-10-01 04:37 - 00032512 ____H C:\Windows\system32\Drivers\hitmanpro37.sys
2013-10-01 04:36 - 2013-10-01 04:36 - 00011118 _____ C:\Windows\system32\.crusader
2013-10-01 04:36 - 2013-10-01 04:16 - 00000000 ____D C:\ProgramData\HitmanPro
2013-10-01 04:14 - 2013-10-01 03:54 - 00000000 ____D C:\Users\Darlene\Desktop\RK_Quarantine
2013-10-01 04:13 - 2013-10-01 04:13 - 00001495 _____ C:\Users\Darlene\Desktop\RKreport[0]_S_10012013_041356.txt
2013-10-01 04:00 - 2013-10-01 04:00 - 00006256 _____ C:\Users\Darlene\Desktop\RKreport[0]_D_10012013_040030.txt
2013-10-01 03:57 - 2013-10-01 03:57 - 00004455 _____ C:\Users\Darlene\Desktop\RKreport[0]_S_10012013_035701.txt
2013-10-01 03:49 - 2010-11-20 23:47 - 00284044 ____H C:\Windows\PFRO.log
2013-10-01 00:23 - 2013-06-20 13:23 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Systweak
2013-10-01 00:06 - 2013-10-01 00:06 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-01 00:06 - 2013-10-01 00:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-01 00:04 - 2013-10-01 00:01 - 00006520 _____ C:\Users\Darlene\Desktop\Rkill.txt
2013-10-01 00:01 - 2013-10-01 00:01 - 00000000 ____D C:\Users\Darlene\Desktop\rkill
2013-09-30 23:57 - 2013-09-30 23:57 - 00000805 _____ C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Internet Security.lnk
2013-09-30 23:57 - 2013-09-30 23:57 - 00000097 _____ C:\Users\Darlene\AppData\Roaming\avbase.dat
2013-09-30 23:08 - 2012-07-16 23:31 - 00002186 _____ C:\Windows\epplauncher.mif
2013-09-30 20:16 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-30 20:16 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\AppCompat
2013-09-30 19:25 - 2013-07-26 14:54 - 00000000 ____D C:\Program Files (x86)\SafeSaver
2013-09-30 18:08 - 2013-09-30 18:08 - 00001926 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-30 18:08 - 2013-09-30 18:08 - 00000000 ____H C:\Windows\SysWOW64\config.nt
2013-09-30 18:07 - 2013-09-30 18:07 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-30 18:07 - 2013-09-30 18:06 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-30 07:31 - 2013-09-30 07:31 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{4D549AA8-9609-44B2-9A11-C76D47BC7631}
2013-09-30 00:06 - 2013-09-30 00:06 - 00000000 ____D C:\Users\Darlene\AppData\Local\{A91B8D18-CC74-4355-BBEB-4AA1713D71CA}
2013-09-29 22:55 - 2013-09-29 22:55 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-09-29 21:51 - 2013-09-29 21:51 - 00000000 ____D C:\Users\Darlene\AppData\Local\{49DE11D9-EB65-4303-8141-ADEFBFEB710C}
2013-09-29 09:20 - 2013-09-29 09:20 - 00000000 ____D C:\Users\Darlene\AppData\Local\{BBC27667-FEE7-4E5C-BAB2-E64C2C5EB140}
2013-09-29 00:05 - 2012-06-14 21:49 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\SoftGrid Client
2013-09-28 14:39 - 2013-09-28 14:39 - 00000000 ____D C:\Users\Darlene\AppData\Local\{5135ADDB-1DA8-48D0-9BF8-0DA351B276B3}
2013-09-28 10:11 - 2013-09-28 10:11 - 00000000 ____D C:\Users\Darlene\AppData\Local\{79B7B415-7F45-4A03-B146-40D8129D7284}
2013-09-27 22:01 - 2013-09-27 22:01 - 00000000 ____D C:\Users\Darlene\AppData\Local\{CF9FDD06-14EA-4AE7-9098-2C4727F17C94}
2013-09-27 20:09 - 2013-09-27 20:09 - 00000000 ____D C:\Users\Darlene\AppData\Local\{89ED9516-69DF-43A0-9906-4AB89C6DBC96}
2013-09-27 12:32 - 2013-09-27 12:32 - 00000000 ____D C:\Users\Darlene\AppData\Local\{7A6A7889-C80C-45C7-99F1-C8D6CECDB945}
2013-09-26 23:42 - 2013-09-26 23:41 - 00000000 ____D C:\Users\Darlene\AppData\Local\{A0FDA72B-4D04-4526-A36A-0D81D298B2D0}
2013-09-26 12:15 - 2012-12-18 13:19 - 00016468 _____ C:\Users\Darlene\Documents\bills2013.xlsx
2013-09-26 11:21 - 2013-09-26 11:21 - 00010484 _____ C:\Users\Darlene\Documents\Book3.xlsx
2013-09-26 11:21 - 2013-07-22 17:00 - 00012978 _____ C:\Users\Darlene\Documents\billsbackpage2013July.xlsx
2013-09-26 09:58 - 2013-09-26 09:58 - 00000000 ____D C:\Users\Darlene\AppData\Local\{38E7A3CB-5CF6-4C66-8944-5CC4846BB467}
2013-09-25 13:46 - 2013-09-25 13:45 - 00000000 ____D C:\Users\Darlene\AppData\Local\{97411F6C-942C-4B58-8D17-F9DF80C87155}
2013-09-25 11:42 - 2013-09-25 11:42 - 00000000 ____D C:\Users\Darlene\AppData\Local\{83C79716-B343-4C1D-9CFF-20F4E4228BE6}
2013-09-25 11:19 - 2013-09-25 11:19 - 00000000 ____D C:\Users\Darlene\AppData\Local\{2EF1C98D-C360-45D5-A6C0-7FC347F3FF6A}
2013-09-25 11:13 - 2013-09-25 11:13 - 00000000 ____D C:\Users\Darlene\AppData\Local\{9B92A6A3-0C9F-4EBA-8207-7616853D3A2E}
2013-09-25 09:35 - 2013-09-25 09:35 - 00000000 ____D C:\Users\Darlene\AppData\Local\{92670ECE-BA85-4837-970F-02BDE508111E}
2013-09-24 21:23 - 2013-09-24 21:22 - 00000000 ____D C:\Users\Darlene\AppData\Local\{3CB7EA54-D739-452C-8203-0EAB739A81D4}
2013-09-24 09:03 - 2013-09-24 09:02 - 00000000 ____D C:\Users\Darlene\AppData\Local\{1ED39084-168C-4EC8-AC82-5B2EA74180FE}
2013-09-23 19:36 - 2013-01-22 16:48 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Softarama
2013-09-23 19:31 - 2011-12-30 11:25 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-09-23 19:31 - 2011-10-13 11:17 - 00000000 ____D C:\ProgramData\McAfee
2013-09-23 19:25 - 2013-01-22 18:09 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-09-23 19:24 - 2013-02-06 18:08 - 00000000 ____D C:\Program Files\McAfee
2013-09-23 19:14 - 2013-09-23 19:14 - 00000000 ____D C:\MATS
2013-09-23 13:34 - 2013-09-20 22:18 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-23 11:35 - 2013-09-20 22:18 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-23 11:34 - 2013-09-23 11:08 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-09-23 11:34 - 2013-09-20 22:18 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Delta
2013-09-23 11:12 - 2013-09-20 22:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-23 11:12 - 2012-11-13 02:01 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Mozilla
2013-09-23 11:02 - 2013-09-23 11:02 - 01565744 _____ C:\Users\Darlene\Downloads\AVG_Remover_en.exe
2013-09-23 10:40 - 2013-09-23 10:40 - 00000000 ____D C:\Users\Darlene\AppData\Local\{4D6EDFD2-810C-4D35-890C-7F1FF2246477}
2013-09-23 09:40 - 2013-09-23 09:40 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-23 09:39 - 2013-09-23 09:38 - 78407592 _____ (AVG) C:\Users\Darlene\Downloads\avg_tuh_stf_all_2014_146_24c4(1).exe
2013-09-23 09:32 - 2013-09-23 09:31 - 78407592 _____ (AVG) C:\Users\Darlene\Downloads\avg_tuh_stf_all_2014_146_24c4.exe
2013-09-22 21:06 - 2013-09-22 20:26 - 00000000 ____D C:\Users\Darlene\AppData\Local\Avg2014
2013-09-22 20:36 - 2013-09-22 20:36 - 209715200 _____ C:\Users\Darlene\Documents\Data Safe.avgfv
2013-09-22 20:31 - 2013-09-22 20:31 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-09-22 20:31 - 2013-09-22 20:31 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\AVG2014
2013-09-22 20:31 - 2013-09-22 20:30 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-22 20:30 - 2013-09-22 20:30 - 00000969 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-09-22 20:29 - 2013-09-22 20:29 - 00000000 ____D C:\Program Files (x86)\AVG
2013-09-22 19:40 - 2013-09-22 19:40 - 00910992 _____ (Symantec Corporation) C:\Users\Darlene\Downloads\AutoDetectPkg(1).exe
2013-09-22 19:36 - 2013-09-22 19:35 - 00000000 ____D C:\Users\Darlene\AppData\Local\{25829028-D7F9-4BB9-BF00-6B909DEA6F0F}
2013-09-22 19:12 - 2013-09-22 19:12 - 00985600 _____ C:\Users\Darlene\Downloads\MicrosoftFixit50123.msi
2013-09-22 18:57 - 2013-09-22 18:57 - 00000000 ____D C:\Users\Darlene\AppData\Local\{AD7B68B9-A772-46CF-901A-75B22046F921}
2013-09-22 18:54 - 2013-09-22 18:54 - 00000000 ____D C:\Users\Darlene\AppData\Local\{95CC7150-0354-44A8-836B-F0DA77D8FAEC}
2013-09-22 05:41 - 2013-09-22 05:41 - 00000000 ____D C:\Users\Darlene\AppData\Local\avgchrome
2013-09-21 21:02 - 2013-09-21 21:01 - 00000000 ____D C:\Users\Darlene\AppData\Local\{0426E805-4232-409C-AF73-6FEEDCD81122}
2013-09-21 14:47 - 2013-09-21 14:47 - 00000000 ____D C:\Users\Darlene\AppData\Local\{012AD5D6-3786-4428-9206-A11820EEC469}
2013-09-21 10:10 - 2013-09-21 10:10 - 00000000 ____D C:\Users\Darlene\AppData\Local\{4140A045-E7AA-4CCC-94F3-F08AF8740337}
2013-09-20 22:19 - 2013-09-20 22:19 - 00000000 ____D C:\Users\Darlene\AppData\Local\Mozilla
2013-09-20 22:19 - 2013-09-20 22:19 - 00000000 ____D C:\ProgramData\Mozilla
2013-09-20 22:18 - 2013-09-20 22:18 - 22404568 _____ (Mozilla) C:\Users\Darlene\Downloads\Firefox_Setup [1].exe
2013-09-20 22:18 - 2013-09-20 22:18 - 00001886 _____ C:\Users\Darlene\Desktop\Search.lnk
2013-09-20 22:18 - 2013-09-20 22:18 - 00000000 ___HD C:\Windows\SysWOW64\searchplugins
2013-09-20 22:18 - 2013-09-20 22:18 - 00000000 ___HD C:\Windows\SysWOW64\Extensions
2013-09-20 22:18 - 2013-09-20 22:18 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\UpdaterEX
2013-09-20 22:18 - 2013-09-20 22:18 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-09-20 22:18 - 2013-09-20 22:18 - 00000000 ____D C:\ProgramData\Babylon
2013-09-20 22:18 - 2013-09-20 22:18 - 00000000 ____D C:\Program Files (x86)\Delta
2013-09-20 18:56 - 2013-09-20 18:55 - 00000000 ____D C:\Users\Darlene\AppData\Local\{F470A923-84E5-4B31-A95D-7BD413980AB7}
2013-09-20 15:38 - 2013-09-20 15:38 - 00000000 ____D C:\Users\Darlene\AppData\Local\{3C8DC1C1-CCAE-4F15-92CC-11DE3B5B7FDC}
2013-09-20 11:16 - 2013-09-20 11:16 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{E4A54E6A-A62E-4F52-B555-D764A2894CEA}
2013-09-19 15:56 - 2012-05-27 16:43 - 00692616 ____H (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 15:56 - 2012-05-27 16:43 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 15:56 - 2011-10-13 11:29 - 00071048 ____H (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-19 11:31 - 2013-09-19 11:30 - 00000000 ____D C:\Users\Darlene\AppData\Local\{85071C38-DEF9-436F-886B-26920DD1241B}
2013-09-18 13:44 - 2013-09-18 13:43 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{C5C33947-A5D5-4E0F-8B5A-CC7FFD6059AF}
2013-09-18 06:11 - 2013-09-18 06:10 - 00000000 ____D C:\Users\Darlene\AppData\Local\{88715AA9-1E7E-4A75-BC5A-8CA637DC84FC}
2013-09-17 18:10 - 2013-09-17 18:09 - 00000000 ____D C:\Users\Darlene\AppData\Local\{6B2BA670-CDB5-457A-B447-24F8B83948F6}
2013-09-17 12:40 - 2013-09-17 12:40 - 00000000 ____D C:\Users\Darlene\AppData\Local\{FCE585D4-824A-42B6-92C7-79BFF92493B9}
2013-09-16 15:19 - 2012-11-13 01:48 - 00000000 ____D C:\Users\Darlene\Documents\Cook'n10
2013-09-16 12:26 - 2013-09-16 12:25 - 00000000 ____D C:\Users\Darlene\AppData\Local\{BD5E2EC9-B468-4B77-B572-ABCDFB244DBA}
2013-09-15 17:51 - 2013-09-15 17:50 - 00000000 ____D C:\Users\Darlene\AppData\Local\{69072D5C-1A5F-47FE-966F-4262066F668B}
2013-09-15 09:15 - 2013-09-15 09:14 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{5FEACF98-042A-4A9C-9338-076D30EC2428}
2013-09-15 00:27 - 2013-09-15 00:27 - 00000000 ____D C:\Users\Darlene\AppData\Local\{ACD86EA0-D106-47D1-ADB6-6BFE91D9AFE6}
2013-09-14 23:37 - 2013-09-14 23:37 - 00000000 ____D C:\Users\Darlene\AppData\Local\{5884C53E-21E8-4D73-9E67-58A827A4A0B9}
2013-09-14 23:19 - 2013-07-26 14:53 - 00000000 ____D C:\ProgramData\safe asave
2013-09-14 23:19 - 2013-05-23 09:24 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Roaming\SearchProtect
2013-09-14 23:19 - 2013-05-22 22:29 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\SearchProtect
2013-09-14 23:19 - 2013-05-22 22:29 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-09-14 10:12 - 2013-09-14 10:11 - 00000000 ____D C:\Users\Darlene\AppData\Local\{9461CD23-637D-4F1F-A15D-9D9CC4F2244E}
2013-09-14 08:53 - 2013-09-14 08:52 - 00000000 ____D C:\Users\Darlene\AppData\Local\{AEBD61C0-6ED0-4403-BFDE-C415FA2115DB}
2013-09-13 19:29 - 2013-09-13 19:29 - 00000000 ____D C:\Users\Darlene\AppData\Local\{E2805083-C09D-4D30-BC5A-4AA0F9C25AC4}
2013-09-13 18:39 - 2013-09-13 18:39 - 00000000 ____D C:\Users\Darlene\AppData\Local\{9877C648-09D7-423B-A0EB-E8F46359E1CB}
2013-09-13 00:56 - 2013-09-13 00:55 - 00000000 ____D C:\Users\Darlene\AppData\Local\{8FD27D76-DA40-42D0-9069-E04884ADCBD4}
2013-09-12 23:41 - 2013-09-12 23:41 - 00000000 ____D C:\Users\Darlene\AppData\Local\{64CAED06-BC61-459C-9D6F-34209A4BBB00}
2013-09-12 23:40 - 2013-09-12 23:40 - 00000000 ____D C:\Users\Darlene\AppData\Local\{871132DB-6DBE-486E-832A-93AA2002A2A7}
2013-09-12 23:12 - 2013-09-12 23:12 - 00000000 ____D C:\Users\Darlene\AppData\Local\{95A64DFF-DA5A-4240-B0C5-78EF215AD5DB}
2013-09-12 10:52 - 2013-09-12 10:52 - 00000000 ____D C:\Users\Darlene\AppData\Local\{E1A3E8F2-9F6B-407E-9D7D-AB499984801D}
2013-09-11 09:27 - 2009-07-14 01:08 - 00032570 ____H C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-11 09:01 - 2013-09-11 09:01 - 00000000 ____D C:\Users\Darlene\AppData\Local\{24A4B2A3-D1B0-4CE7-9701-49CCEDB61B58}
2013-09-11 00:52 - 2013-09-03 00:57 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Tubyuv
2013-09-11 00:22 - 2013-09-03 00:57 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Iqlu
2013-09-10 17:21 - 2013-09-10 17:21 - 00000000 ____D C:\Users\Darlene\AppData\Local\{53937EC9-87F1-49A3-9474-7FFDD5B93360}
2013-09-10 09:25 - 2013-09-10 09:25 - 00000000 ____D C:\Users\Darlene\AppData\Local\{4743375F-37AA-41B2-B4B7-882F0BD479B1}
2013-09-10 09:07 - 2013-09-10 09:07 - 00000000 ____D C:\Users\Darlene\AppData\Local\{A80289C1-FE7E-4964-8E36-DC3D0B642229}
2013-09-09 18:03 - 2013-09-09 18:03 - 00000000 ____D C:\Users\Darlene\AppData\Local\{DDC5B70F-D2B0-4B33-931D-EA7E6B294B0F}
2013-09-09 18:02 - 2013-09-09 18:02 - 00000000 ____D C:\Users\Darlene\AppData\Local\{D9EB7331-8BA2-401E-B944-BAF422059FC0}
2013-09-09 16:55 - 2013-09-09 16:55 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{A1D86197-73AA-4412-AC12-F79EB9DD4B2B}
2013-09-09 00:59 - 2013-09-09 00:58 - 00000000 ____D C:\Users\Darlene\AppData\Local\{11B1BCA4-100F-4EA1-A2F6-CC60626BAECE}
2013-09-09 00:50 - 2013-09-09 00:50 - 00000000 ____D C:\Users\Darlene\AppData\Local\{59BA6E21-4E00-4C17-9E3B-72650A94DAE2}
2013-09-08 16:28 - 2013-09-08 16:28 - 00000000 ____D C:\ProgramData\TreeCardGames
2013-09-08 16:27 - 2013-09-09 00:49 - 00001050 _____ C:\Users\Darlene\Desktop\Free FreeCell Solitaire.lnk
2013-09-08 16:27 - 2013-09-08 16:27 - 00001038 _____ C:\Users\Public\Desktop\Free FreeCell Solitaire.lnk
2013-09-08 16:27 - 2013-09-08 16:27 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\TreeCardGames
2013-09-08 16:27 - 2013-09-08 16:27 - 00000000 ____D C:\Program Files (x86)\Free FreeCell Solitaire
2013-09-08 10:55 - 2013-09-08 10:55 - 00000000 ____D C:\Users\Darlene\AppData\Local\{4F54CC68-DC31-4D19-8CF9-CAE01A6FB9FB}
2013-09-07 10:58 - 2013-01-03 02:09 - 00000000 ____D C:\Users\Darlene\AppData\Local\Apple Computer
2013-09-07 10:23 - 2013-09-07 10:22 - 00000000 ____D C:\Users\Darlene\AppData\Local\{77605879-C14B-45B2-8B7B-FF9637F2F178}
2013-09-06 12:14 - 2012-07-31 21:59 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Skype
2013-09-06 11:23 - 2013-09-06 11:22 - 00000000 ____D C:\Users\Darlene\AppData\Local\{09E6D503-F01A-4811-B019-9DA8CF81C633}
2013-09-05 10:30 - 2013-09-05 10:29 - 00000000 ____D C:\Users\Darlene\AppData\Local\{58E62AFD-DC4D-4DD8-9F07-C50CCA60006D}
2013-09-05 09:53 - 2013-09-05 09:53 - 00000000 ____D C:\Users\Darlene\AppData\Local\{7EDBAFE1-05D1-4B07-820C-78D69F85973B}
2013-09-04 21:17 - 2013-09-04 21:15 - 00000000 ____D C:\Users\Darlene\AppData\Local\{594FAE71-A3C5-4981-882E-39A98ED5140B}
2013-09-04 08:44 - 2013-09-04 08:44 - 00000000 ____D C:\Users\Darlene\AppData\Local\{E6C0D0A6-0A05-40CA-BF2E-15F2236E7FDA}
2013-09-03 15:52 - 2012-07-31 10:22 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-03 11:34 - 2013-09-03 11:34 - 00000000 ____D C:\Users\Darlene\AppData\Local\{465DA25E-6909-496D-8797-E6EC7187E651}
2013-09-03 00:57 - 2013-09-03 00:57 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Isfixo
2013-09-03 00:57 - 2012-07-31 10:23 - 00000000 ____D C:\Users\Darlene\AppData\Local\Google
2013-09-02 22:54 - 2013-09-02 22:54 - 00000000 ____D C:\Users\Darlene\AppData\Local\{9039777E-0622-4912-ADE0-46895A5AD31F}
2013-09-02 09:05 - 2013-09-02 09:05 - 00000000 ____D C:\Users\Darlene\AppData\Local\{F952E9C2-19F0-42C8-A090-881E78F5E166}
Files to move or delete:
====================
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Some content of TEMP:
====================
C:\Users\Darlene\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Darlene\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Darlene\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Darlene\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Darlene\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Darlene\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Darlene\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Darlene\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Darlene\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\Darlene\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Darlene\AppData\Local\Temp\oi_{C14659FA-5097-4F0D-840F-BBCB7088B742}.exe
C:\Users\Darlene\AppData\Local\Temp\oi_{DEB14F0D-5B55-409A-933F-5DF5C1FC33D6}.exe
C:\Users\Darlene\AppData\Local\Temp\SendMsg.dll
C:\Users\Darlene\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Darlene\AppData\Local\Temp\tbHot0.dll
C:\Users\Darlene\AppData\Local\Temp\tbVis0.dll
C:\Users\Darlene\AppData\Local\Temp\tbWhit.dll
C:\Users\Darlene\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Darlene\AppData\Local\Temp\VisualBeeSilent.exe

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-01 02:35
==================== End Of Log ============================


----------



## Cookiegal (Aug 27, 2003)

OK, thanks.

Please download ADWCleaner. Click on the *Download Now* button and save it to your desktop.

Close your browser and double-click on the AdwCleaner icon on your desktop to run the program.

Click on the *Scan* button. It may take several minutes to complete. When it is done click on the *Report* button and copy and paste the log here please.


----------



## ldarlene (Sep 6, 2008)

I forgot to close the browser first. Scan took less than a minute. Should I redo it? Here is the report.

# AdwCleaner v3.006 - Report created 02/10/2013 at 18:21:54
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Darlene - OURLAPTOP
# Running from : C:\Users\Darlene\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****

***** [ Files / Folders ] *****
File Found : C:\END
File Found : C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\Users\Darlene\AppData\Local\Temp\Uninstall.exe
File Found : C:\Windows\System32\roboot64.exe
File Found : C:\Windows\System32\Tasks\BitGuard
File Found : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
File Found : C:\Windows\Tasks\RegClean Pro_UPDATES.job
Folder Found : C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Folder Found : C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndppnjnhomgndlbebhccpbkfomncohhe
Folder Found C:\Program Files (x86)\Bible_Verser
Folder Found C:\Program Files (x86)\Delta
Folder Found C:\Program Files (x86)\Discount Buddy
Folder Found C:\Program Files (x86)\Discount Buddy 
Folder Found C:\Program Files (x86)\SafeSaver
Folder Found C:\Program Files (x86)\Searchprotect
Folder Found C:\Program Files (x86)\Swag_Bucks
Folder Found C:\Program Files (x86)\Swag_Bucks
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\BitGuard
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\DSearchLink
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\safe asave
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\safe asave
Folder Found C:\ProgramData\safe asave
Folder Found C:\ProgramData\StarApp
Folder Found C:\ProgramData\Trymedia
Folder Found C:\ProgramData\visualbee
Folder Found C:\Users\Darlene\AppData\Local\apn
Folder Found C:\Users\Darlene\AppData\Local\Discount Buddy
Folder Found C:\Users\Darlene\AppData\Local\Discount Buddy 
Folder Found C:\Users\Darlene\AppData\Local\PackageAware
Folder Found C:\Users\Darlene\AppData\Local\SwvUpdater
Folder Found C:\Users\Darlene\AppData\Local\Temp\AskSearch
Folder Found C:\Users\Darlene\AppData\Local\Temp\Smartbar
Folder Found C:\Users\Darlene\AppData\Local\visualbeeexe
Folder Found C:\Users\Darlene\AppData\LocalLow\Bible_Verser
Folder Found C:\Users\Darlene\AppData\LocalLow\Conduit
Folder Found C:\Users\Darlene\AppData\LocalLow\Hotspot_Shield
Folder Found C:\Users\Darlene\AppData\LocalLow\PriceGong
Folder Found C:\Users\Darlene\AppData\LocalLow\safe asave
Folder Found C:\Users\Darlene\AppData\LocalLow\Swag_Bucks
Folder Found C:\Users\Darlene\AppData\LocalLow\Swag_Bucks
Folder Found C:\Users\Darlene\AppData\Roaming\Delta
Folder Found C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Found C:\Users\Darlene\AppData\Roaming\Searchprotect
Folder Found C:\Users\Darlene\AppData\Roaming\Systweak
Folder Found C:\Users\Terry.OURLAPTOP\AppData\Local\Conduit
Folder Found C:\Users\Terry.OURLAPTOP\AppData\LocalLow\AVG Secure Search
Folder Found C:\Users\Terry.OURLAPTOP\AppData\LocalLow\Conduit
Folder Found C:\Users\Terry.OURLAPTOP\AppData\LocalLow\safe asave
Folder Found C:\Users\Terry.OURLAPTOP\AppData\LocalLow\Swag_Bucks
Folder Found C:\Users\Terry.OURLAPTOP\AppData\LocalLow\Swag_Bucks
Folder Found C:\Users\Terry.OURLAPTOP\AppData\Roaming\Searchprotect
***** [ Shortcuts ] *****
Shortcut Found : C:\Users\Darlene\Desktop\Search.lnk ( -url hxxp://www2.delta-search.com/?babsrc=DT_ss&mntrId=040706273718517A&affID=119357&tt=160913_c1&tsp=5012 -wbr 1 )
***** [ Registry ] *****
Key Found : HKCU\Software\5b2dedeb034bf12
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Bible_Verser
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Hotspot_Shield
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\smartbar
Key Found : HKCU\Software\AppDataLow\Software\Swag_Bucks
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{57E11D25-85F5-47E0-B044-CD2580FBAC32}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1C0A99CC-D737-4CFC-B312-5D652D480237}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57E11D25-85F5-47E0-B044-CD2580FBAC32}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{85675E8E-5807-456E-8005-29ECDFB5AA98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\visualbee
Key Found : [x64] HKCU\Software\APN
Key Found : [x64] HKCU\Software\Ask.com
Key Found : [x64] HKCU\Software\BabSolution
Key Found : [x64] HKCU\Software\Delta
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\SearchProtect
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\visualbee
Key Found : HKLM\SOFTWARE\5b2dedeb034bf12
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\Software\Bible_Verser
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C0A99CC-D737-4CFC-B312-5D652D480237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57E11D25-85F5-47E0-B044-CD2580FBAC32}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{85675E8E-5807-456E-8005-29ECDFB5AA98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2260173
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3084223
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3138103
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3287802
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Delta
Key Found : HKLM\Software\Discount Buddy
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{14107C2D-9DC9-420D-B9FA-B4284538EF32}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6BF0F77A-91CA-451A-8DF4-E9010C598934}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AEB40427-32A7-47B9-AC15-0B48522E2994}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F292E3F6-2E5A-4BB8-9081-A3762320D9CC}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_efficient-diary_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_efficient-diary_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_my-digital-diary_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_my-digital-diary_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57E11D25-85F5-47E0-B044-CD2580FBAC32}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1C0A99CC-D737-4CFC-B312-5D652D480237}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{85675E8E-5807-456E-8005-29ECDFB5AA98}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bible_Verser Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f5d3e0aa
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Swag_Bucks Toolbar
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKLM\Software\Swag_Bucks
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\visualbee
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{57E11D25-85F5-47E0-B044-CD2580FBAC32}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{57E11D25-85F5-47E0-B044-CD2580FBAC32}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{57E11D25-85F5-47E0-B044-CD2580FBAC32}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57E11D25-85F5-47E0-B044-CD2580FBAC32}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16457

-\\ Google Chrome v24.0.1312.52
[ File : C:\Users\Terry.OURLAPTOP\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found : homepage
Found : icon_url
Found : search_url
Found : keyword
Found : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [20119 octets] - [02/10/2013 18:21:54]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [20180 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

No, it's fine. I'll move this to the Virus & Other Malware forum.

You can go ahead and run AdwCleaner again and this time select the "Clean" option and post the resulting log please.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> No, it's fine. I'll move this to the Virus & Other Malware forum.
> 
> You can go ahead and run AdwCleaner again and this time select the "Clean" option and post the resulting log please.


So it is safe to let it remove everything it wants to remove?


----------



## Cookiegal (Aug 27, 2003)

Do you see something there that you want to keep?


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Do you see something there that you want to keep?


 I have no idea. I just get nervous when deleting stuff in the registry. Is there anything there that needs to stay in registry?


----------



## Cookiegal (Aug 27, 2003)

The tool has detected them all as malware. You can go ahead and delete them.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> The tool has detected them all as malware. You can go ahead and delete them.


 ok. Thanks


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> The tool has detected them all as malware. You can go ahead and delete them.


# AdwCleaner v3.006 - Report created 02/10/2013 at 19:32:41
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Darlene - OURLAPTOP
# Running from : C:\Users\Darlene\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\visualbee
Folder Deleted : C:\ProgramData\safe asave
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\safe asave
Folder Deleted : C:\Program Files (x86)\Delta
Folder Deleted : C:\Program Files (x86)\Discount Buddy 
Folder Deleted : C:\Program Files (x86)\SafeSaver
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Program Files (x86)\Swag_Bucks
Folder Deleted : C:\Program Files (x86)\Bible_Verser
Folder Deleted : C:\Users\Terry.OURLAPTOP\AppData\Local\Conduit
Folder Deleted : C:\Users\Terry.OURLAPTOP\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Terry.OURLAPTOP\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Terry.OURLAPTOP\AppData\LocalLow\Swag_Bucks
Folder Deleted : C:\Users\Terry.OURLAPTOP\AppData\LocalLow\safe asave
Folder Deleted : C:\Users\Terry.OURLAPTOP\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\Darlene\AppData\Local\apn
Folder Deleted : C:\Users\Darlene\AppData\Local\Discount Buddy 
Folder Deleted : C:\Users\Darlene\AppData\Local\PackageAware
Folder Deleted : C:\Users\Darlene\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Darlene\AppData\Local\visualbeeexe
Folder Deleted : C:\Users\Darlene\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Darlene\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\Darlene\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Darlene\AppData\LocalLow\Hotspot_Shield
Folder Deleted : C:\Users\Darlene\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Darlene\AppData\LocalLow\Swag_Bucks
Folder Deleted : C:\Users\Darlene\AppData\LocalLow\safe asave
Folder Deleted : C:\Users\Darlene\AppData\LocalLow\Bible_Verser
Folder Deleted : C:\Users\Darlene\AppData\Roaming\Delta
Folder Deleted : C:\Users\Darlene\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\Darlene\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Deleted : C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Folder Deleted : C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndppnjnhomgndlbebhccpbkfomncohhe
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Darlene\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\BitGuard
File Deleted : C:\Windows\Tasks\RegClean Pro_UPDATES.job
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\Users\Darlene\Desktop\Search.lnk
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f5d3e0aa
Key Deleted : HKCU\Software\5b2dedeb034bf12
Key Deleted : HKLM\SOFTWARE\5b2dedeb034bf12
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2260173
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3084223
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3138103
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287802
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_efficient-diary_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_efficient-diary_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_my-digital-diary_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_my-digital-diary_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57E11D25-85F5-47E0-B044-CD2580FBAC32}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C0A99CC-D737-4CFC-B312-5D652D480237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85675E8E-5807-456E-8005-29ECDFB5AA98}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57E11D25-85F5-47E0-B044-CD2580FBAC32}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57E11D25-85F5-47E0-B044-CD2580FBAC32}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1C0A99CC-D737-4CFC-B312-5D652D480237}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{85675E8E-5807-456E-8005-29ECDFB5AA98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{57E11D25-85F5-47E0-B044-CD2580FBAC32}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1C0A99CC-D737-4CFC-B312-5D652D480237}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{85675E8E-5807-456E-8005-29ECDFB5AA98}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F292E3F6-2E5A-4BB8-9081-A3762320D9CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{14107C2D-9DC9-420D-B9FA-B4284538EF32}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AEB40427-32A7-47B9-AC15-0B48522E2994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6BF0F77A-91CA-451A-8DF4-E9010C598934}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{57E11D25-85F5-47E0-B044-CD2580FBAC32}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{57E11D25-85F5-47E0-B044-CD2580FBAC32}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{57E11D25-85F5-47E0-B044-CD2580FBAC32}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57E11D25-85F5-47E0-B044-CD2580FBAC32}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Hotspot_Shield
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\Bible_Verser
Key Deleted : HKCU\Software\AppDataLow\Software\Swag_Bucks
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\Discount Buddy
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKLM\Software\Bible_Verser
Key Deleted : HKLM\Software\Swag_Bucks
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bible_Verser Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Swag_Bucks Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16457

-\\ Google Chrome v24.0.1312.52
[ File : C:\Users\Terry.OURLAPTOP\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [20409 octets] - [02/10/2013 18:21:54]
AdwCleaner[R1].txt - [20470 octets] - [02/10/2013 18:38:43]
AdwCleaner[S0].txt - [18977 octets] - [02/10/2013 19:32:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19038 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

Sorry. I didn't receive an email notification of your reply.

Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

You will also need to disable all of your security programs so they don't interfere with ComboFix. Please visit the following link for more information on how to disable them:

http://www.bleepingcomputer.com/forums/topic114351.html

Be sure to remember to re-enable them right after the scan.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Sorry. I didn't receive an email notification of your reply.
> 
> Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.
> 
> ...


First chance I have had to get back to this.
I had the free version of Malwarebytes that cannot be disabled so I uninstalled it. I am not sure if I have more malware programs. Do you know an easy way to find out? Also, we installed a lot of things yesterday. Are any of them a problem? Do they need to be disabled?


----------



## Cookiegal (Aug 27, 2003)

There was no need to uninstall MalwareBytes as the free version has no real-time component.

Nothing I've had you install needs to be disabled because none of them run unless you click on them.

You need to disable Avast.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> There was no need to uninstall MalwareBytes as the free version has no real-time component.
> 
> Nothing I've had you install needs to be disabled because none of them run unless you click on them.
> 
> You need to disable Avast.


Just to update you on where I am in the process.
I am working on a second computer... much easier for following directions.
Avast and windows firewall disabled 'till computer is rebooted'

successful download. I did click on 'save' but was not given an option of where to save it... the download started and then opened (after the warnings) Scan started without me having to click on anything.
So I have not been able to rename it.
completed stage 5 right now.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> There was no need to uninstall MalwareBytes as the free version has no real-time component.
> 
> Nothing I've had you install needs to be disabled because none of them run unless you click on them.
> 
> You need to disable Avast.


here are the results

ComboFix 13-10-03.03 - Darlene 03/10/2013 19:44:01.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3767.2377 [GMT -4:00]
Running from: c:\users\Darlene\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Desktop\Install
c:\program files (x86)\Google\Desktop\Install\{e8a5b007-eb4a-d0b4-5a63-cb2c938ea855}\9519~1\A535~1\E628~1\{e8a5b007-eb4a-d0b4-5a63-cb2c938ea855}\@
c:\program files (x86)\Google\Desktop\Install\{e8a5b007-eb4a-d0b4-5a63-cb2c938ea855}\9519~1\A535~1\E628~1\{e8a5b007-eb4a-d0b4-5a63-cb2c938ea855}\L\[email protected]
c:\program files (x86)\Google\Desktop\Install\{e8a5b007-eb4a-d0b4-5a63-cb2c938ea855}\9519~1\A535~1\E628~1\{e8a5b007-eb4a-d0b4-5a63-cb2c938ea855}\L\201d3dde
c:\program files (x86)\Google\Desktop\Install\{e8a5b007-eb4a-d0b4-5a63-cb2c938ea855}\9519~1\A535~1\E628~1\{e8a5b007-eb4a-d0b4-5a63-cb2c938ea855}\L\6715e287
c:\program files (x86)\Google\Desktop\Install\{e8a5b007-eb4a-d0b4-5a63-cb2c938ea855}\9519~1\A535~1\E628~1\{e8a5b007-eb4a-d0b4-5a63-cb2c938ea855}\L\76603ac3
c:\program files (x86)\Google\Desktop\Install\{e8a5b007-eb4a-d0b4-5a63-cb2c938ea855}\9519~1\A535~1\E628~1\{e8a5b007-eb4a-d0b4-5a63-cb2c938ea855}\U\[email protected]
c:\program files (x86)\Google\Desktop\Install\{e8a5b007-eb4a-d0b4-5a63-cb2c938ea855}\9519~1\A535~1\E628~1\{e8a5b007-eb4a-d0b4-5a63-cb2c938ea855}\U\[email protected]
c:\program files (x86)\Google\Desktop\Install\{e8a5b007-eb4a-d0b4-5a63-cb2c938ea855}\9519~1\A535~1\E628~1\{e8a5b007-eb4a-d0b4-5a63-cb2c938ea855}\U\[email protected]
c:\users\Darlene\AppData\Local\{A2469758-191A-4191-8F5E-0E036355BFEB}
c:\users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Darlene\AppData\Roaming\Isfixo
c:\users\Darlene\AppData\Roaming\Isfixo\evdi.vas
c:\users\Terry.OURLAPTOP\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\windows\PFRO.log
c:\windows\SysWow64\X86
c:\windows\tmp
c:\windows\tmp\dd_vcredistMSI03EB.txt
c:\windows\tmp\dd_vcredistUI03EB.txt
.
.
((((((((((((((((((((((((( Files Created from 2013-09-03 to 2013-10-03 )))))))))))))))))))))))))))))))
.
.
2013-10-03 23:56 . 2013-10-03 23:56 -------- d-----w- c:\users\Terry.OURLAPTOP\AppData\Local\temp
2013-10-03 23:56 . 2013-10-03 23:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-03 23:56 . 2013-10-03 23:56 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-10-02 22:21 . 2013-10-03 02:00 -------- d-----w- C:\AdwCleaner
2013-10-02 19:35 . 2013-10-02 19:35 -------- d-----w- C:\FRST
2013-10-01 19:45 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BCDD523-ED03-4FD8-B246-7C59CAB3E92C}\mpengine.dll
2013-10-01 19:33 . 2013-10-01 19:45 -------- d-----w- c:\windows\system32\MRT
2013-10-01 08:37 . 2013-10-01 08:37 32512 ---ha-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-10-01 08:16 . 2013-10-01 08:36 -------- d-----w- c:\programdata\HitmanPro
2013-09-30 22:08 . 2013-08-30 07:48 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-09-30 22:08 . 2013-08-30 07:48 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-09-30 22:08 . 2013-08-30 07:48 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-09-30 22:08 . 2013-08-30 07:48 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-09-30 22:08 . 2013-08-30 07:48 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-09-30 22:08 . 2013-08-30 07:48 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-09-30 22:08 . 2013-08-30 07:48 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-09-30 22:08 . 2013-08-30 07:48 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-09-30 22:08 . 2013-08-30 07:47 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-09-30 22:07 . 2013-08-30 07:47 41664 ----a-w- c:\windows\avastSS.scr
2013-09-30 22:07 . 2013-09-30 22:07 -------- d-----w- c:\program files\AVAST Software
2013-09-30 22:06 . 2013-09-30 22:07 -------- d-----w- c:\programdata\AVAST Software
2013-09-30 02:55 . 2013-09-30 02:55 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2013-09-23 23:14 . 2013-09-23 23:14 -------- d-----w- C:\MATS
2013-09-23 13:40 . 2013-09-23 13:40 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-23 00:31 . 2013-09-23 00:31 -------- d-----w- c:\users\Darlene\AppData\Roaming\AVG2014
2013-09-23 00:30 . 2013-09-23 00:31 -------- d-----w- c:\programdata\AVG2014
2013-09-23 00:29 . 2013-09-23 00:29 -------- d-----w- c:\program files (x86)\AVG
2013-09-23 00:26 . 2013-09-23 01:06 -------- d-----w- c:\users\Darlene\AppData\Local\Avg2014
2013-09-22 09:41 . 2013-09-22 09:41 -------- d-----w- c:\users\Darlene\AppData\Local\avgchrome
2013-09-21 02:19 . 2013-09-21 02:19 -------- d-----w- c:\users\Darlene\AppData\Local\Mozilla
2013-09-21 02:18 . 2013-09-21 02:18 -------- d-----w- c:\users\Darlene\AppData\Roaming\UpdaterEX
2013-09-21 02:18 . 2013-09-21 02:18 -------- d--h--w- c:\windows\SysWow64\searchplugins
2013-09-21 02:18 . 2013-09-21 02:18 -------- d--h--w- c:\windows\SysWow64\Extensions
2013-09-08 20:28 . 2013-09-08 20:28 -------- d-----w- c:\programdata\TreeCardGames
2013-09-08 20:27 . 2013-09-08 20:27 -------- d-----w- c:\users\Darlene\AppData\Roaming\TreeCardGames
2013-09-08 20:27 . 2013-09-08 20:27 -------- d-----w- c:\program files (x86)\Free FreeCell Solitaire
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-19 19:56 . 2012-05-27 20:43 692616 ---ha-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-19 19:56 . 2011-10-13 15:29 71048 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-01 21:08 . 2012-05-18 19:16 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-07 08:22 . 2010-11-21 03:27 278800 ---h--w- c:\windows\system32\MpSigStub.exe
2013-08-01 20:06 . 2013-08-01 20:06 147768 ---ha-w- c:\windows\system32\drivers\avgdiska.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 zkxhczhf;zkxhczhf;c:\windows\system32\drivers\zkxhczhf.sys;c:\windows\SYSNATIVE\drivers\zkxhczhf.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AceecaUSBDx64;AceecaUSBDx64;c:\windows\system32\DRIVERS\AceecaUSBDx64.sys;c:\windows\SYSNATIVE\DRIVERS\AceecaUSBDx64.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R4 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R4 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R4 GsServer;GoodSync Server;c:\program files\Siber Systems\GoodSync\Gs-Server.exe;c:\program files\Siber Systems\GoodSync\Gs-Server.exe [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 19:56]
.
2013-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16 15:26]
.
2013-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16 15:26]
.
2013-10-03 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2013-02-07 15:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-EfficientDiaryPro - (no file)
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
Toolbar-Locked - (no file)
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
AddRemove-BFG-Found - A Hidden Object Adventure - Free to Play - c:\program files (x86)\Found - A Hidden Object Adventure - Free to Play\Uninstall.exe
AddRemove-BFG-Murder, She Wrote 2 - Return to Cabot Cove - c:\program files (x86)\Murder
AddRemove-Google Chrome - c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
AddRemove-{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1 - c:\program files (x86)\EZDownloader\unins000.exe
AddRemove-{FB941DEF-00ED-45B5-8A48-30CCAAE161D4} - c:\programdata\{83836EA5-F9B8-49CB-B09E-CE71E80BDBD6}\LCSETUP40.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-03 20:00:59
ComboFix-quarantined-files.txt 2013-10-04 00:00
.
Pre-Run: 218,652,286,976 bytes free
Post-Run: 221,012,557,824 bytes free
.
- - End Of File - - C7FA138CB277A365417ECB0262A937A3


----------



## ldarlene (Sep 6, 2008)

ldarlene said:


> Just to update you on where I am in the process.
> I am working on a second computer... much easier for following directions.
> Avast and windows firewall disabled 'till computer is rebooted'
> 
> ...


Will it make a difference that it did not run from the desktop and the file did not get re-named?


----------



## Cookiegal (Aug 27, 2003)

Yes, it needs to be on the desktop. Please move it there before proceeding as we will be using it for a fix later.

Download the ESET services repair tool, extract the file to your desktop.


Double-click *ServicesRepair.exe*,
If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
Once the tool has finished, you will be prompted to restart your computer. Click *Yes* to restart.
a log will be saved in the CCSupport folder the tool created on your desktop, please post the content in your next reply


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Yes, it needs to be on the desktop. Please move it there before proceeding as we will be using it for a fix later.
> 
> Download the ESET services repair tool, extract the file to your desktop.
> 
> ...


Here it is

Log Opened: 2013-10-04 @ 13:20:27
13:20:27 - -----------------
13:20:27 - | Begin Logging |
13:20:27 - -----------------
13:20:27 - Fix started on a WIN_7 X64 computer
13:20:27 - Prep in progress. Please Wait.
13:20:30 - Prep complete
13:20:30 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>
SetACL finished successfully.
13:20:34 - Services Repair Complete.
13:20:39 - Reboot Initiated


----------



## Cookiegal (Aug 27, 2003)

OK, that's good. You had a serious rootkit infection by the way along with many other bad things on the system.

I'd like you to run a new scan with ComboFix (after having moved it to the Desktop) and post the new log please.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> OK, that's good. You had a serious rootkit infection by the way along with many other bad things on the system.
> 
> I'd like you to run a new scan with ComboFix (after having moved it to the Desktop) and post the new log please.


Forgot to turn off avast first time and scan was stopped. Turned off avast and started again. Here is the report.

ComboFix 13-10-04.02 - Darlene 04/10/2013 14:13:33.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3767.2545 [GMT -4:00]
Running from: c:\users\Darlene\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-09-04 to 2013-10-04 )))))))))))))))))))))))))))))))
.
.
2013-10-04 18:25 . 2013-10-04 18:25 -------- d-----w- c:\users\Terry.OURLAPTOP\AppData\Local\temp
2013-10-04 18:25 . 2013-10-04 18:25 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-10-04 18:25 . 2013-10-04 18:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-04 03:03 . 2013-10-04 03:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-04 03:03 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-02 22:21 . 2013-10-03 02:00 -------- d-----w- C:\AdwCleaner
2013-10-02 19:35 . 2013-10-02 19:35 -------- d-----w- C:\FRST
2013-10-01 19:45 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BCDD523-ED03-4FD8-B246-7C59CAB3E92C}\mpengine.dll
2013-10-01 19:33 . 2013-10-01 19:45 -------- d-----w- c:\windows\system32\MRT
2013-10-01 08:37 . 2013-10-01 08:37 32512 ---ha-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-10-01 08:16 . 2013-10-01 08:36 -------- d-----w- c:\programdata\HitmanPro
2013-09-30 22:08 . 2013-08-30 07:48 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-09-30 22:08 . 2013-08-30 07:48 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-09-30 22:08 . 2013-08-30 07:48 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-09-30 22:08 . 2013-08-30 07:48 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-09-30 22:08 . 2013-08-30 07:48 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-09-30 22:08 . 2013-08-30 07:48 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-09-30 22:08 . 2013-08-30 07:48 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-09-30 22:08 . 2013-08-30 07:48 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-09-30 22:08 . 2013-08-30 07:47 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-09-30 22:07 . 2013-08-30 07:47 41664 ----a-w- c:\windows\avastSS.scr
2013-09-30 22:07 . 2013-09-30 22:07 -------- d-----w- c:\program files\AVAST Software
2013-09-30 22:06 . 2013-09-30 22:07 -------- d-----w- c:\programdata\AVAST Software
2013-09-30 02:55 . 2013-09-30 02:55 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2013-09-23 23:14 . 2013-09-23 23:14 -------- d-----w- C:\MATS
2013-09-23 13:40 . 2013-09-23 13:40 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-23 00:31 . 2013-09-23 00:31 -------- d-----w- c:\users\Darlene\AppData\Roaming\AVG2014
2013-09-23 00:30 . 2013-09-23 00:31 -------- d-----w- c:\programdata\AVG2014
2013-09-23 00:29 . 2013-09-23 00:29 -------- d-----w- c:\program files (x86)\AVG
2013-09-23 00:26 . 2013-09-23 01:06 -------- d-----w- c:\users\Darlene\AppData\Local\Avg2014
2013-09-22 09:41 . 2013-09-22 09:41 -------- d-----w- c:\users\Darlene\AppData\Local\avgchrome
2013-09-21 02:19 . 2013-09-21 02:19 -------- d-----w- c:\users\Darlene\AppData\Local\Mozilla
2013-09-21 02:18 . 2013-09-21 02:18 -------- d-----w- c:\users\Darlene\AppData\Roaming\UpdaterEX
2013-09-21 02:18 . 2013-09-21 02:18 -------- d--h--w- c:\windows\SysWow64\searchplugins
2013-09-21 02:18 . 2013-09-21 02:18 -------- d--h--w- c:\windows\SysWow64\Extensions
2013-09-08 20:28 . 2013-09-08 20:28 -------- d-----w- c:\programdata\TreeCardGames
2013-09-08 20:27 . 2013-09-08 20:27 -------- d-----w- c:\users\Darlene\AppData\Roaming\TreeCardGames
2013-09-08 20:27 . 2013-09-08 20:27 -------- d-----w- c:\program files (x86)\Free FreeCell Solitaire
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-19 19:56 . 2012-05-27 20:43 692616 ---ha-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-19 19:56 . 2011-10-13 15:29 71048 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-01 21:08 . 2012-05-18 19:16 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-07 08:22 . 2010-11-21 03:27 278800 ---h--w- c:\windows\system32\MpSigStub.exe
2013-08-01 20:06 . 2013-08-01 20:06 147768 ---ha-w- c:\windows\system32\drivers\avgdiska.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 zkxhczhf;zkxhczhf;c:\windows\system32\drivers\zkxhczhf.sys;c:\windows\SYSNATIVE\drivers\zkxhczhf.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AceecaUSBDx64;AceecaUSBDx64;c:\windows\system32\DRIVERS\AceecaUSBDx64.sys;c:\windows\SYSNATIVE\DRIVERS\AceecaUSBDx64.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R4 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R4 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R4 GsServer;GoodSync Server;c:\program files\Siber Systems\GoodSync\Gs-Server.exe;c:\program files\Siber Systems\GoodSync\Gs-Server.exe [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 19:56]
.
2013-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16 15:26]
.
2013-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16 15:26]
.
2013-10-04 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2013-02-07 15:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-BFG-Found - A Hidden Object Adventure - Free to Play - c:\program files (x86)\Found - A Hidden Object Adventure - Free to Play\Uninstall.exe
AddRemove-BFG-Murder, She Wrote 2 - Return to Cabot Cove - c:\program files (x86)\Murder
AddRemove-Google Chrome - c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
AddRemove-{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1 - c:\program files (x86)\EZDownloader\unins000.exe
AddRemove-{FB941DEF-00ED-45B5-8A48-30CCAAE161D4} - c:\programdata\{83836EA5-F9B8-49CB-B09E-CE71E80BDBD6}\LCSETUP40.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-04 14:29:17
ComboFix-quarantined-files.txt 2013-10-04 18:29
ComboFix2.txt 2013-10-04 00:01
.
Pre-Run: 221,941,026,816 bytes free
Post-Run: 221,914,292,224 bytes free
.
- - End Of File - - 4E170DA9037584A7AAD2D6BC9AA4D48B


----------



## Cookiegal (Aug 27, 2003)

You didn't move ComboFix to the desktop.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> You didn't move ComboFix to the desktop.


I searched for combofix, did a right click and highlighted 'send to desktop'
The icon I clicked on is on the desktop.. guess that is just the shortcut
looked up the location. It is in downloads. How do I move it to the desktop?


----------



## Cookiegal (Aug 27, 2003)

Yes, you would have just created a shortcut. Please delete the shortcut so as to avoid confusion.

What browser are you using?


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Yes, you would have just created a shortcut. Please delete the shortcut so as to avoid confusion.
> 
> What browser are you using?


Internet explorer


----------



## Cookiegal (Aug 27, 2003)

When you save a file with IE you use "save as" and then you can direct it to go anywhere you want.

For now, go to your downloads folder and reduce the size of that window so you can see the desktop behind it then just drag and drop the ComboFix.exe file onto your desktop. Then run a new scan and post the log please.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> When you save a file with IE you use "save as" and then you can direct it to go anywhere you want.
> 
> For now, go to your downloads folder and reduce the size of that window so you can see the desktop behind it then just drag and drop the ComboFix.exe file onto your desktop. Then run a new scan and post the log please.


I dragged icon to desktop. However, it is labeled on the desktop as "ComboFix shortcut" so I am thinking that I have not moved the program but just created a shortcut again.

Should I just be uninstalling it and try to download to desktop again?


----------



## Cookiegal (Aug 27, 2003)

You can delete it by sending it to the Recycle Bin and then redownload it and be sure to save it to the desktop.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> You can delete it by sending it to the Recycle Bin and then redownload it and be sure to save it to the desktop.


Ended up not having to redownload. A copy and paste successfully moved it to desktop.
Here is the log.

ComboFix 13-10-04.02 - Darlene 04/10/2013 16:32:26.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3767.2418 [GMT -4:00]
Running from: c:\users\Darlene\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-09-04 to 2013-10-04 )))))))))))))))))))))))))))))))
.
.
2013-10-04 20:46 . 2013-10-04 20:46 -------- d-----w- c:\users\Terry.OURLAPTOP\AppData\Local\temp
2013-10-04 20:46 . 2013-10-04 20:46 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-10-04 20:46 . 2013-10-04 20:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-04 03:03 . 2013-10-04 03:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-04 03:03 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-02 22:21 . 2013-10-03 02:00 -------- d-----w- C:\AdwCleaner
2013-10-02 19:35 . 2013-10-02 19:35 -------- d-----w- C:\FRST
2013-10-01 19:45 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BCDD523-ED03-4FD8-B246-7C59CAB3E92C}\mpengine.dll
2013-10-01 19:33 . 2013-10-01 19:45 -------- d-----w- c:\windows\system32\MRT
2013-10-01 08:37 . 2013-10-01 08:37 32512 ---ha-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-10-01 08:16 . 2013-10-01 08:36 -------- d-----w- c:\programdata\HitmanPro
2013-09-30 22:08 . 2013-08-30 07:48 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-09-30 22:08 . 2013-08-30 07:48 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-09-30 22:08 . 2013-08-30 07:48 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-09-30 22:08 . 2013-08-30 07:48 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-09-30 22:08 . 2013-08-30 07:48 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-09-30 22:08 . 2013-08-30 07:48 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-09-30 22:08 . 2013-08-30 07:48 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-09-30 22:08 . 2013-08-30 07:48 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-09-30 22:08 . 2013-08-30 07:47 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-09-30 22:07 . 2013-08-30 07:47 41664 ----a-w- c:\windows\avastSS.scr
2013-09-30 22:07 . 2013-09-30 22:07 -------- d-----w- c:\program files\AVAST Software
2013-09-30 22:06 . 2013-09-30 22:07 -------- d-----w- c:\programdata\AVAST Software
2013-09-30 02:55 . 2013-09-30 02:55 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2013-09-23 23:14 . 2013-09-23 23:14 -------- d-----w- C:\MATS
2013-09-23 13:40 . 2013-09-23 13:40 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-23 00:31 . 2013-09-23 00:31 -------- d-----w- c:\users\Darlene\AppData\Roaming\AVG2014
2013-09-23 00:30 . 2013-09-23 00:31 -------- d-----w- c:\programdata\AVG2014
2013-09-23 00:29 . 2013-09-23 00:29 -------- d-----w- c:\program files (x86)\AVG
2013-09-23 00:26 . 2013-09-23 01:06 -------- d-----w- c:\users\Darlene\AppData\Local\Avg2014
2013-09-22 09:41 . 2013-09-22 09:41 -------- d-----w- c:\users\Darlene\AppData\Local\avgchrome
2013-09-21 02:19 . 2013-09-21 02:19 -------- d-----w- c:\users\Darlene\AppData\Local\Mozilla
2013-09-21 02:18 . 2013-09-21 02:18 -------- d-----w- c:\users\Darlene\AppData\Roaming\UpdaterEX
2013-09-21 02:18 . 2013-09-21 02:18 -------- d--h--w- c:\windows\SysWow64\searchplugins
2013-09-21 02:18 . 2013-09-21 02:18 -------- d--h--w- c:\windows\SysWow64\Extensions
2013-09-08 20:28 . 2013-09-08 20:28 -------- d-----w- c:\programdata\TreeCardGames
2013-09-08 20:27 . 2013-09-08 20:27 -------- d-----w- c:\users\Darlene\AppData\Roaming\TreeCardGames
2013-09-08 20:27 . 2013-09-08 20:27 -------- d-----w- c:\program files (x86)\Free FreeCell Solitaire
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-19 19:56 . 2012-05-27 20:43 692616 ---ha-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-19 19:56 . 2011-10-13 15:29 71048 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-01 21:08 . 2012-05-18 19:16 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-07 08:22 . 2010-11-21 03:27 278800 ---h--w- c:\windows\system32\MpSigStub.exe
2013-08-01 20:06 . 2013-08-01 20:06 147768 ---ha-w- c:\windows\system32\drivers\avgdiska.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 zkxhczhf;zkxhczhf;c:\windows\system32\drivers\zkxhczhf.sys;c:\windows\SYSNATIVE\drivers\zkxhczhf.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AceecaUSBDx64;AceecaUSBDx64;c:\windows\system32\DRIVERS\AceecaUSBDx64.sys;c:\windows\SYSNATIVE\DRIVERS\AceecaUSBDx64.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R4 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R4 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R4 GsServer;GoodSync Server;c:\program files\Siber Systems\GoodSync\Gs-Server.exe;c:\program files\Siber Systems\GoodSync\Gs-Server.exe [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 19:56]
.
2013-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16 15:26]
.
2013-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16 15:26]
.
2013-10-04 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2013-02-07 15:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-BFG-Found - A Hidden Object Adventure - Free to Play - c:\program files (x86)\Found - A Hidden Object Adventure - Free to Play\Uninstall.exe
AddRemove-BFG-Murder, She Wrote 2 - Return to Cabot Cove - c:\program files (x86)\Murder
AddRemove-Google Chrome - c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
AddRemove-{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1 - c:\program files (x86)\EZDownloader\unins000.exe
AddRemove-{FB941DEF-00ED-45B5-8A48-30CCAAE161D4} - c:\programdata\{83836EA5-F9B8-49CB-B09E-CE71E80BDBD6}\LCSETUP40.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-04 16:50:15
ComboFix-quarantined-files.txt 2013-10-04 20:50
ComboFix2.txt 2013-10-04 18:29
ComboFix3.txt 2013-10-04 00:01
.
Pre-Run: 221,564,821,504 bytes free
Post-Run: 221,520,138,240 bytes free
.
- - End Of File - - F9B6676E5029CF8833E3A15ABDD983EF

Have to run out, should be back in less than one hour.


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the code box below into it:


```
Folder::
c:\users\Darlene\AppData\Roaming\UpdaterEX
c:\windows\SysWow64\searchplugins
c:\windows\SysWow64\Extensions

Driver::
zkxhczhf
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe (or the renamed puppy.exe if you were asked to rename it).










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*


----------



## ldarlene (Sep 6, 2008)

Here is the log

ComboFix 13-10-04.02 - Darlene 04/10/2013 18:31:15.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3767.2544 [GMT -4:00]
Running from: c:\users\Darlene\Desktop\ComboFix.exe
Command switches used :: c:\users\Darlene\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Darlene\AppData\Roaming\UpdaterEX
c:\users\Darlene\AppData\Roaming\UpdaterEX\UpdateProc\config.dat
c:\users\Darlene\AppData\Roaming\UpdaterEX\UpdateProc\prod.dat
c:\users\Darlene\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe
c:\windows\SysWow64\Extensions
c:\windows\SysWow64\searchplugins
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_zkxhczhf
.
.
((((((((((((((((((((((((( Files Created from 2013-09-04 to 2013-10-04 )))))))))))))))))))))))))))))))
.
.
2013-10-04 22:44 . 2013-10-04 22:44 -------- d-----w- c:\users\Terry.OURLAPTOP\AppData\Local\temp
2013-10-04 22:44 . 2013-10-04 22:44 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-10-04 22:44 . 2013-10-04 22:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-04 03:03 . 2013-10-04 03:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-04 03:03 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-02 22:21 . 2013-10-03 02:00 -------- d-----w- C:\AdwCleaner
2013-10-02 19:35 . 2013-10-02 19:35 -------- d-----w- C:\FRST
2013-10-01 19:45 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BCDD523-ED03-4FD8-B246-7C59CAB3E92C}\mpengine.dll
2013-10-01 19:33 . 2013-10-01 19:45 -------- d-----w- c:\windows\system32\MRT
2013-10-01 08:37 . 2013-10-01 08:37 32512 ---ha-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-10-01 08:16 . 2013-10-01 08:36 -------- d-----w- c:\programdata\HitmanPro
2013-09-30 22:08 . 2013-08-30 07:48 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-09-30 22:08 . 2013-08-30 07:48 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-09-30 22:08 . 2013-08-30 07:48 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-09-30 22:08 . 2013-08-30 07:48 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-09-30 22:08 . 2013-08-30 07:48 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-09-30 22:08 . 2013-08-30 07:48 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-09-30 22:08 . 2013-08-30 07:48 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-09-30 22:08 . 2013-08-30 07:48 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-09-30 22:08 . 2013-08-30 07:47 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-09-30 22:07 . 2013-08-30 07:47 41664 ----a-w- c:\windows\avastSS.scr
2013-09-30 22:07 . 2013-09-30 22:07 -------- d-----w- c:\program files\AVAST Software
2013-09-30 22:06 . 2013-09-30 22:07 -------- d-----w- c:\programdata\AVAST Software
2013-09-30 02:55 . 2013-09-30 02:55 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2013-09-23 23:14 . 2013-09-23 23:14 -------- d-----w- C:\MATS
2013-09-23 13:40 . 2013-09-23 13:40 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-23 00:31 . 2013-09-23 00:31 -------- d-----w- c:\users\Darlene\AppData\Roaming\AVG2014
2013-09-23 00:30 . 2013-09-23 00:31 -------- d-----w- c:\programdata\AVG2014
2013-09-23 00:29 . 2013-09-23 00:29 -------- d-----w- c:\program files (x86)\AVG
2013-09-23 00:26 . 2013-09-23 01:06 -------- d-----w- c:\users\Darlene\AppData\Local\Avg2014
2013-09-22 09:41 . 2013-09-22 09:41 -------- d-----w- c:\users\Darlene\AppData\Local\avgchrome
2013-09-21 02:19 . 2013-09-21 02:19 -------- d-----w- c:\users\Darlene\AppData\Local\Mozilla
2013-09-08 20:28 . 2013-09-08 20:28 -------- d-----w- c:\programdata\TreeCardGames
2013-09-08 20:27 . 2013-09-08 20:27 -------- d-----w- c:\users\Darlene\AppData\Roaming\TreeCardGames
2013-09-08 20:27 . 2013-09-08 20:27 -------- d-----w- c:\program files (x86)\Free FreeCell Solitaire
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-19 19:56 . 2012-05-27 20:43 692616 ---ha-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-19 19:56 . 2011-10-13 15:29 71048 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-01 21:08 . 2012-05-18 19:16 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-07 08:22 . 2010-11-21 03:27 278800 ---h--w- c:\windows\system32\MpSigStub.exe
2013-08-01 20:06 . 2013-08-01 20:06 147768 ---ha-w- c:\windows\system32\drivers\avgdiska.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AceecaUSBDx64;AceecaUSBDx64;c:\windows\system32\DRIVERS\AceecaUSBDx64.sys;c:\windows\SYSNATIVE\DRIVERS\AceecaUSBDx64.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R4 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R4 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R4 GsServer;GoodSync Server;c:\program files\Siber Systems\GoodSync\Gs-Server.exe;c:\program files\Siber Systems\GoodSync\Gs-Server.exe [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 19:56]
.
2013-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16 15:26]
.
2013-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16 15:26]
.
2013-10-04 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2013-02-07 15:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-BFG-Found - A Hidden Object Adventure - Free to Play - c:\program files (x86)\Found - A Hidden Object Adventure - Free to Play\Uninstall.exe
AddRemove-BFG-Murder, She Wrote 2 - Return to Cabot Cove - c:\program files (x86)\Murder
AddRemove-Google Chrome - c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
AddRemove-{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1 - c:\program files (x86)\EZDownloader\unins000.exe
AddRemove-{FB941DEF-00ED-45B5-8A48-30CCAAE161D4} - c:\programdata\{83836EA5-F9B8-49CB-B09E-CE71E80BDBD6}\LCSETUP40.exe
AddRemove-UpdaterEX - c:\users\Darlene\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
.
**************************************************************************
.
Completion time: 2013-10-04 18:53:20 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-04 22:53
ComboFix2.txt 2013-10-04 20:50
ComboFix3.txt 2013-10-04 18:29
ComboFix4.txt 2013-10-04 00:01
.
Pre-Run: 221,710,430,208 bytes free
Post-Run: 221,490,278,400 bytes free
.
- - End Of File - - E5743F61CB438DBCFDC0CD976742011D


----------



## Cookiegal (Aug 27, 2003)

I've edited your post because you put your reply (the log) in the middle of the quote of my post which makes it harder for me to decipher. There's no need to quote my posts. You can just click on the Reply button when posting your logs.

Please download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> I've edited your post because you put your reply (the log) in the middle of the quote of my post which makes it harder for me to decipher. There's no need to quote my posts. You can just click on the Reply button when posting your logs.
> 
> Please download *OTL* to your Desktop.
> 
> ...


 not sure if something else is wrong with my computer but when I hit the 'reply' button it always quotes. I will try to be more careful to be sure I but my replies below the quote. ;-)

OTL logfile created on: 04/10/2013 7:13:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Darlene\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.68 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 69.98% Memory free
7.36 Gb Paging File | 6.08 Gb Available in Paging File | 82.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.99 Gb Total Space | 206.37 Gb Free Space | 73.18% Space Free | Partition Type: NTFS

Computer Name: OURLAPTOP | User Name: Darlene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/04 19:13:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darlene\Desktop\OTL.exe
PRC - [2013/08/30 03:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/06/25 09:57:44 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/24 22:03:44 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/08/24 22:03:42 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/24 22:03:42 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/08/24 22:03:42 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

========== Services (SafeList) ==========

SRV:*64bit:* - File not found [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:*64bit:* - File not found [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:*64bit:* - [2013/08/30 03:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:*64bit:* - [2013/04/02 13:34:04 | 005,802,128 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe -- (GsServer)
SRV:*64bit:* - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:*64bit:* - [2011/08/02 15:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:*64bit:* - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:*64bit:* - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:*64bit:* - [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\svchost.exe -- (RemoteAccess)
SRV - [2013/09/19 15:56:22 | 000,257,416 | -H-- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/30 11:31:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/06/21 16:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/05/29 22:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/04/23 21:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/02/11 08:49:44 | 000,346,704 | ---- | M] (Dritek System Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/13 21:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/07/01 00:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/07/01 00:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2013/10/01 04:37:45 | 000,032,512 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:*64bit:* - [2013/08/30 03:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:*64bit:* - [2013/08/30 03:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:*64bit:* - [2013/08/30 03:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:*64bit:* - [2013/08/30 03:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:*64bit:* - [2013/08/30 03:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:*64bit:* - [2013/08/30 03:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:*64bit:* - [2013/08/30 03:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:*64bit:* - [2013/08/30 03:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:*64bit:* - [2013/08/01 16:06:28 | 000,147,768 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:*64bit:* - [2013/04/24 15:28:08 | 000,042,184 | -H-- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:*64bit:* - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:*64bit:* - [2013/02/12 00:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:*64bit:* - [2013/01/20 16:59:04 | 000,130,008 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:*64bit:* - [2012/10/18 11:16:45 | 000,066,552 | -H-- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AceecaUSBDx64.sys -- (AceecaUSBDx64)
DRV:*64bit:* - [2012/08/21 14:01:20 | 000,033,240 | -H-- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/12/30 11:30:04 | 000,062,776 | -H-- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:*64bit:* - [2011/12/30 11:30:04 | 000,022,648 | -H-- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:*64bit:* - [2011/12/30 11:30:04 | 000,020,520 | -H-- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:*64bit:* - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:*64bit:* - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:*64bit:* - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:*64bit:* - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:*64bit:* - [2011/09/20 06:02:55 | 000,018,432 | -H-- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:*64bit:* - [2011/09/20 06:02:55 | 000,017,408 | -H-- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:*64bit:* - [2011/07/14 01:35:47 | 000,107,904 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/07/14 01:35:47 | 000,027,008 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/06/01 23:37:32 | 002,750,464 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:*64bit:* - [2011/03/25 06:17:48 | 012,262,336 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2011/02/08 23:29:10 | 000,077,424 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:*64bit:* - [2011/01/13 23:01:44 | 000,074,840 | -H-- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:*64bit:* - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/11/20 23:23:47 | 000,078,720 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 23:23:47 | 000,031,232 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:*64bit:* - [2010/10/14 13:28:16 | 000,317,440 | -H-- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:*64bit:* - [2010/10/08 06:32:28 | 001,395,248 | -H-- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:*64bit:* - [2010/09/13 21:24:26 | 000,437,272 | -H-- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2010/02/26 04:32:12 | 000,158,976 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:*64bit:* - [2009/09/17 00:54:54 | 000,056,344 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:*64bit:* - [2009/07/13 21:52:20 | 000,194,128 | -H-- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 21:48:04 | 000,065,600 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 21:45:55 | 000,024,656 | -H-- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 16:34:33 | 003,286,016 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 16:34:28 | 000,468,480 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 16:34:23 | 000,270,848 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 16:31:59 | 000,031,232 | -H-- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

[2013/09/20 22:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
CHR - Extension: No name found = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfjkmfhbimklfepkjmcpfajcojikheka\5.0.0.0_0\
CHR - Extension: No name found = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbgonfbgjdmlkjofohofdjnakkfppge\1.24.17_0\crossrider
CHR - Extension: No name found = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbgonfbgjdmlkjofohofdjnakkfppge\1.24.17_0\
CHR - Extension: No name found = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0\
CHR - Extension: No name found = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/10/04 18:46:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:*64bit:* - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:*64bit:* - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:*64bit:* - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:*64bit:* - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:*64bit:* - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:*64bit:* - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:*64bit:* - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:*64bit:* - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:*64bit:* - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:*64bit:* - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:*64bit:* - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:*64bit:* - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:*64bit:* - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:*64bit:* - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:*64bit:* - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:*64bit:* - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AD23420-A547-4F71-AE79-B6AAF56D6F28}: DhcpNameServer = 40.30.1.201 40.30.1.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56A6EB8E-6CA0-42AA-B514-267CD2671D8E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD5BD264-D58F-494F-9D14-BE0B8DD8C5FD}: DhcpNameServer = 192.168.42.129
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/04 19:13:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Darlene\Desktop\OTL.exe
[2013/10/04 18:46:38 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/10/04 18:44:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/10/04 16:20:54 | 005,130,782 | R--- | C] (Swearware) -- C:\Users\Darlene\Desktop\ComboFix.exe
[2013/10/04 13:20:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2013/10/04 09:04:37 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{A20C9DCA-35DC-4781-A814-01412BEF4193}
[2013/10/03 23:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/03 23:03:04 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/03 23:03:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/03 19:39:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/10/03 19:39:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/10/03 19:39:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/10/03 19:37:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/03 19:37:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/10/03 11:30:10 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{F365922D-D7D5-4FC5-9903-1400C5A5C88A}
[2013/10/03 09:32:53 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{27A62648-16D7-4A28-841D-E4D78D1ECFAE}
[2013/10/02 19:13:08 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{988C2A16-38AB-47CE-BD77-D953FF38BF9D}
[2013/10/02 19:07:19 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{979C5B6C-0300-4E8A-BC69-DA2DDB92550E}
[2013/10/02 18:30:51 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{0E0C863A-E543-4F55-974B-03668B06DC4E}
[2013/10/02 18:21:50 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/02 17:05:04 | 001,954,124 | ---- | C] (Farbar) -- C:\Users\Darlene\Desktop\FRST64.exe
[2013/10/02 15:35:31 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/02 15:31:30 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{DD316EC1-056E-4274-A73F-6AC7C7BA6A83}
[2013/10/02 14:32:32 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{6F40D9FB-A010-44D6-B119-EBDFD65614EC}
[2013/10/02 13:45:01 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{C986F4FA-C69E-4C68-8624-EB7885CE996B}
[2013/10/01 23:16:34 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{E2B9CC94-94E1-459A-8C1A-E6F2578ADE17}
[2013/10/01 23:00:12 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{62DA0E00-6736-462C-A486-971EB21F510A}
[2013/10/01 21:59:47 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{2B1C21E4-A921-48F0-BC51-5747D9356D02}
[2013/10/01 16:20:23 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/10/01 15:33:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/10/01 04:42:11 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{5B9A0F95-35D9-4CEF-9424-0ACF1D697A66}
[2013/10/01 04:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/10/01 03:54:29 | 000,000,000 | ---D | C] -- C:\Users\Darlene\Desktop\RK_Quarantine
[2013/10/01 00:01:25 | 000,000,000 | ---D | C] -- C:\Users\Darlene\Desktop\rkill
[2013/09/30 18:08:33 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/09/30 18:08:33 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/09/30 18:08:33 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/09/30 18:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/09/30 18:08:32 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/09/30 18:08:32 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/09/30 18:08:31 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/09/30 18:08:31 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/09/30 18:07:57 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/09/30 18:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/09/30 18:06:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/09/30 00:06:29 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{A91B8D18-CC74-4355-BBEB-4AA1713D71CA}
[2013/09/29 22:55:15 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013/09/29 21:51:17 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{49DE11D9-EB65-4303-8141-ADEFBFEB710C}
[2013/09/29 09:20:13 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{BBC27667-FEE7-4E5C-BAB2-E64C2C5EB140}
[2013/09/28 14:39:45 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{5135ADDB-1DA8-48D0-9BF8-0DA351B276B3}
[2013/09/28 10:11:52 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{79B7B415-7F45-4A03-B146-40D8129D7284}
[2013/09/27 22:01:26 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{CF9FDD06-14EA-4AE7-9098-2C4727F17C94}
[2013/09/27 20:09:30 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{89ED9516-69DF-43A0-9906-4AB89C6DBC96}
[2013/09/27 12:32:39 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{7A6A7889-C80C-45C7-99F1-C8D6CECDB945}
[2013/09/26 23:41:19 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{A0FDA72B-4D04-4526-A36A-0D81D298B2D0}
[2013/09/26 09:58:05 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{38E7A3CB-5CF6-4C66-8944-5CC4846BB467}
[2013/09/25 13:45:21 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{97411F6C-942C-4B58-8D17-F9DF80C87155}
[2013/09/25 11:42:42 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{83C79716-B343-4C1D-9CFF-20F4E4228BE6}
[2013/09/25 11:19:29 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{2EF1C98D-C360-45D5-A6C0-7FC347F3FF6A}
[2013/09/25 11:13:53 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{9B92A6A3-0C9F-4EBA-8207-7616853D3A2E}
[2013/09/25 09:35:44 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{92670ECE-BA85-4837-970F-02BDE508111E}
[2013/09/24 21:22:32 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{3CB7EA54-D739-452C-8203-0EAB739A81D4}
[2013/09/24 09:02:31 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{1ED39084-168C-4EC8-AC82-5B2EA74180FE}
[2013/09/23 19:14:17 | 000,000,000 | ---D | C] -- C:\MATS
[2013/09/23 10:40:03 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{4D6EDFD2-810C-4D35-890C-7F1FF2246477}
[2013/09/23 09:40:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2013/09/22 20:31:38 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\AVG2014
[2013/09/22 20:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/09/22 20:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/09/22 20:26:38 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\Avg2014
[2013/09/22 19:35:59 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{25829028-D7F9-4BB9-BF00-6B909DEA6F0F}
[2013/09/22 18:57:59 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{AD7B68B9-A772-46CF-901A-75B22046F921}
[2013/09/22 18:54:39 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{95CC7150-0354-44A8-836B-F0DA77D8FAEC}
[2013/09/22 05:41:26 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\avgchrome
[2013/09/21 21:01:33 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{0426E805-4232-409C-AF73-6FEEDCD81122}
[2013/09/21 14:47:41 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{012AD5D6-3786-4428-9206-A11820EEC469}
[2013/09/21 10:10:06 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{4140A045-E7AA-4CCC-94F3-F08AF8740337}
[2013/09/20 22:19:20 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\Mozilla
[2013/09/20 22:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/09/20 22:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/20 18:55:52 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{F470A923-84E5-4B31-A95D-7BD413980AB7}
[2013/09/20 15:38:56 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{3C8DC1C1-CCAE-4F15-92CC-11DE3B5B7FDC}
[2013/09/19 11:30:39 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{85071C38-DEF9-436F-886B-26920DD1241B}
[2013/09/18 06:10:46 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{88715AA9-1E7E-4A75-BC5A-8CA637DC84FC}
[2013/09/17 18:09:43 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{6B2BA670-CDB5-457A-B447-24F8B83948F6}
[2013/09/17 12:40:54 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{FCE585D4-824A-42B6-92C7-79BFF92493B9}
[2013/09/16 12:25:26 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{BD5E2EC9-B468-4B77-B572-ABCDFB244DBA}
[2013/09/15 17:50:30 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{69072D5C-1A5F-47FE-966F-4262066F668B}
[2013/09/15 00:27:04 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{ACD86EA0-D106-47D1-ADB6-6BFE91D9AFE6}
[2013/09/14 23:37:28 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{5884C53E-21E8-4D73-9E67-58A827A4A0B9}
[2013/09/14 10:11:56 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{9461CD23-637D-4F1F-A15D-9D9CC4F2244E}
[2013/09/14 08:52:52 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{AEBD61C0-6ED0-4403-BFDE-C415FA2115DB}
[2013/09/13 19:29:43 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{E2805083-C09D-4D30-BC5A-4AA0F9C25AC4}
[2013/09/13 18:39:21 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{9877C648-09D7-423B-A0EB-E8F46359E1CB}
[2013/09/13 00:55:14 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{8FD27D76-DA40-42D0-9069-E04884ADCBD4}
[2013/09/12 23:41:36 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{64CAED06-BC61-459C-9D6F-34209A4BBB00}
[2013/09/12 23:40:38 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{871132DB-6DBE-486E-832A-93AA2002A2A7}
[2013/09/12 23:12:34 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{95A64DFF-DA5A-4240-B0C5-78EF215AD5DB}
[2013/09/12 10:52:12 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{E1A3E8F2-9F6B-407E-9D7D-AB499984801D}
[2013/09/11 09:01:35 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{24A4B2A3-D1B0-4CE7-9701-49CCEDB61B58}
[2013/09/10 17:21:41 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{53937EC9-87F1-49A3-9474-7FFDD5B93360}
[2013/09/10 09:25:08 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{4743375F-37AA-41B2-B4B7-882F0BD479B1}
[2013/09/10 09:07:45 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{A80289C1-FE7E-4964-8E36-DC3D0B642229}
[2013/09/09 18:03:11 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{DDC5B70F-D2B0-4B33-931D-EA7E6B294B0F}
[2013/09/09 18:02:14 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{D9EB7331-8BA2-401E-B944-BAF422059FC0}
[2013/09/09 00:58:46 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{11B1BCA4-100F-4EA1-A2F6-CC60626BAECE}
[2013/09/09 00:50:29 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{59BA6E21-4E00-4C17-9E3B-72650A94DAE2}
[2013/09/08 16:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\TreeCardGames
[2013/09/08 16:27:28 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\TreeCardGames
[2013/09/08 16:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FreeCell Solitaire
[2013/09/08 10:55:00 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{4F54CC68-DC31-4D19-8CF9-CAE01A6FB9FB}
[2013/09/07 10:22:55 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{77605879-C14B-45B2-8B7B-FF9637F2F178}
[2013/09/06 11:22:54 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{09E6D503-F01A-4811-B019-9DA8CF81C633}
[2013/09/05 10:29:14 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{58E62AFD-DC4D-4DD8-9F07-C50CCA60006D}
[2013/09/05 09:53:16 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{7EDBAFE1-05D1-4B07-820C-78D69F85973B}
[2013/09/04 21:15:43 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{594FAE71-A3C5-4981-882E-39A98ED5140B}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/04 19:13:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darlene\Desktop\OTL.exe
[2013/10/04 18:56:00 | 000,000,830 | -H-- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/04 18:53:57 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/04 18:53:57 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/04 18:46:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/04 18:46:30 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2013/10/04 18:46:29 | 000,000,896 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/04 18:46:16 | 000,000,900 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/04 18:45:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/04 18:45:46 | 2962,341,888 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/04 18:24:12 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/10/04 14:07:08 | 005,130,782 | R--- | M] (Swearware) -- C:\Users\Darlene\Desktop\ComboFix.exe
[2013/10/04 13:20:02 | 004,009,167 | ---- | M] () -- C:\Users\Darlene\Desktop\ServicesRepair.exe
[2013/10/03 23:03:10 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/02 19:33:06 | 000,000,601 | ---- | M] () -- C:\Users\Darlene\Desktop\Search.lnk
[2013/10/02 18:21:44 | 001,045,226 | ---- | M] () -- C:\Users\Darlene\Desktop\AdwCleaner.exe
[2013/10/02 17:05:22 | 001,954,124 | ---- | M] (Farbar) -- C:\Users\Darlene\Desktop\FRST64.exe
[2013/10/01 21:03:35 | 000,803,792 | -H-- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/01 21:03:35 | 000,661,486 | -H-- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/01 21:03:35 | 000,127,770 | -H-- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/01 15:53:32 | 000,801,466 | -H-- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/01 14:20:08 | 000,003,094 | ---- | M] () -- C:\Users\Darlene\Documents\.reg
[2013/10/01 04:37:45 | 000,032,512 | -H-- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/10/01 04:36:47 | 000,011,118 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013/09/30 23:57:42 | 000,000,769 | ---- | M] () -- C:\Users\Darlene\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security.lnk
[2013/09/30 23:57:41 | 000,000,097 | ---- | M] () -- C:\Users\Darlene\AppData\Roaming\avbase.dat
[2013/09/30 23:08:50 | 000,002,186 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/09/30 18:08:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysWow64\config.nt
[2013/09/22 20:36:41 | 209,715,200 | ---- | M] () -- C:\Users\Darlene\Documents\Data Safe.avgfv
[2013/09/22 20:30:57 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/09/19 15:56:22 | 000,692,616 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/19 15:56:22 | 000,071,048 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/08 16:27:22 | 000,001,050 | ---- | M] () -- C:\Users\Darlene\Desktop\Free FreeCell Solitaire.lnk
[2013/09/08 16:27:22 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\Free FreeCell Solitaire.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/04 13:19:34 | 004,009,167 | ---- | C] () -- C:\Users\Darlene\Desktop\ServicesRepair.exe
[2013/10/03 23:03:10 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/03 19:39:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/03 19:39:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/03 19:39:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/03 19:39:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/03 19:39:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/02 18:21:21 | 001,045,226 | ---- | C] () -- C:\Users\Darlene\Desktop\AdwCleaner.exe
[2013/10/01 14:20:08 | 000,003,094 | ---- | C] () -- C:\Users\Darlene\Documents\.reg
[2013/10/01 04:37:45 | 000,032,512 | -H-- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/10/01 04:36:47 | 000,011,118 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013/09/30 23:57:42 | 000,000,769 | ---- | C] () -- C:\Users\Darlene\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security.lnk
[2013/09/30 23:57:40 | 000,000,097 | ---- | C] () -- C:\Users\Darlene\AppData\Roaming\avbase.dat
[2013/09/30 18:08:33 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/09/30 18:08:32 | 000,204,880 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/09/30 18:08:31 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/09/30 18:08:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysWow64\config.nt
[2013/09/22 20:36:41 | 209,715,200 | ---- | C] () -- C:\Users\Darlene\Documents\Data Safe.avgfv
[2013/09/22 20:30:57 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/09/20 22:18:15 | 000,000,601 | ---- | C] () -- C:\Users\Darlene\Desktop\Search.lnk
[2013/09/09 00:49:07 | 000,001,050 | ---- | C] () -- C:\Users\Darlene\Desktop\Free FreeCell Solitaire.lnk
[2013/09/08 16:27:22 | 000,001,050 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FreeCell Solitaire.lnk
[2013/09/08 16:27:22 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\Free FreeCell Solitaire.lnk
[2013/04/19 12:23:34 | 000,007,625 | ---- | C] () -- C:\Users\Darlene\AppData\Local\Resmon.ResmonCfg
[2012/12/16 19:51:13 | 000,000,209 | ---- | C] () -- C:\Windows\settings.ini
[2012/12/15 18:52:58 | 000,000,352 | ---- | C] () -- C:\Windows\hegames.ini
[2012/12/15 18:12:12 | 000,000,000 | ---- | C] () -- C:\Windows\PhantomOfVenice.INI
[2012/10/29 21:29:41 | 000,000,306 | ---- | C] () -- C:\Windows\NBREPORT.INI
[2012/10/18 23:39:13 | 000,000,125 | ---- | C] () -- C:\Windows\PDASETUP.INI
[2012/07/03 16:19:50 | 000,000,483 | ---- | C] () -- C:\Windows\NBMP.INI
[2012/06/26 16:06:09 | 000,000,149 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2012/06/23 13:58:19 | 000,000,100 | ---- | C] () -- C:\Windows\NBWP.INI
[2012/06/18 20:55:17 | 000,011,115 | ---- | C] () -- C:\Windows\wininit.ini
[2012/06/16 23:36:17 | 000,000,902 | ---- | C] () -- C:\Windows\NBEXER.INI
[2012/06/13 19:59:59 | 000,000,344 | ---- | C] () -- C:\Windows\NBANALYZ.INI
[2012/06/13 10:04:09 | 000,000,308 | ---- | C] () -- C:\Windows\NBTRACK.INI
[2012/06/12 10:31:03 | 000,001,315 | ---- | C] () -- C:\Windows\NBCLIENT.INI
[2012/06/12 10:27:25 | 000,005,630 | ---- | C] () -- C:\Windows\nb5plus.INI
[2012/05/18 00:09:00 | 000,000,017 | -H-- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/05/17 23:01:33 | 000,803,792 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/13 11:25:17 | 000,867,020 | -H-- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/10/13 11:25:17 | 000,105,428 | -H-- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/10/13 11:25:16 | 000,128,204 | -H-- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:A6881EE7
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:80FE037D
@Alternate Data Stream - 254 bytes -> C:\ProgramData\Temp:FF717A18
@Alternate Data Stream - 251 bytes -> C:\ProgramData\Temp:B504E4C2
@Alternate Data Stream - 247 bytes -> C:\ProgramData\Temp:5DB36C47
@Alternate Data Stream - 242 bytes -> C:\ProgramData\Temp:934CA750
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:8F6B75BF
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:120B3AFD
@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:3ADE134E
@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:FBA79096
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:73AFBB96
@Alternate Data Stream - 193 bytes -> C:\ProgramData\Temp:6B2FBF73
@Alternate Data Stream - 185 bytes -> C:\ProgramData\Temp:50DD4118
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:4B6A9FDA
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:195E8317
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:B3A5945E
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:9BB8C675
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:3C5ABDC7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:BF07EA98
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:8E11CC80
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:9338F136
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:89CF6F9C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:B4530133
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:EFBD4447
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:05F547A9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp8F9D810
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:B61767F5
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:27D1368B
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:8FC568E1
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TempE3ABE3D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:9FCF32A8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:32A82570
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0ADCCF52
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp055FC10
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:5511B474
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:2C678471
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E7B49FBF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E0A09032
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:9725F1BC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:3BC173E4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:14362DF8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:8DD20B4A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:88981452
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:38B32B54
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:E8BF029E
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:6AF67671
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:AFB24B00
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:12F3508C
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:3313A48D
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:1C88C8E5
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:9B285B76
< End of report >

OTL Extras logfile created on: 04/10/2013 7:13:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Darlene\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.68 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 69.98% Memory free
7.36 Gb Paging File | 6.08 Gb Available in Paging File | 82.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.99 Gb Total Space | 206.37 Gb Free Space | 73.18% Space Free | Partition Type: NTFS

Computer Name: OURLAPTOP | User Name: Darlene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{370E28C2-23CC-454E-B0E6-C7B0F5E3CB81}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{8626D884-F04D-4D04-BBDB-6609FBA728F7}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"TCP Query User{771047AF-047D-4113-AFB1-0593DABF1038}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{B2706AFC-B20B-46F3-9176-AD4B04DC08CA}C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"TCP Query User{F30C7EC5-8893-4E73-88C1-0E72A4ABED04}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{11205A38-0BB6-474A-830C-C658220CE743}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{3EF70470-66E4-401D-80B7-C3C0230C8E56}C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"UDP Query User{A430C7E5-8383-4608-B99D-852D4B6758CB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2C5927BD-3F65-4207-8FB5-8EDF638A3511}_is1" = SmartPCFixer 4.2
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0D1414C8-9B0B-4146-BD87-8163E9114F88}" = Quicken 2012
"{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1" = EZDownloader
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{118071AB-6572-4FAD-A1FD-67264C994350}" = e-Sword
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EE7343D-BBE3-4A8B-8E62-B81683BCAB8E}" = BE Downloadable Edition
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}" = Evernote v. 4.5.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C774C35-E0AF-72E1-136A-2BF666702268}" = Fooz Kids
"{4D8314D2-11FE-4397-A7CC-7015CFF50BCE}" = Palm Desktop
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB398DDB-0E7B-400B-A940-7E61FB91A531}" = Alcor Micro USB Card Reader
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.8) MUI
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 7.1
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FB941DEF-00ED-45B5-8A48-30CCAAE161D4}" = Living Cookbook 2013
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AI RoboForm" = RoboForm 7-8-9-5 (All Users)
"am-avenueflotm" = Avenue Flo(TM)
"am-avenueflotmspecialdelivery" = Avenue Flo(TM) - Special Delivery
"am-freddifishr5thecaseofthecreatureofcoralcove" = Freddi Fish(R) 5 The Case of The Creature of Coral Cove
"amg-jodiedrakeandtheworldinperil" = Jodie Drake and the World in Peril
"am-nancydrewrphantomofvenice" = Nancy Drew(R) - Phantom of Venice
"AmUStor" = Alcor Micro USB Card Reader
"avast" = avast! Free Antivirus
"BE Downloadable Edition" = BE Downloadable Edition
"BFG-1 Penguin 100 Cases" = 1 Penguin 100 Cases
"BFG-Agatha Christie - Dead Man's Folly" = Agatha Christie: Dead Man's Folly
"BFG-Amazing Adventures - The Lost Tomb" = Amazing Adventures: The Lost Tomb
"BFG-Antique Mysteries - Secrets of Howard's Mansion" = Antique Mysteries: Secrets of Howard's Mansion
"BFG-Arizona Rose and the Pirates' Riddles" = Arizona Rose and the Pirates' Riddles
"BFG-Avenue Flo" = Avenue Flo
"BFG-Avenue Flo - Special Delivery" = Avenue Flo: Special Delivery
"BFG-Big City Adventure - London Story" = Big City Adventure: London Story
"BFG-Brain Challenge" = Brain Challenge
"BFGC" = Big Fish Games: Game Manager
"BFG-Castle - Never Judge a Book by Its Cover" = Castle: Never Judge a Book by Its Cover
"BFG-City of Fools" = City of Fools
"BFG-City of Secrets" = City of Secrets
"BFG-Clutter II - He Said She Said" = Clutter II: He Said, She Said
"BFG-Crazy Machines" = Crazy Machines
"BFG-Cute Knight" = Cute Knight
"BFG-Detective Quest - The Crystal Slipper" = Detective Quest: The Crystal Slipper
"BFG-Dream Chronicles - The Book of Air" = Dream Chronicles: The Book of Air
"BFG-Emerald City Confidential" = Emerald City Confidential
"BFG-Escape the Emerald Star" = Escape the Emerald Star
"BFG-Escape the Museum" = Escape the Museum
"BFG-Fierce Tales - The Dog's Heart" = Fierce Tales: The Dog's Heart
"BFG-Fierce Tales - The Dog's Heart Collector's Edition" = Fierce Tales: The Dog's Heart Collector's Edition
"BFG-Final Cut - Death on the Silver Screen" = Final Cut: Death on the Silver Screen
"BFG-Forgotten Riddles - The Mayan Princess" = Forgotten Riddles - The Mayan Princess
"BFG-Found - A Hidden Object Adventure - Free to Play" = Found: A Hidden Object Adventure - Free to Play
"BFG-Inspector Parker" = Inspector Parker
"BFG-Journey - The Heart of Gaia" = Journey: The Heart of Gaia
"BFG-Kuros" = Kuros
"BFG-Legends of the Wild West - Golden Hill" = Legends of the Wild West: Golden Hill
"BFG-Murder She Wrote" = Murder, She Wrote
"BFG-Murder, She Wrote 2 - Return to Cabot Cove" = Murder, She Wrote 2: Return to Cabot Cove
"BFG-Mushroom Age" = Mushroom Age
"BFG-Mystery P.I. - The Curious Case of Counterfeit Cove" = Mystery P.I.: The Curious Case of Counterfeit Cove
"BFG-Mystery Trackers - Raincliff" = Mystery Trackers: Raincliff
"BFG-Nancy Drew - The Final Scene" = Nancy Drew: The Final Scene
"BFG-Puppetshow - Return to Joyville" = Puppetshow: Return to Joyville
"BFG-RealMYST" = RealMYST
"BFG-Royal Trouble" = Royal Trouble
"BFG-Strange Cases - The Secrets of Grey Mist Lake" = Strange Cases: The Secrets of Grey Mist Lake
"BFG-Syberia - Part 1" = Syberia - Part 1
"BFG-Tesla's Tower - The Wardenclyffe Mystery" = Tesla's Tower: The Wardenclyffe Mystery
"BFG-The Great Unknown - Houdini's Castle" = The Great Unknown: Houdini's Castle
"BFG-The Legend of Sleepy Hollow - Jar of Marbles III - Free to Play" = The Legend of Sleepy Hollow: Jar of Marbles III - Free to Play
"BFG-The Secret of Margrave Manor" = The Secret of Margrave Manor
"BFG-The Surprising Adventures of Munchausen" = The Surprising Adventures of Munchausen
"BFG-The Tiny Bang Story" = The Tiny Bang Story
"BFG-Triazzle Island" = Triazzle Island
"BFG-Unfinished Tales - Illicit Love" = Unfinished Tales: Illicit Love
"BFG-Vault Cracker" = Vault Cracker
"BFG-World of Goo" = World of Goo
"BFG-Zoo Vet 2 - Endangered Animals" = Zoo Vet 2: Endangered Animals
"Cook'n" = Cook'n
"Cook'n Recipe Browser" = Cook'n Recipe Browser
"Efficient Diary Pro_is1" = Efficient Diary Pro 3.0
"Everyday Jigsaw" = Everyday Jigsaw
"eXtreme Movie Manager 7_is1" = eXtreme Movie Manager 7.2.3.6 - Full Install!
"Files Opened" = Files Opened
"FoozKids" = Fooz Kids
"Free FreeCell Solitaire_is1" = Free FreeCell Solitaire 2012 v2.1
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"Kobo" = Kobo
"KraiSoft Games Launcher" = KraiSoft Games Launcher
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"My digital Diary" = My digital Diary 3.2b 
"NutriBase 5 Plus v.5.17 Uninstall" = NutriBase 5 Plus v.5.17
"NutriBase Palm" = NutriBase Palm
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Picasa 3" = Picasa 3
"SmartDraw 2014" = SmartDraw 2014
"SSC Service Utility_is1" = SSC Service Utility v4.30
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WTA-05dd85d7-e480-43e4-b0c9-ffd1c80dba05" = Polar Bowler
"WTA-0a22fb9c-2f13-4f4f-9b0f-e781479788cd" = Build-a-lot 4 - Power Source
"WTA-2459a356-fde8-47b8-92f7-b07e43913240" = Bejeweled 2 Deluxe
"WTA-27a96be9-dc0d-41bb-a652-03cdf2d06aa1" = Torchlight
"WTA-3af15a87-159a-44a5-bc7d-ce95df73728b" = Chronicles of Albian
"WTA-44518fa7-ec62-428c-a550-b5ed577e0acf" = Final Drive: Nitro
"WTA-48854e1c-d1fb-436e-8c91-22078f8c7961" = Agatha Christie - Death on the Nile
"WTA-53766960-24cd-4888-872a-5e56b720ed66" = Dora's World Adventure
"WTA-6eca25dc-9b8b-41e2-8af4-a74d149e463e" = Mystery of Mortlake Mansion
"WTA-73ba7507-e28c-49b8-86a1-c3989ea76da5" = Virtual Villagers 5 - New Believers
"WTA-8554ed51-3b68-492e-b596-73af78930e7c" = Jewel Match 3
"WTA-9160b757-1644-4fd9-9b5a-b67699a0d29c" = Penguins!
"WTA-97662c15-4c6f-4497-9f3d-cd30a2328883" = FATE: The Cursed King
"WTA-a54f5db7-51bf-47e4-ab4e-24b570f7696e" = Governor of Poker 2 Premium Edition
"WTA-aa77aad7-d227-40dc-86af-0c52d8ec0a88" = Polar Golfer
"WTA-acf866a9-d0dd-40b4-b1c0-78ab46c84e4b" = Chuzzle Deluxe
"WTA-d1765cd8-c911-46a5-9d63-a5a761a9f8d7" = Plants vs. Zombies - Game of the Year
"WTA-d7e13c16-1aa0-493c-ab2e-e34dbb5a7b4a" = Cradle of Rome 2
"WTA-ed56c021-644d-4639-bb0b-c8188c208027" = Zuma's Revenge

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 04/10/2013 4:27:12 PM | Computer Name = OurLaptop | Source = CVHSVC | ID = 100
Description = Information only. Too many failures while downloading ranges: 2

Error - 04/10/2013 4:27:42 PM | Computer Name = OurLaptop | Source = CVHSVC | ID = 100
Description = Information only. (Stream product id=0x0066): Streaming Failed

Error - 04/10/2013 4:35:26 PM | Computer Name = OurLaptop | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed:

Error - 04/10/2013 6:27:49 PM | Computer Name = OurLaptop | Source = WinMgmt | ID = 10
Description =

Error - 04/10/2013 6:28:35 PM | Computer Name = OurLaptop | Source = CVHSVC | ID = 100
Description = Information only. Too many failures while downloading ranges: 2

Error - 04/10/2013 6:29:05 PM | Computer Name = OurLaptop | Source = CVHSVC | ID = 100
Description = Information only. (Stream product id=0x0066): Streaming Failed

Error - 04/10/2013 6:36:41 PM | Computer Name = OurLaptop | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed:

Error - 04/10/2013 6:47:38 PM | Computer Name = OurLaptop | Source = WinMgmt | ID = 10
Description =

Error - 04/10/2013 6:49:11 PM | Computer Name = OurLaptop | Source = CVHSVC | ID = 100
Description = Information only. Too many failures while downloading ranges: 2

Error - 04/10/2013 6:49:47 PM | Computer Name = OurLaptop | Source = CVHSVC | ID = 100
Description = Information only. (Stream product id=0x0066): Streaming Failed

[ Media Center Events ]
Error - 11/11/2012 2:51:18 PM | Computer Name = OurLaptop | Source = MCUpdate | ID = 0
Description = 1:51:17 PM - Error connecting to the internet. 1:51:17 PM - Unable
to contact server..

Error - 25/11/2012 2:13:46 PM | Computer Name = OurLaptop | Source = MCUpdate | ID = 0
Description = 1:13:44 PM - Error connecting to the internet. 1:13:44 PM - Unable
to contact server..

Error - 05/12/2012 8:37:56 AM | Computer Name = OurLaptop | Source = MCUpdate | ID = 0
Description = 7:37:56 AM - Error connecting to the internet. 7:37:56 AM - Unable
to contact server..

Error - 05/12/2012 8:38:06 AM | Computer Name = OurLaptop | Source = MCUpdate | ID = 0
Description = 7:38:01 AM - Error connecting to the internet. 7:38:01 AM - Unable
to contact server..

Error - 17/12/2012 5:29:10 PM | Computer Name = OurLaptop | Source = MCUpdate | ID = 0
Description = 4:29:08 PM - Error connecting to the internet. 4:29:08 PM - Unable
to contact server..

Error - 21/12/2012 9:31:54 AM | Computer Name = OurLaptop | Source = MCUpdate | ID = 0
Description = 8:31:54 AM - Error connecting to the internet. 8:31:54 AM - Unable
to contact server..

Error - 21/12/2012 9:32:04 AM | Computer Name = OurLaptop | Source = MCUpdate | ID = 0
Description = 8:31:59 AM - Error connecting to the internet. 8:31:59 AM - Unable
to contact server..

Error - 30/12/2012 2:45:25 PM | Computer Name = OurLaptop | Source = MCUpdate | ID = 0
Description = 1:45:24 PM - Error connecting to the internet. 1:45:24 PM - Unable
to contact server..

Error - 01/01/2013 11:18:41 AM | Computer Name = OurLaptop | Source = MCUpdate | ID = 0
Description = 10:18:40 AM - Error connecting to the internet. 10:18:40 AM - Unable
to contact server..

Error - 01/01/2013 11:18:55 AM | Computer Name = OurLaptop | Source = MCUpdate | ID = 0
Description = 10:18:46 AM - Error connecting to the internet. 10:18:46 AM - Unable
to contact server..

[ System Events ]
Error - 04/10/2013 6:51:39 PM | Computer Name = OurLaptop | Source = Service Control Manager | ID = 7001
Description = The Server service depends on the Security Accounts Manager service
which failed to start because of the following error: %%1058

Error - 04/10/2013 6:51:39 PM | Computer Name = OurLaptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 04/10/2013 6:51:39 PM | Computer Name = OurLaptop | Source = Service Control Manager | ID = 7001
Description = The Server service depends on the Security Accounts Manager service
which failed to start because of the following error: %%1058

Error - 04/10/2013 6:51:39 PM | Computer Name = OurLaptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 04/10/2013 6:51:39 PM | Computer Name = OurLaptop | Source = Service Control Manager | ID = 7001
Description = The Server service depends on the Security Accounts Manager service
which failed to start because of the following error: %%1058

Error - 04/10/2013 6:51:39 PM | Computer Name = OurLaptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 04/10/2013 6:53:38 PM | Computer Name = OurLaptop | Source = Service Control Manager | ID = 7001
Description = The Server service depends on the Security Accounts Manager service
which failed to start because of the following error: %%1058

Error - 04/10/2013 6:53:38 PM | Computer Name = OurLaptop | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Listener service depends on the Server service which
failed to start because of the following error: %%1068

Error - 04/10/2013 6:53:38 PM | Computer Name = OurLaptop | Source = Service Control Manager | ID = 7001
Description = The Server service depends on the Security Accounts Manager service
which failed to start because of the following error: %%1058

Error - 04/10/2013 6:53:38 PM | Computer Name = OurLaptop | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Listener service depends on the Server service which
failed to start because of the following error: %%1068

< End of report >


----------



## ldarlene (Sep 6, 2008)

Got a message that I had new windows updates ready to install. Clicked on them....then clicked on install. Below is what was installed. but when I checked the logs this Update was installed three times. Still saying Most recent check for updates: 22/01/2013 at 9:31 a.m.
When I installed it I got the green windows update screen and message my computer was secure.

When I went back it was orange, saying i needed to check for updates. Clicked on it and got the message that windows could not check for updates automatically.

When I got the first message about updates being ready to install and I suddenly got the green Update status screen I thought the problem was solved. Guess it isn't yet.

Security Update for Windows 7 for x64-based Systems (KB2813170)
Download size: 23 KB
You may need to restart your computer for this update to take effect.
Update type: Important
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
More information: 
http://go.microsoft.com/fwlink/?LinkId=282388
Help and Support: 
http://support.microsoft.com


----------



## Cookiegal (Aug 27, 2003)

I see you're using Avast but also have some AVG folders and files. Did you uninstall AVG?


----------



## ldarlene (Sep 6, 2008)

Yes I did. No idea when but quite a while ago. After that I was using Microsoft security Essentials but then it stopped updating so I am pretty sure I uninstalled that. I started using avast.
I always use the uninstall function in windows when uninstalling.


----------



## Cookiegal (Aug 27, 2003)

Please go to the following link and scroll down to the Resolution section and under "Fix it For Me" click on the Fix it icon (no. 50535) which should remove the remnants of MSE:

http://support.microsoft.com/kb/2435760

Then reboot the machine.

Next, please run the AVG Remover tool:

http://www.avg.com/ca-en/utilities

The one you want is the second one on the list (AVG Remover(64bit) 2014). Save it to your desktop then run it.

Reboot the machine again.

After doing all of the above please run OTL again and post the log (you will only get one log this time).


----------



## ldarlene (Sep 6, 2008)

Here is the log.
just FYI... if I stop responding to your posts it is because I have to go to work around 1:30. I will check back when I get home around 10:30. (would much rather be sitting here getting my computer back in order... )

OTL logfile created on: 05/10/2013 10:55:48 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Darlene\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.68 Gb Total Physical Memory | 2.76 Gb Available Physical Memory | 75.09% Memory free
7.36 Gb Paging File | 6.40 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.99 Gb Total Space | 214.44 Gb Free Space | 76.05% Space Free | Partition Type: NTFS

Computer Name: OURLAPTOP | User Name: Darlene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/04 19:13:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darlene\Desktop\OTL.exe
PRC - [2013/08/30 03:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/30 03:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/24 22:03:44 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/08/24 22:03:42 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE

========== Modules (No Company Name) ==========

MOD - [2011/08/24 22:03:42 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/08/24 22:03:42 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

========== Services (SafeList) ==========

SRV:*64bit:* - File not found [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:*64bit:* - File not found [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:*64bit:* - [2013/08/30 03:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:*64bit:* - [2013/04/02 13:34:04 | 005,802,128 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe -- (GsServer)
SRV:*64bit:* - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:*64bit:* - [2011/08/02 15:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:*64bit:* - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:*64bit:* - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:*64bit:* - [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\svchost.exe -- (RemoteAccess)
SRV - [2013/09/19 15:56:22 | 000,257,416 | -H-- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/30 11:31:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/06/21 16:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/05/29 22:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/04/23 21:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/02/11 08:49:44 | 000,346,704 | ---- | M] (Dritek System Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/13 21:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/07/01 00:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/07/01 00:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2013/10/01 04:37:45 | 000,032,512 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:*64bit:* - [2013/08/30 03:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:*64bit:* - [2013/08/30 03:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:*64bit:* - [2013/08/30 03:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:*64bit:* - [2013/08/30 03:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:*64bit:* - [2013/08/30 03:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:*64bit:* - [2013/08/30 03:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:*64bit:* - [2013/08/30 03:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:*64bit:* - [2013/08/30 03:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:*64bit:* - [2013/04/24 15:28:08 | 000,042,184 | -H-- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:*64bit:* - [2013/02/12 00:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:*64bit:* - [2013/01/20 16:59:04 | 000,130,008 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:*64bit:* - [2012/10/18 11:16:45 | 000,066,552 | -H-- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AceecaUSBDx64.sys -- (AceecaUSBDx64)
DRV:*64bit:* - [2012/08/21 14:01:20 | 000,033,240 | -H-- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/12/30 11:30:04 | 000,062,776 | -H-- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:*64bit:* - [2011/12/30 11:30:04 | 000,022,648 | -H-- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:*64bit:* - [2011/12/30 11:30:04 | 000,020,520 | -H-- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:*64bit:* - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:*64bit:* - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:*64bit:* - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:*64bit:* - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:*64bit:* - [2011/09/20 06:02:55 | 000,018,432 | -H-- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:*64bit:* - [2011/09/20 06:02:55 | 000,017,408 | -H-- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:*64bit:* - [2011/07/14 01:35:47 | 000,107,904 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/07/14 01:35:47 | 000,027,008 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/06/01 23:37:32 | 002,750,464 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:*64bit:* - [2011/03/25 06:17:48 | 012,262,336 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2011/02/08 23:29:10 | 000,077,424 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:*64bit:* - [2011/01/13 23:01:44 | 000,074,840 | -H-- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:*64bit:* - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/11/20 23:23:47 | 000,078,720 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 23:23:47 | 000,031,232 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:*64bit:* - [2010/10/14 13:28:16 | 000,317,440 | -H-- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:*64bit:* - [2010/10/08 06:32:28 | 001,395,248 | -H-- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:*64bit:* - [2010/09/13 21:24:26 | 000,437,272 | -H-- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2010/02/26 04:32:12 | 000,158,976 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:*64bit:* - [2009/09/17 00:54:54 | 000,056,344 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:*64bit:* - [2009/07/13 21:52:20 | 000,194,128 | -H-- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 21:48:04 | 000,065,600 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 21:45:55 | 000,024,656 | -H-- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 16:34:33 | 003,286,016 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 16:34:28 | 000,468,480 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 16:34:23 | 000,270,848 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 16:31:59 | 000,031,232 | -H-- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

[2013/09/20 22:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Docs = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0\
CHR - Extension: Gmail = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/10/04 18:46:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:*64bit:* - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:*64bit:* - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:*64bit:* - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:*64bit:* - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:*64bit:* - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:*64bit:* - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:*64bit:* - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:*64bit:* - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:*64bit:* - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:*64bit:* - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:*64bit:* - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:*64bit:* - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:*64bit:* - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:*64bit:* - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:*64bit:* - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:*64bit:* - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AD23420-A547-4F71-AE79-B6AAF56D6F28}: DhcpNameServer = 40.30.1.201 40.30.1.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56A6EB8E-6CA0-42AA-B514-267CD2671D8E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD5BD264-D58F-494F-9D14-BE0B8DD8C5FD}: DhcpNameServer = 192.168.42.129
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/05 10:49:17 | 003,386,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Darlene\Desktop\avg_remover_stf_x64_2014_4116.exe
[2013/10/04 21:05:30 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{3AD1BEA0-4A9C-42B9-A707-8F1D6865D054}
[2013/10/04 19:13:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Darlene\Desktop\OTL.exe
[2013/10/04 18:46:38 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/10/04 18:44:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/10/04 16:20:54 | 005,130,782 | R--- | C] (Swearware) -- C:\Users\Darlene\Desktop\ComboFix.exe
[2013/10/04 13:20:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2013/10/04 09:04:37 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{A20C9DCA-35DC-4781-A814-01412BEF4193}
[2013/10/03 23:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/03 23:03:04 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/03 23:03:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/03 19:39:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/10/03 19:39:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/10/03 19:39:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/10/03 19:37:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/03 19:37:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/10/03 11:30:10 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{F365922D-D7D5-4FC5-9903-1400C5A5C88A}
[2013/10/03 09:32:53 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{27A62648-16D7-4A28-841D-E4D78D1ECFAE}
[2013/10/02 19:13:08 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{988C2A16-38AB-47CE-BD77-D953FF38BF9D}
[2013/10/02 19:07:19 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{979C5B6C-0300-4E8A-BC69-DA2DDB92550E}
[2013/10/02 18:30:51 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{0E0C863A-E543-4F55-974B-03668B06DC4E}
[2013/10/02 18:21:50 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/02 17:05:04 | 001,954,124 | ---- | C] (Farbar) -- C:\Users\Darlene\Desktop\FRST64.exe
[2013/10/02 15:35:31 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/02 15:31:30 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{DD316EC1-056E-4274-A73F-6AC7C7BA6A83}
[2013/10/02 14:32:32 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{6F40D9FB-A010-44D6-B119-EBDFD65614EC}
[2013/10/02 13:45:01 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{C986F4FA-C69E-4C68-8624-EB7885CE996B}
[2013/10/01 23:16:34 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{E2B9CC94-94E1-459A-8C1A-E6F2578ADE17}
[2013/10/01 23:00:12 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{62DA0E00-6736-462C-A486-971EB21F510A}
[2013/10/01 21:59:47 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{2B1C21E4-A921-48F0-BC51-5747D9356D02}
[2013/10/01 16:20:23 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/10/01 15:33:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/10/01 04:42:11 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{5B9A0F95-35D9-4CEF-9424-0ACF1D697A66}
[2013/10/01 04:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/10/01 03:54:29 | 000,000,000 | ---D | C] -- C:\Users\Darlene\Desktop\RK_Quarantine
[2013/10/01 00:01:25 | 000,000,000 | ---D | C] -- C:\Users\Darlene\Desktop\rkill
[2013/09/30 18:08:33 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/09/30 18:08:33 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/09/30 18:08:33 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/09/30 18:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/09/30 18:08:32 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/09/30 18:08:32 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/09/30 18:08:31 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/09/30 18:08:31 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/09/30 18:07:57 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/09/30 18:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/09/30 18:06:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/09/30 00:06:29 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{A91B8D18-CC74-4355-BBEB-4AA1713D71CA}
[2013/09/29 22:55:15 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013/09/29 21:51:17 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{49DE11D9-EB65-4303-8141-ADEFBFEB710C}
[2013/09/29 09:20:13 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{BBC27667-FEE7-4E5C-BAB2-E64C2C5EB140}
[2013/09/28 14:39:45 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{5135ADDB-1DA8-48D0-9BF8-0DA351B276B3}
[2013/09/28 10:11:52 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{79B7B415-7F45-4A03-B146-40D8129D7284}
[2013/09/27 22:01:26 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{CF9FDD06-14EA-4AE7-9098-2C4727F17C94}
[2013/09/27 20:09:30 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{89ED9516-69DF-43A0-9906-4AB89C6DBC96}
[2013/09/27 12:32:39 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{7A6A7889-C80C-45C7-99F1-C8D6CECDB945}
[2013/09/26 23:41:19 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{A0FDA72B-4D04-4526-A36A-0D81D298B2D0}
[2013/09/26 09:58:05 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{38E7A3CB-5CF6-4C66-8944-5CC4846BB467}
[2013/09/25 13:45:21 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{97411F6C-942C-4B58-8D17-F9DF80C87155}
[2013/09/25 11:42:42 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{83C79716-B343-4C1D-9CFF-20F4E4228BE6}
[2013/09/25 11:19:29 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{2EF1C98D-C360-45D5-A6C0-7FC347F3FF6A}
[2013/09/25 11:13:53 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{9B92A6A3-0C9F-4EBA-8207-7616853D3A2E}
[2013/09/25 09:35:44 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{92670ECE-BA85-4837-970F-02BDE508111E}
[2013/09/24 21:22:32 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{3CB7EA54-D739-452C-8203-0EAB739A81D4}
[2013/09/24 09:02:31 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{1ED39084-168C-4EC8-AC82-5B2EA74180FE}
[2013/09/23 19:14:17 | 000,000,000 | ---D | C] -- C:\MATS
[2013/09/23 10:40:03 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{4D6EDFD2-810C-4D35-890C-7F1FF2246477}
[2013/09/23 09:40:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2013/09/22 19:35:59 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{25829028-D7F9-4BB9-BF00-6B909DEA6F0F}
[2013/09/22 18:57:59 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{AD7B68B9-A772-46CF-901A-75B22046F921}
[2013/09/22 18:54:39 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{95CC7150-0354-44A8-836B-F0DA77D8FAEC}
[2013/09/22 05:41:26 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\avgchrome
[2013/09/21 21:01:33 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{0426E805-4232-409C-AF73-6FEEDCD81122}
[2013/09/21 14:47:41 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{012AD5D6-3786-4428-9206-A11820EEC469}
[2013/09/21 10:10:06 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{4140A045-E7AA-4CCC-94F3-F08AF8740337}
[2013/09/20 22:19:20 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\Mozilla
[2013/09/20 22:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/09/20 22:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/20 18:55:52 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{F470A923-84E5-4B31-A95D-7BD413980AB7}
[2013/09/20 15:38:56 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{3C8DC1C1-CCAE-4F15-92CC-11DE3B5B7FDC}
[2013/09/19 11:30:39 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{85071C38-DEF9-436F-886B-26920DD1241B}
[2013/09/18 06:10:46 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{88715AA9-1E7E-4A75-BC5A-8CA637DC84FC}
[2013/09/17 18:09:43 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{6B2BA670-CDB5-457A-B447-24F8B83948F6}
[2013/09/17 12:40:54 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{FCE585D4-824A-42B6-92C7-79BFF92493B9}
[2013/09/16 12:25:26 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{BD5E2EC9-B468-4B77-B572-ABCDFB244DBA}
[2013/09/15 17:50:30 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{69072D5C-1A5F-47FE-966F-4262066F668B}
[2013/09/15 00:27:04 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{ACD86EA0-D106-47D1-ADB6-6BFE91D9AFE6}
[2013/09/14 23:37:28 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{5884C53E-21E8-4D73-9E67-58A827A4A0B9}
[2013/09/14 10:11:56 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{9461CD23-637D-4F1F-A15D-9D9CC4F2244E}
[2013/09/14 08:52:52 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{AEBD61C0-6ED0-4403-BFDE-C415FA2115DB}
[2013/09/13 19:29:43 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{E2805083-C09D-4D30-BC5A-4AA0F9C25AC4}
[2013/09/13 18:39:21 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{9877C648-09D7-423B-A0EB-E8F46359E1CB}
[2013/09/13 00:55:14 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{8FD27D76-DA40-42D0-9069-E04884ADCBD4}
[2013/09/12 23:41:36 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{64CAED06-BC61-459C-9D6F-34209A4BBB00}
[2013/09/12 23:40:38 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{871132DB-6DBE-486E-832A-93AA2002A2A7}
[2013/09/12 23:12:34 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{95A64DFF-DA5A-4240-B0C5-78EF215AD5DB}
[2013/09/12 10:52:12 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{E1A3E8F2-9F6B-407E-9D7D-AB499984801D}
[2013/09/11 09:01:35 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{24A4B2A3-D1B0-4CE7-9701-49CCEDB61B58}
[2013/09/10 17:21:41 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{53937EC9-87F1-49A3-9474-7FFDD5B93360}
[2013/09/10 09:25:08 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{4743375F-37AA-41B2-B4B7-882F0BD479B1}
[2013/09/10 09:07:45 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{A80289C1-FE7E-4964-8E36-DC3D0B642229}
[2013/09/09 18:03:11 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{DDC5B70F-D2B0-4B33-931D-EA7E6B294B0F}
[2013/09/09 18:02:14 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{D9EB7331-8BA2-401E-B944-BAF422059FC0}
[2013/09/09 00:58:46 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{11B1BCA4-100F-4EA1-A2F6-CC60626BAECE}
[2013/09/09 00:50:29 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{59BA6E21-4E00-4C17-9E3B-72650A94DAE2}
[2013/09/08 16:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\TreeCardGames
[2013/09/08 16:27:28 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\TreeCardGames
[2013/09/08 16:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FreeCell Solitaire
[2013/09/08 10:55:00 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{4F54CC68-DC31-4D19-8CF9-CAE01A6FB9FB}
[2013/09/07 10:22:55 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{77605879-C14B-45B2-8B7B-FF9637F2F178}
[2013/09/06 11:22:54 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\{09E6D503-F01A-4811-B019-9DA8CF81C633}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/05 11:01:31 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/05 11:01:31 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/05 10:56:00 | 000,000,830 | -H-- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/05 10:54:50 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2013/10/05 10:54:36 | 000,000,896 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/05 10:53:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/05 10:53:52 | 2962,341,888 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/05 10:49:17 | 003,386,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Darlene\Desktop\avg_remover_stf_x64_2014_4116.exe
[2013/10/05 10:46:00 | 000,000,900 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/05 10:45:05 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job
[2013/10/05 10:44:56 | 000,013,780 | ---- | M] () -- C:\FixitRegBackup.reg
[2013/10/04 19:13:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darlene\Desktop\OTL.exe
[2013/10/04 18:46:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/04 18:24:12 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/10/04 14:07:08 | 005,130,782 | R--- | M] (Swearware) -- C:\Users\Darlene\Desktop\ComboFix.exe
[2013/10/04 13:20:02 | 004,009,167 | ---- | M] () -- C:\Users\Darlene\Desktop\ServicesRepair.exe
[2013/10/03 23:03:10 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/02 19:33:06 | 000,000,601 | ---- | M] () -- C:\Users\Darlene\Desktop\Search.lnk
[2013/10/02 18:21:44 | 001,045,226 | ---- | M] () -- C:\Users\Darlene\Desktop\AdwCleaner.exe
[2013/10/02 17:05:22 | 001,954,124 | ---- | M] (Farbar) -- C:\Users\Darlene\Desktop\FRST64.exe
[2013/10/01 21:03:35 | 000,803,792 | -H-- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/01 21:03:35 | 000,661,486 | -H-- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/01 21:03:35 | 000,127,770 | -H-- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/01 15:53:32 | 000,801,466 | -H-- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/01 14:20:08 | 000,003,094 | ---- | M] () -- C:\Users\Darlene\Documents\.reg
[2013/10/01 04:37:45 | 000,032,512 | -H-- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/10/01 04:36:47 | 000,011,118 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013/09/30 23:57:42 | 000,000,769 | ---- | M] () -- C:\Users\Darlene\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security.lnk
[2013/09/30 23:57:41 | 000,000,097 | ---- | M] () -- C:\Users\Darlene\AppData\Roaming\avbase.dat
[2013/09/30 23:08:50 | 000,002,186 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/09/30 18:08:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysWow64\config.nt
[2013/09/22 20:36:41 | 209,715,200 | ---- | M] () -- C:\Users\Darlene\Documents\Data Safe.avgfv
[2013/09/19 15:56:22 | 000,692,616 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/19 15:56:22 | 000,071,048 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/08 16:27:22 | 000,001,050 | ---- | M] () -- C:\Users\Darlene\Desktop\Free FreeCell Solitaire.lnk
[2013/09/08 16:27:22 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\Free FreeCell Solitaire.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/05 10:44:58 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job
[2013/10/05 10:44:55 | 000,013,780 | ---- | C] () -- C:\FixitRegBackup.reg
[2013/10/04 13:19:34 | 004,009,167 | ---- | C] () -- C:\Users\Darlene\Desktop\ServicesRepair.exe
[2013/10/03 23:03:10 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/03 19:39:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/03 19:39:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/03 19:39:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/03 19:39:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/03 19:39:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/02 18:21:21 | 001,045,226 | ---- | C] () -- C:\Users\Darlene\Desktop\AdwCleaner.exe
[2013/10/01 14:20:08 | 000,003,094 | ---- | C] () -- C:\Users\Darlene\Documents\.reg
[2013/10/01 04:37:45 | 000,032,512 | -H-- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/10/01 04:36:47 | 000,011,118 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013/09/30 23:57:42 | 000,000,769 | ---- | C] () -- C:\Users\Darlene\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security.lnk
[2013/09/30 23:57:40 | 000,000,097 | ---- | C] () -- C:\Users\Darlene\AppData\Roaming\avbase.dat
[2013/09/30 18:08:33 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/09/30 18:08:32 | 000,204,880 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/09/30 18:08:31 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/09/30 18:08:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysWow64\config.nt
[2013/09/22 20:36:41 | 209,715,200 | ---- | C] () -- C:\Users\Darlene\Documents\Data Safe.avgfv
[2013/09/20 22:18:15 | 000,000,601 | ---- | C] () -- C:\Users\Darlene\Desktop\Search.lnk
[2013/09/09 00:49:07 | 000,001,050 | ---- | C] () -- C:\Users\Darlene\Desktop\Free FreeCell Solitaire.lnk
[2013/09/08 16:27:22 | 000,001,050 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FreeCell Solitaire.lnk
[2013/09/08 16:27:22 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\Free FreeCell Solitaire.lnk
[2013/04/19 12:23:34 | 000,007,625 | ---- | C] () -- C:\Users\Darlene\AppData\Local\Resmon.ResmonCfg
[2012/12/16 19:51:13 | 000,000,209 | ---- | C] () -- C:\Windows\settings.ini
[2012/12/15 18:52:58 | 000,000,352 | ---- | C] () -- C:\Windows\hegames.ini
[2012/12/15 18:12:12 | 000,000,000 | ---- | C] () -- C:\Windows\PhantomOfVenice.INI
[2012/10/29 21:29:41 | 000,000,306 | ---- | C] () -- C:\Windows\NBREPORT.INI
[2012/10/18 23:39:13 | 000,000,125 | ---- | C] () -- C:\Windows\PDASETUP.INI
[2012/07/03 16:19:50 | 000,000,483 | ---- | C] () -- C:\Windows\NBMP.INI
[2012/06/26 16:06:09 | 000,000,149 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2012/06/23 13:58:19 | 000,000,100 | ---- | C] () -- C:\Windows\NBWP.INI
[2012/06/18 20:55:17 | 000,011,115 | ---- | C] () -- C:\Windows\wininit.ini
[2012/06/16 23:36:17 | 000,000,902 | ---- | C] () -- C:\Windows\NBEXER.INI
[2012/06/13 19:59:59 | 000,000,344 | ---- | C] () -- C:\Windows\NBANALYZ.INI
[2012/06/13 10:04:09 | 000,000,308 | ---- | C] () -- C:\Windows\NBTRACK.INI
[2012/06/12 10:31:03 | 000,001,315 | ---- | C] () -- C:\Windows\NBCLIENT.INI
[2012/06/12 10:27:25 | 000,005,630 | ---- | C] () -- C:\Windows\nb5plus.INI
[2012/05/18 00:09:00 | 000,000,017 | -H-- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/05/17 23:01:33 | 000,803,792 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/13 11:25:17 | 000,867,020 | -H-- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/10/13 11:25:17 | 000,105,428 | -H-- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/10/13 11:25:16 | 000,128,204 | -H-- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:A6881EE7
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:80FE037D
@Alternate Data Stream - 254 bytes -> C:\ProgramData\Temp:FF717A18
@Alternate Data Stream - 251 bytes -> C:\ProgramData\Temp:B504E4C2
@Alternate Data Stream - 247 bytes -> C:\ProgramData\Temp:5DB36C47
@Alternate Data Stream - 242 bytes -> C:\ProgramData\Temp:934CA750
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:8F6B75BF
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:120B3AFD
@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:3ADE134E
@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:FBA79096
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:73AFBB96
@Alternate Data Stream - 193 bytes -> C:\ProgramData\Temp:6B2FBF73
@Alternate Data Stream - 185 bytes -> C:\ProgramData\Temp:50DD4118
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:4B6A9FDA
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:195E8317
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:B3A5945E
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:9BB8C675
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:3C5ABDC7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:BF07EA98
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:8E11CC80
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:9338F136
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:89CF6F9C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:B4530133
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:EFBD4447
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:05F547A9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp8F9D810
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:B61767F5
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:27D1368B
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:8FC568E1
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TempE3ABE3D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:9FCF32A8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:32A82570
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0ADCCF52
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp055FC10
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:5511B474
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:2C678471
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E7B49FBF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E0A09032
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:9725F1BC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:3BC173E4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:14362DF8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:8DD20B4A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:88981452
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:38B32B54
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:E8BF029E
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:6AF67671
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:AFB24B00
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:12F3508C
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:3313A48D
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:1C88C8E5
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:9B285B76
< End of report >


----------



## Cookiegal (Aug 27, 2003)

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:OTL
SRV:64bit: - File not found [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - File not found [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
```

Then click the *Run Fix* button at the top
Let the program run unhindered. It should reboot when it is done but if it does not, please reboot your system.
Please post the log it produces in your next reply.


----------



## Cookiegal (Aug 27, 2003)

Also, please do the following:

Please download  *SystemLook* and save it to your Desktop.

Double-click *SystemLook_x64.exe* to run it.
Copy the content of the following code box into the main text field:

```
:dir
C:\Users\Darlene\AppData\Local\{27A62648-16D7-4A28-841D-E4D78D1ECFAE}
C:\Users\Darlene\AppData\Local\{3AD1BEA0-4A9C-42B9-A707-8F1D6865D054}
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## ldarlene (Sep 6, 2008)

SystemLook 04.09.10 by jpshortstuff
Log created at 12:42 on 05/10/2013 by Darlene
Administrator - Elevation successful
========== dir ==========
C:\Users\Darlene\AppData\Local\{27A62648-16D7-4A28-841D-E4D78D1ECFAE} - Parameters: "(none)"
---Files---
None found.
---Folders---
None found.
C:\Users\Darlene\AppData\Local\{3AD1BEA0-4A9C-42B9-A707-8F1D6865D054 - Unable to find folder.
-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Please run the following on-line scanner.

Note: If you're running a 64-bit system you have to choose the 32-bit option in IE. To do that, go to the Start Menu and right-click the Internet Explorer (32-bit) icon and then select 'Run as administrator' from the right-click menu.

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\ESET\ESET Online Scanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please.


----------



## ldarlene (Sep 6, 2008)

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a286b6efebf928478842bb6eb6aee606
# engine=15371
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-06 05:18:57
# local_time=2013-10-06 01:18:57 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 371429 156825009 0 0
# compatibility_mode=5893 16776573 100 94 0 132580187 0 0
# scanned=287156
# found=4
# cleaned=4
# scan_time=8652
sh=775DE1C784502F8EDA0608117FA8ABE5506E9781 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndppnjnhomgndlbebhccpbkfomncohhe\1\51f2c5a0ebbf50.02723255.js.vir"
sh=46C1319EE38510C365A4226621DE30BDF7E462FF ft=1 fh=662930a683ab766b vn="Win64/Conedex.C trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{e8a5b007-eb4a-d0b4-5a63-cb2c938ea855}\9519~1\A535~1\E628~1\{e8a5b007-eb4a-d0b4-5a63-cb2c938ea855}\U\[email protected]"
sh=A065922E48E274F827BC8A04091A44632D498373 ft=1 fh=f3684398a5f5cf1b vn="Win64/Conedex.I trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{e8a5b007-eb4a-d0b4-5a63-cb2c938ea855}\9519~1\A535~1\E628~1\{e8a5b007-eb4a-d0b4-5a63-cb2c938ea855}\U\[email protected]"
sh=5D413FFF6607C7FF153C8B089977347417E1E088 ft=1 fh=0112fb9bc29fd834 vn="a variant of Win64/Sirefef.AW trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{e8a5b007-eb4a-d0b4-5a63-cb2c938ea855}\9519~1\A535~1\E628~1\{e8a5b007-eb4a-d0b4-5a63-cb2c938ea855}\U\[email protected]"


----------



## ldarlene (Sep 6, 2008)

Sent the log. I noticed a message on right hand side of screen that warns I have regsitry errors. It took a minute to realize it was an ad. but it certainly looked like it was directed at my computer. I was just wondering
if it is a legitimate program.


----------



## Cookiegal (Aug 27, 2003)

It sounds like you downloaded an advertisement.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


----------



## ldarlene (Sep 6, 2008)

Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Darlene on 06/10/2013 at 13:56:49.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-356847380-486099396-757606752-1005\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211671166}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\robotaskbaricon_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\robotaskbaricon_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211671166}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\robotaskbaricon_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\robotaskbaricon_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"

~~~ Files

~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\Darlene\appdata\local\big fish"
Successfully deleted: [Folder] "C:\Users\Darlene\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Darlene\appdata\local\software"
Successfully deleted: [Folder] "C:\Users\Darlene\appdata\locallow\whitesmoke_new"
Successfully deleted: [Folder] "C:\bigfishcache"
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{007C6C01-84BE-41B4-BE19-2455323FF5EC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{00FF1D66-17E6-4D86-826C-69C1B9E2CF75}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{012AD5D6-3786-4428-9206-A11820EEC469}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0155BBDC-4683-49AA-9954-8C9CBCF59CFC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{018756D1-2F93-4ADC-98D4-E5B5AF8D4324}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{01A2EACD-AFD1-40E4-80BD-729A647E33E2}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{01C1491E-771A-441D-A706-11895F2B3247}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{01CB494E-12FF-48CA-B0F7-EE19F5E8EF1E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{02709C46-D073-4D09-A8CB-5705760771B6}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0299A4A4-6344-4E7E-BFD7-7B70B26C26C3}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{03482AD3-1D54-4D6F-9DFF-ADF204995744}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{035A3B78-F983-4FB8-9ECB-85C7EA2E1F00}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{03B6D59C-70A1-4BC5-93A3-9014FD07246A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{041AD8FE-378F-4CEF-9117-930B716EA7EB}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0426E805-4232-409C-AF73-6FEEDCD81122}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{04422672-14E9-4A51-BB92-5E4DA0C6F6CB}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0523ABE6-FB12-417B-A61A-E60D5E1A1594}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{054120FF-3628-407D-99F6-BD81A499CA84}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{05703B50-1320-494A-8E9E-A00882FD0BC4}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{057CD303-F6B3-4CF8-8481-74F1C3FAF9AD}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{05872A71-53B5-482D-BD59-387E78A45BD8}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{05B1AB4F-59F1-4372-AE11-952524BA352B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{06A0941C-0F67-478E-844E-48B2632E581F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{06A747CC-D198-4BDF-9818-37F0F8F30DB4}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{073108DD-5646-4A0A-BAE9-12AC9C5FB81D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{07664F32-CFAA-4745-8761-91FCAD7E2464}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{076D16B0-CC9B-4384-BE05-A802C5A01CCF}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{076D5206-9784-4A7D-ACE3-AAEAB64500C6}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{07EE1DBA-E3A4-4425-9F80-652CDD6A0A5B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{08182A09-14F5-4373-AE27-189F2121CD46}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{089ABC4F-4855-4FFE-A32B-138A43C532BA}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{08A8B982-574C-4C78-B654-C16ADAAFFC1F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{08BBE6FA-30A5-4F8A-8E43-9F4C0042399A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{08FA82F5-4A50-439A-B82E-2C24C9ED0584}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{092C75A5-40B1-4A51-B22E-52086E5426DB}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0976C462-4428-4FBE-90E3-D024B35455A3}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{09AE5BFB-040E-42D5-AF6D-91FCB4D5BC7D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{09D8D6DA-1918-40F0-AED9-7624724955DB}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{09DD4AFC-8813-441E-9504-D2DE926A6529}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{09E6D503-F01A-4811-B019-9DA8CF81C633}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0A48B5ED-1789-4014-85C3-AEB16359D8D1}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0A84FF8F-F66B-42F6-B0FB-07562EA14E3F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0A919908-3DBB-4241-8E07-9B09F079283F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0AAD0147-D41F-418C-A131-DEDB42DB1A08}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0AB48629-38D1-409D-9AF0-B99EC5068404}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0B9A1829-47B6-4225-B78F-670AB891DB69}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0BADD12C-7575-4981-9D3B-3EB9D7BC9578}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0BBEE669-2BB7-4B65-8B3A-A29B9D49521A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0BDF0E4F-E5C4-4229-BF97-58E434639125}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0C050152-97B7-4F8A-9410-28AD58DA362B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0C13937B-BCDE-4216-893D-ADD96D3A3D5E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0C5C6E3D-3608-4038-9885-A3DA4B7B766A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0C9034B5-8418-4D36-9FA7-454FD63E751F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0CFAF552-E3BA-403F-9067-39F2CC26B2BA}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0D05BE5F-3C5F-4C59-925A-0F8DF4D27AB3}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0D2D59A5-0736-4304-AA23-172D95EDAA1C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0D5A2291-1BB9-45CE-AB4C-A8ADE080215E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0DACF90C-1EE5-4167-8FF1-1214CA8CC62C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0DE850F5-0417-4018-B287-007F549245E4}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0E0C863A-E543-4F55-974B-03668B06DC4E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0EAF03B1-42A9-41A5-8BB1-68B37C8C4C62}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0F06C3FC-D416-48CF-B438-EB990DEE09A2}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0F144BC6-6971-409B-9346-5C2286CE6F68}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0F1CE245-1BA1-47A0-88A9-F6B8101526EF}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0F7F0F79-909B-4BF3-A53F-6CE704122A34}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0FB275CD-832D-46BE-B8E4-9BAEF7C0B817}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0FD8892C-CD05-4959-8950-66E845BD5C03}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0FE93152-62CC-43EC-A2C1-B1BA6E2E851D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{0FF600D8-DB53-44AF-ABD1-C3B20ACEE0BA}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1001A16F-49F0-44A2-883A-E64020832913}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{10458DF6-23D0-4F29-8F39-B5179BE8A482}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{10A9460F-68CE-4EB6-8B26-B27570A44EFA}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{10ABCBAE-CF95-4E80-BC42-41A1F5707D99}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1107C1F9-BA6A-4B74-936A-75F733725BD4}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1116EC9C-1F32-45BA-8723-8BA447E40A31}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1169B76B-0120-41B2-BC86-917CE4600838}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{11B1BCA4-100F-4EA1-A2F6-CC60626BAECE}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{11FA24CF-FEE5-41F1-BC1F-5FAE61A5BE4A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1290D2E3-3670-43DB-BAC0-763267C8AB23}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{138E1644-B968-44D8-8FE8-483C3D6B112B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{13AA4DE2-A4E9-4FC7-8C61-ED6DC3DB9682}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{13BDE22C-C106-413D-9311-A3CDD748E83F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{13EB3C88-7E5F-4DE4-9357-002C6F0D2189}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{13F5E649-33E1-4CEF-B9B9-6819F67C0EAA}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{141C0290-2078-4DC6-9209-C90B3BCDF506}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1561DB07-1952-4CBB-8F3D-135E51C9FDA2}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1616F951-8045-41DB-B0AD-2F061D00E66A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1631CB3F-F546-4772-A620-8A71DF0F1D71}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{16703FDD-56DB-4752-B2B5-2C559986C011}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{16A67011-7893-4B26-8098-D7970F59037C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{178C1E23-CD59-495A-B8D1-3EC394448179}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{17D21C68-54D8-4405-AC85-F3657DBA358D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{17D7555B-62A9-43EF-AA01-FEC8D7E3E305}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{17E4BCB9-730E-4570-81A4-BB1ADC324858}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1834E511-2C94-441B-BC6B-5D84633E58DB}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{18671CA8-993F-4C69-B19B-4B5153D15E8A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{18B085D4-322B-4F95-B2FB-A46E2D0E5C52}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{18B68DC5-638B-4562-B593-169226CE6D70}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{18F55004-83B8-4D88-A487-12526057A7A9}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1926A2EC-9351-42CB-BB40-902B87327CEE}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{19588702-505A-4240-AE6E-5964D21C0A77}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{19594E12-43B0-4040-A03A-EFC80C3F222C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{195C755D-3A67-43C1-8013-A305C5772625}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{196EFA45-A959-46D1-9959-757AF581DC08}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1A76E292-65EB-45BF-ABF9-DB33F87DB0F5}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1AC9F567-D675-4794-B0AD-A0B6716E3495}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1B25368E-03E0-456B-A1AF-C32529DFFAF8}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1BB115E4-3C8B-42B6-BD6B-732CAB495894}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1BDDD3BD-F014-40EA-9511-D8CBCBF9435E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1C5B9E34-2934-4F7A-886C-08345390D5DE}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1C71E0CA-A7F2-459A-8A7F-33640774CF90}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1C9FB8B2-49CF-46CB-B7BB-046579A9091B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1CE26129-49DC-4211-8D75-F85AF17B8F14}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1D4D2BF4-5CC8-4559-BDA3-19728EB830E8}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1D9A4AFC-B6EB-4EEF-A8E7-D9895CB6A40A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1E041704-5D82-4686-878A-C301743536C0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1E07035C-73FE-435B-991A-A1D5DE207A5F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1E0F5DD0-F445-4AF0-8CC4-A01F68F7F9C8}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1E2BD9E2-1817-44A6-94A9-C6ADD280ADA9}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1E33A61F-2222-43C2-9E0C-3E3E6C9B2D53}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1E4B1BE2-9312-4383-875D-6BD458DE3D59}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1E949824-77CA-4FB2-A42E-909324E8B6E0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1ED39084-168C-4EC8-AC82-5B2EA74180FE}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1ED8CFBA-FCD3-42B5-8CBE-401D0B4BADCA}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1EFCD8AC-AEEB-4CBC-AA26-C3DB4A094E27}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1F1EFA9B-D74F-4910-9744-9E35E0462F9E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1F80BDF6-4CFF-4B4D-89B6-9739D37748F9}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{1FACB6DD-295F-4C6E-B3E1-EEEC40F66EE7}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{207B5707-F405-4DDC-8557-5DCB1F41BDD9}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{20876AD8-901F-4E0E-AAAC-95AFCA592126}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{20969824-5A88-4C82-8009-4A6BD2EFF860}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{20ECF721-39CE-48C8-9C66-C48C8338439F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{20ECFBB3-021A-4846-B459-F914A465EACD}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{2101BEA5-637E-4884-BF06-C854CB506C51}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{21653444-B68B-4037-8F5F-074584EE00CC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{21674716-D68E-40C6-95F8-E8C23DB21E4B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{21F108D2-5134-4AC9-8835-DC47F1B2B32E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{22155437-493F-46B1-B260-202BBA2C69F0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{2220E797-B3E6-4BD9-9309-FCE7BAAE1ABA}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{2252BF84-EE6E-4935-9040-644C8B4C4708}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{22692D52-E400-44E5-A602-EBAE82E9E477}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{22D617A9-FDC8-4EBA-ACA9-ADEACEBDBD41}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{231FA261-030B-4132-8832-4F404F2D198B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{233A2662-BB14-43FF-9026-57FEA6FBAEEE}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{23855B6F-0139-448D-99A5-12C937D3C846}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{2422E6FE-6308-49F1-8242-1D38A8436AFE}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{2440CEBB-7AE1-4A86-A570-0315FD05F683}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{24A4B2A3-D1B0-4CE7-9701-49CCEDB61B58}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{24B2FDE0-D70E-4E1F-A23F-5DD332C7C5D3}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{255B9557-DEC2-4867-8E74-E63C4D757E42}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{25829028-D7F9-4BB9-BF00-6B909DEA6F0F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{263CF237-0716-4C97-9C36-58626C3899A3}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{26C7631F-6387-4003-942E-1E5434C07521}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{26E32EBB-03AB-4DF7-B21C-771CD08CFC3D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{271104B0-067F-4A00-A563-52550BEA0627}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{27413A3D-7254-4CFF-AD1A-B222F637D66E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{2741FA82-60F2-4126-BEDC-3D25C65A0571}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{27A62648-16D7-4A28-841D-E4D78D1ECFAE}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{27D77EF7-DA42-4975-A496-39B167617283}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{28007061-6218-41C3-A737-14A3C07227B0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{28861F9B-D2ED-4E33-8963-A25CDCE9FCF7}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{28A99D1C-65EF-4EC6-A834-E12907AED51A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{29ADB1CA-68BD-48D9-BFC2-363B451286CD}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{2B1C21E4-A921-48F0-BC51-5747D9356D02}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{2B5BA997-717E-4B26-8E81-D1AFEBCD98B7}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{2BA36B58-5C06-4C18-AEB7-77BCB0C8B0DC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{2C223E81-5847-45A6-A17F-6AC657AD3544}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{2C6ADD55-1A10-4CD7-A5CC-48D04699833D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{2D367620-EA08-4377-9A53-F4FE9E89ECBA}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{2D49BD61-02CB-44E1-BC23-F88B32214010}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{2DFE0C1F-D21A-4DDE-A7B1-E062CB050FF7}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{2E5338BC-C590-4725-8D2E-32B8FAD915E2}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{2EC235E6-F635-4417-9241-6B62DB5EF1CF}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{2EF1C98D-C360-45D5-A6C0-7FC347F3FF6A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{2F1B06AB-38D4-4F8F-869C-13BBF7A5311C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{2F95754A-C50F-48C3-BB86-815D03C5FE8A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{2F977F9A-5201-4954-98F4-54DED3A38083}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{2FA94242-1D8C-485A-BE6F-FD1C5451A709}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{2FF9AB81-AF06-49A7-AA29-3D430565785A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3064E178-3222-40C4-BD91-8912DB12CAE3}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{312E3D12-A240-4549-BB42-AF36143424A5}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{31A27B9A-F24D-41D0-81B9-2F9F29FCB844}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{31AFE713-21B2-40C0-A1FF-93CC7641EE84}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{32D43BE1-B17C-4186-8A36-B7AF90156C7B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{32D5F9FD-33BA-4A7B-9C2E-6BA2B2F754BD}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3327DE3E-5763-48B6-8E44-132094A09699}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3345214A-90EC-4C48-B1FE-EBBDAAAFF87B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{334E285E-6E98-4309-BA62-DAAAE091087B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{335E89F1-8359-4C40-BF06-9EB73122831E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3399335A-B51B-49DF-8196-9D1036E91F21}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{340D3047-42A0-4323-AFB3-FCD715789E1E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3433BBDB-82B6-4533-AA4B-A7ED6DB550CA}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{344ABD2B-5A4C-4FD4-9810-592FB2316AC2}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{34BB4B5D-E2FF-4E74-AF62-54D38801EB5C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{34D8217E-CD3A-46D1-B2B8-3265DDF968B9}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{34F3A043-939E-4CFA-8588-2A0732A41F8F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3578F210-AED7-4EA3-AC89-0A6861284F8B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{35A3759B-AD98-4957-B378-C8691E7754B0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3621127A-FBA5-42F3-A2B4-84AD3602B3D9}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{36C00700-9FDB-485B-9510-DD518109555C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{36F0A4DA-0AF0-4105-93E8-C5881B58F5B0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{370BBA1B-3FED-43E8-9B8F-36168EF73C1B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3716C454-1A47-4746-8EF2-86AA24B1A863}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{37172E33-399D-4DFF-BB75-54F6468F3987}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{376D50B5-3BC3-4E7F-9451-E8ED0867538E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3823EDE1-0A67-4165-933C-D94736914415}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{38E4FC14-BF21-4EEE-B38A-8DF2DFB471F6}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{38E677DE-9EC5-4ECC-A330-C2DD30AE4EE0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{38E7A3CB-5CF6-4C66-8944-5CC4846BB467}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3911B61B-0C1D-4DF8-B55B-457ABB95FE10}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{394FD40D-6D3A-49CB-93DF-017E2A8C935E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{39FDBCD5-115E-41FE-A88F-4A054C017453}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3A5F7287-047F-46BD-8EEA-E8FB8951242C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3A7B8DE2-1E26-437B-BFF0-F77508B3BB46}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3AAC240E-53EE-4F4E-91A0-FDAE1FB4BAC6}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3AD1BEA0-4A9C-42B9-A707-8F1D6865D054}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3B0FAFBD-62D2-4740-A463-528735D1CBB3}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3B1DB1C0-571F-40B6-A133-DB68D07007ED}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3B995CD7-55C7-4EFD-8795-E55810FCBA7B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3B9F95A5-786F-4141-BA9A-6099CCCB394D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3BC64CC9-343D-4874-B7FE-F46D4ECD1EE1}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3BE671BF-99DC-4041-BDD9-4748951E48B3}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3C248F1C-7B82-44D6-BB91-21E3BECD044E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3C6F0BE1-0FC8-4DA5-8E53-22982C423D23}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3C8DC1C1-CCAE-4F15-92CC-11DE3B5B7FDC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3C9FFC7B-96C5-434E-8AF0-5447F12E69C2}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3CB7EA54-D739-452C-8203-0EAB739A81D4}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3CD88791-5E91-451A-85A2-95CE4BF912CE}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3CF8CDC9-C7B8-4284-9FF1-58E37A31D1CE}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3D13168D-E49F-49C3-92F2-74E1A71CDFF0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3D3344E3-D519-4D96-A5FB-E58B0B35336D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3D3EADED-7869-4ED5-A19C-E6DF6181E15A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3DB7D3A7-E88A-43A7-BBB9-DE9F0A2763C0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3DE55A4B-945E-4967-9EC5-B9165FB04133}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3E22CD07-41BE-41D5-9B5A-8F7ADBA13AB1}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3EB1F1C1-1F42-499A-B0CB-69CF9F814F56}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3EBDC5E4-47A0-4D4F-9BF6-E429A3C25D86}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3F07EC65-BE53-43F8-BCB2-3B8414C2D71D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3FBC6292-A25F-4A43-B2CA-48C0A502577B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3FBCBC97-D7C2-481A-8C35-CB47E22842E5}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{3FCFEF95-2616-4D2C-8DFD-652752C04AD1}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4039F51E-FAA4-44D0-B199-48B506CE6EE4}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{403D3113-F09D-4E42-9392-101B764ED418}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4076EF1D-A87E-4274-99AB-F22DAD86B95E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4091ECB9-6D6E-4410-B5CB-2F599376DB28}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{40C5F152-54CC-4B7C-A025-38109888806A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{412779DB-49DA-42DF-AB3E-A1A797B06C25}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{41312742-4957-48F5-8073-79F61250CBB3}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4140A045-E7AA-4CCC-94F3-F08AF8740337}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{414875A3-5CFF-4E64-BF21-751B72954114}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{41E76838-1A62-4415-8807-A4EA73A9F3F7}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{422D5D6A-719B-454E-98AD-728DFE5D2F71}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4293BDEF-CAB2-4329-85CD-5F726F108F98}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{42BC8EA2-EB4B-495A-BF91-EF95ADF4817A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{43B49DE0-3B81-4423-9A2B-06D036B878AF}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{43D9FB9A-A6B1-4082-8A19-40FEBF49272C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{43F331D8-6F22-45F7-B32C-A865931BA10B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{446F6A2D-01B3-4674-BC8A-2E0791040337}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4481676F-7071-4208-9BCC-7D6276286C01}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{44CDF175-A79B-445F-B083-308ED75163CD}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{45448A03-02A8-479B-9E13-DFCAF0D46277}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{45E44468-2058-42B6-B8F1-3DC67940A61F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{45E6BC8F-777B-483C-AE5A-8C5BEE2CDA06}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4649580F-AEDC-466C-B98E-4B01F51B574C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{465DA25E-6909-496D-8797-E6EC7187E651}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{46C2B0E0-0A3A-4277-A3DC-763E38BB14EC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4743375F-37AA-41B2-B4B7-882F0BD479B1}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{47D1EFE4-D67F-41FC-A289-65110C2E3B2B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{482045A9-4702-4585-8FEF-C3EF19ED49F6}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{485980B2-7FC8-4992-B56A-EA3F98872335}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4877D6A3-3BB1-47DE-8F36-AB9CFDD90C6B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{48860625-366F-4B18-81B2-37E72BE6F2DD}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{48C604DE-3877-40AB-8D63-8A83E3A8620A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{48C705FF-1057-40B8-94C7-E6D891F5BA85}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{48D97375-F200-4B7C-8366-AA6D0E015D51}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{48F5BCEE-3EA1-4B58-B287-45E12D6B9F35}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{491F7C5F-0B3E-41F1-946A-3293AC1550C5}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{492BE992-7295-4F59-8CAB-E5E6D1C98C3A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{49411C45-6792-40C1-853E-C13821CBBA61}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4945D3A9-75DF-472A-8F05-00D721FF51B0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4954AFC4-CA2E-46D0-8F26-6B620F255F83}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{49DD855F-3B06-4976-B6BA-78021EE866D7}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{49DE11D9-EB65-4303-8141-ADEFBFEB710C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4A019F57-E729-4B29-8841-49F004CCC95C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4A279C0B-94D7-44D8-A1BC-6C4B7A056D0B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4A8A3356-9712-42D4-B283-475A03733029}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4B9C4FEC-AA57-49D1-8CB9-BF3B2CD0787D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4BADF904-5934-40B6-B201-3B8EF9A16863}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4BC8085B-D213-4970-910C-1CAC573A2CAE}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4C0CDEA4-1351-4F58-B8D8-2DDC49527865}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4C320F89-2AFC-4D61-A6D5-9ABB9707C2EC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4D6EDFD2-810C-4D35-890C-7F1FF2246477}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4DA1D6DB-00FA-4CB5-BC48-79DC752C519B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4DCAC438-54F5-498D-85F4-8350A1896E04}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4E53307F-4352-456F-8755-DCC2EBB7D6E4}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4E9E616B-1758-46F4-AE56-4FBB2127EEE2}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4EC6A75F-A09D-436B-B7D6-EE80817063D1}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4EEBBF9C-889C-4291-A229-4EE6DE616893}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4F2A9A57-B9ED-4684-9248-07853985D080}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4F54CC68-DC31-4D19-8CF9-CAE01A6FB9FB}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{4FC52172-6C17-4BB8-AABD-E4C6F4B502E0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{505BA943-E45E-4FB2-9B86-32104BD6E7CB}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{50819D85-19EE-490B-AE25-9362850254AC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{50917390-A1AB-459E-B878-53C0F95F113D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{50AD276D-ED51-40DC-B347-ABB29BCA4B32}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{5135ADDB-1DA8-48D0-9BF8-0DA351B276B3}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{51D1CC83-1F41-4CA1-9135-EAB3071FF0ED}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{51E11434-E02B-4B9A-B096-D98B72E272D0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{51FAF514-B710-46A9-AC64-86C279094F0C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{52413C42-579C-4454-9FFC-7CCF41AAB62B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{52FB6D80-DCE7-43E6-921F-46239DF88EA6}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{5302F249-4137-4683-9CDD-94B856FBC1DF}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{53635315-5D30-4F28-9C00-021C13114027}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{53937EC9-87F1-49A3-9474-7FFDD5B93360}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{53BE0D26-2277-4BAA-9475-AC989EB2E399}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{5408AE7F-AD1E-4708-9DD7-4EF00FD6F570}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{549601E9-EDAF-4BDA-BE9D-495CF09A5976}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{550576E9-CE90-41ED-861F-4146310895BC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{5568EEED-D82F-46F7-A801-19C9EDE53F43}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{5589453C-01C9-4D26-8278-49991CB2169F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{56517B44-6743-40B5-AAB3-5869C2E889ED}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{56A0F649-9D58-4785-A238-59A9A1D0F322}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{56E1D1DD-2CC7-47D6-AFA6-47132606994F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{57A3D33F-DE77-4BE0-B704-E3245A3F1761}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{57C21891-284E-466E-AA35-9B8A5F30B813}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{57D17E39-6C64-4B86-986C-37D2D2DBDA41}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{582FAABC-F074-4AB1-AA30-362F1F403136}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{5867A9B9-379E-43DD-844C-F3BE7AD0079E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{5884C53E-21E8-4D73-9E67-58A827A4A0B9}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{58BEF4FA-3605-4F25-AF60-E53DF7AEE413}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{58E62AFD-DC4D-4DD8-9F07-C50CCA60006D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{590ED085-81B6-4B2C-87AD-E7C309FEBDB3}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{591F4B63-78AF-4C30-8000-CB19C6D276F9}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{594FAE71-A3C5-4981-882E-39A98ED5140B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{5951914B-117C-46D5-8D3C-52EBB9B85E89}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{59BA6E21-4E00-4C17-9E3B-72650A94DAE2}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{5A5856EB-06F0-486A-B583-7B1E89481903}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{5A72F321-2DFE-485B-9DBB-FEF3E6104A9F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{5AB013F6-3A88-4CBC-85C1-B77CFD5E045E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{5B9A0F95-35D9-4CEF-9424-0ACF1D697A66}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{5BF202C0-F6E0-4BE2-A6AE-25173F3D0B48}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{5C123163-B6C8-4882-A299-1B12811BFA59}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{5C2D77A1-8081-4210-B46A-7511AB37313C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{5C4AFFD5-60D7-4EF6-8FD1-EDAB8D534BC3}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{5C6C26EB-0C9F-436A-8808-2D168947D0EE}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{5CB375FA-5A6C-4DC1-8BB2-6ADE31DCAD8A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{5D646515-E9DF-44A4-A6C4-042728D45240}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{5FBB066D-B43D-4536-803E-918EA738CB3C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{6018F0D3-161B-4215-AEA0-4FA38ECA615F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{60313108-B243-4D38-B898-1A9DDFD01D93}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{617AA29A-2B04-4E5B-B8F7-B4307824256B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{61B6B5C4-C83F-4CAB-BB78-DFFC67A376F1}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{61E49C15-9E75-41F2-A76E-F2E5D5FA8575}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{61F869E3-4818-4371-A859-82F1712294AC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{62DA0E00-6736-462C-A486-971EB21F510A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{63235C57-C28E-4A5B-B0FD-5D4D219766AD}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{63B945F6-D159-4712-AE20-FEA7903AEE58}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{63D83548-EED6-47C8-A5CD-4CCB80F464DC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{64356312-F543-4BFE-9FC6-96D92C5E5B06}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{6441B37E-405E-42A4-973D-806083030E8D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{6471B0DA-6BFB-47AF-B47E-1FFF273E8440}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{64866B40-92C1-45A2-8FD0-67ACF3A505F9}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{64B653FB-2A8E-497C-B8E1-2B3CC8ABBB95}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{64C38555-41AB-4A9A-89E4-BB41342F825E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{64CAED06-BC61-459C-9D6F-34209A4BBB00}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{64D4646A-3B79-430E-9EDC-292C2A21BCBE}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{64E3E66B-1C85-4DA9-8798-996CFD51DE91}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{651FB33A-4C3B-423A-B08F-977FADE8138D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{6545849A-2F1F-4E09-BF66-2FD359267E13}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{654BD6D5-AF1D-496A-AF5B-0FEF2E3CC401}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{65DD4901-1B4A-4066-A748-0073170646F4}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{660EB197-5D67-4B99-B81F-5AA092B0A5F3}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{669C2FF0-613A-4456-A763-7F13A205F660}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{66AD6DF6-0E6A-459A-90C6-53343C05C0F5}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{66CD5284-2A27-4E97-95A7-0C7F0DE618F4}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{67055438-B9C9-462C-8AC7-7741830FDA80}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{67399D43-AD9B-4D0C-8CB8-74188CDBA628}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{677660EA-25B0-49A4-B355-D20621A5894A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{6792C771-0A52-4414-ACBD-207E05F6D760}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{67C68621-877A-4495-BACE-868BE52C8EA6}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{67DB8044-D99F-4EAE-9FB0-8E390F6F6386}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{67DDE31C-9ECD-4970-B66A-7CA56895A693}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{67F96FE3-0A32-4A4D-9A8F-842893B12CEB}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{6802C420-8E66-4F63-8A06-3D04E83A9D66}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{684DD1AF-38D9-4F52-8E8D-6E092E423358}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{69072D5C-1A5F-47FE-966F-4262066F668B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{695F1383-15C7-47EB-9B18-125E5C847529}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{69B20699-A586-4C38-9B8B-8DC477ED0B9B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{6A834BBC-47E6-4B18-A338-E41FF5940F95}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{6A8A296D-5DFD-4B6A-B6A7-A83B8A6F2B10}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{6B127D54-53EA-433F-9079-130A4F684132}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{6B2BA670-CDB5-457A-B447-24F8B83948F6}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{6BABCE5D-4825-4BFD-A2DB-4FFAE8762FD0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{6BCADDF2-808C-4F21-9BE1-C59D6725FB3C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{6DB9E4B2-4EE4-4379-BEC3-9E3311CD49BE}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{6EB54D00-A164-4B02-81D8-FB51B32B7888}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{6F217936-C8EE-490B-9469-825384661C78}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{6F40D9FB-A010-44D6-B119-EBDFD65614EC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{6F5D3288-0F21-402F-B7DD-BA8588E9353B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{6F98A3EA-9698-4DD4-99E1-FBB965822EFF}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{70C01BA6-72CF-444E-B6AF-BDB8DAC68785}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{71355225-3403-4619-B5CD-85B4E974F060}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{7193B5E1-297E-461E-87AB-C37B4079D958}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{71A1B58B-0DB3-41A6-900B-0522CDDBCC02}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{71CE926B-A061-4201-95D2-080602FA9E2A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{71E0DB02-633C-43AF-A85C-5C690793FF2D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{72239047-609A-40CA-9104-F15E5AC290C9}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{727B756C-A903-497E-9208-BDB30D3D4608}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{72D58868-063A-4932-8A06-9C5BD9108333}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{72DF18BC-A033-4147-B707-5EFE2A7BFBB2}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{730389A6-BC1D-4AB0-BF59-BBC6D7562335}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{731CE5DA-7267-45FF-941E-DDAD1746EB01}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{73292A92-871C-43D6-BD19-A8E75C4CE549}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{732A2734-BF3A-4920-90F1-49B7C7D6B984}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{73A6EDEE-3C66-440F-9304-B6AEC2ED301E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{7417ECAB-E5DC-483E-9EE0-1D955AB2E611}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{74635DEE-FF6F-4445-8E95-6079E571891D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{74E3DB80-C939-4197-B791-35CA755B0D25}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{75560F84-9A98-4134-81E4-7760D741B0EA}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{7568FE62-697B-47DE-9992-35A4199850F8}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{75AF6159-C9C8-42A9-B577-A35EE09D87A4}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{75E33E27-2A98-4C3D-9E66-DF77B323C59A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{75FCB9DD-BEAE-49F3-B29C-67D948122C70}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{76B2875A-2604-4D1B-B52C-2F017CDBE6B3}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{76BA8E36-3DC7-4DEC-A3A1-7D18C92687CB}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{77605879-C14B-45B2-8B7B-FF9637F2F178}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{77D3B4FC-B8CC-4641-A205-039D1364180A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{781AF4B4-E98C-49F7-B137-150C079A2485}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{781FBF2B-1280-4C08-A1B0-0E7577EB6CE0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{78B08F8F-5914-495E-B392-FAEEECC07530}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{79A57D57-8281-4106-8684-E05C02916350}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{79B7B415-7F45-4A03-B146-40D8129D7284}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{7A6A7889-C80C-45C7-99F1-C8D6CECDB945}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{7AC707AC-B2DF-4B1C-A16A-B0011AC5F356}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{7BCAE210-98BF-416D-B4B0-00AA91099434}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{7C44015D-95BC-4655-9B8E-291FABCC7D9F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{7C656833-E21B-4F05-AAEB-84874B10B1E5}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{7D48BBBB-4518-417C-BE1A-BFDA6AF4D4FC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{7E06EE49-6E5A-4E00-8B7B-FBB0BFAC1802}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{7EDBAFE1-05D1-4B07-820C-78D69F85973B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{7F3E68BB-F00E-4676-AA7E-776E15FA5B32}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{802F57F3-DD8D-4C9B-9DE0-DD7ECFB6819E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{80622285-BC0B-47DD-A2F5-BCC9A68131BD}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{80AC8993-C6F2-4941-81BD-3AF1A54B8B10}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{80C42DAC-977A-4C56-A98F-63EC46C46C78}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{819019FA-5EDB-4E2C-9823-E829AB6BCA1C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{81A26EE7-9C30-4331-AF7A-9B85D6D2DD31}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{825796BD-C605-4CDC-AFE8-D9E983A7BC13}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{82653D0A-FFE9-4333-AA91-842044917783}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{82848391-1437-4C39-A078-B09896FAC23A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{82A219F8-E87B-4477-8694-5DF5AFAEB31A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{8309955A-A248-48BA-AE23-274607E4A2CE}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{83265C90-3D90-466A-81EF-81415BD274DE}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{8331BE30-4D1C-42AA-89CC-D3B25D4734BF}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{83457D22-36BA-4A64-BA61-C51EB7833537}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{83AAD933-76FB-4231-A258-D599C70ABC5E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{83C79716-B343-4C1D-9CFF-20F4E4228BE6}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{83DE96C8-6B76-469C-B307-7FCBA63794C7}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{83EFC7A8-F49A-48C0-90AD-5538FE7A1CF5}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{844FBEC0-A43F-4C13-8E1C-4742D04D6BCB}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{849213CD-7B27-4B55-8038-9BB8F5465458}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{84AF8E9A-B258-4715-BF93-D4EDDE654D48}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{84B57BA3-DCFE-4DC6-9956-3073CC076494}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{85071C38-DEF9-436F-886B-26920DD1241B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{856E92F8-47DF-4634-A54C-9094099C25A5}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{85B49572-EDDC-44E0-9BD0-63B05AC382A8}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{8647A207-3110-476D-A123-4C88C8356CE1}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{865341F6-2319-4FD5-947A-C1230FB9E973}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{86648C11-FF0A-47E1-B483-F1A7F527CFF9}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{8698D5F1-364B-4D99-96ED-05DF441E136B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{86DD7801-12F7-43BF-BD8B-3E9224ED756B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{86FB6A4F-887C-403F-B005-21E2EEC5651A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{871132DB-6DBE-486E-832A-93AA2002A2A7}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{88123D69-CD81-47CD-9C02-593D64294423}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{881C2EA6-B56D-41B3-B34B-83A16C5F3B96}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{88715AA9-1E7E-4A75-BC5A-8CA637DC84FC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{88A1E59E-95CA-4412-B8E7-67FD4D287599}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{88D380BA-A155-415B-B355-F93942DD44BA}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{893E5E7B-4487-44F1-A465-4BF3B45AB0E9}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{896B33AB-0B53-46DC-AC6D-66443D146598}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{898F64C2-5D0C-451D-914D-1DFA5AE74020}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{89ED9516-69DF-43A0-9906-4AB89C6DBC96}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{8A09C663-4301-4E4D-A75C-A14080F9C1E4}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{8AB1A8F4-3390-4B1E-828D-E6B4D2FFBFEC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{8ACE794A-CFA0-4B49-A75B-6C78905E5D3A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{8AFD3990-A94D-4578-B1C9-6E4633FF05C6}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{8BC639C2-7B11-4BC1-A278-F8549C895ACC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{8BD17ACD-A66C-480D-B6AD-D7CD351BE78C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{8C252D26-8FEC-4102-BB79-1622B35D3AAC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{8E0C134F-BF7C-4373-A5FD-D17217DF3743}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{8E9D41F5-B49B-4392-9E61-E1011705DEBB}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{8E9E7FAB-55A1-4F8C-A734-2D7A8B9B82DF}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{8EADBA91-529F-4E0D-A88E-3752FF18CD12}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{8FD27D76-DA40-42D0-9069-E04884ADCBD4}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{900597CB-6EFD-4ACD-B3D8-3A82C89070D5}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9039777E-0622-4912-ADE0-46895A5AD31F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{906EE33D-D5F1-4165-87BE-2B695BADC0AE}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{907794A4-68B0-4D8B-B253-8F8AEAED5C9A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{90BA880A-D832-466A-9993-4FD6D94F8B78}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{91021FAA-C0F8-4368-9CF8-D500C8060539}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{920B2D36-A9F0-4BE1-93A0-68CAC629BA88}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{92670ECE-BA85-4837-970F-02BDE508111E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9292793E-2267-4543-80F8-A0F28B5798D0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{92F69893-4D58-40E6-BF1B-4B1D81D62CF6}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{930F6D7F-CC41-4282-B48B-E99AD4C83134}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{939926F2-8EA5-48F7-8369-030B53B6F104}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{93A1EF55-57F2-49E0-A9E2-2C80C9400021}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{93CBD205-E99E-4CB6-B50F-7A4637290256}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9402C03C-5AD5-4ACA-8DB7-7E0E9C233219}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{943DA7F6-8F1B-490D-8AAA-1330ADFD3D7F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9461CD23-637D-4F1F-A15D-9D9CC4F2244E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{94E39FAF-8C57-4A2F-A49A-90F7A04B9A63}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9544CFA5-EF9C-418C-BC6B-191FDA641E21}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{95626109-7499-463B-BFA5-593D33F5F15B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{95687D19-ABA0-4936-B003-40C78037B6C6}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{959C9F2B-1B09-4018-95DD-8FFE53E0779B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{95A070CD-B0D7-46C5-BBBC-1A40332CB656}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{95A64DFF-DA5A-4240-B0C5-78EF215AD5DB}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{95C224DF-585B-4BF7-9BB1-4A8544A6C5FD}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{95CC7150-0354-44A8-836B-F0DA77D8FAEC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{95F7F22F-531C-4B5B-86F5-B90AA1C15A47}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{96498A00-5BA5-4237-9881-1623051278C1}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{966E1522-21B0-4872-B4C0-0B94CA564177}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{968D9737-1664-4B56-99CB-40F8823A85AD}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{96AF89E5-F47C-495F-BC6E-3A00843DFE3F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{96F7D074-1DAA-463A-A58E-A022D7B4333C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{97411F6C-942C-4B58-8D17-F9DF80C87155}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{974E9810-003C-43E3-9245-6F5D1E9E5816}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9757FB6F-2397-4EF3-BC80-586D80E9F20F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{976363C8-15E8-49DB-AE57-1F8D16A18CCC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{97772049-64E7-483C-86F7-6AC5640DD633}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{979C5B6C-0300-4E8A-BC69-DA2DDB92550E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{97AF3CAF-C77E-4F3D-BFA9-4CF6278FA722}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{98490773-AC17-4CDB-A123-4FB773A3BAC1}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9877C648-09D7-423B-A0EB-E8F46359E1CB}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{988C2A16-38AB-47CE-BD77-D953FF38BF9D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9978C6C3-B071-4FB0-A0DF-712AFABDC311}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9A276BF5-2D8F-4DF8-B0E2-366070496761}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9AC2CEC4-98D0-4CDD-B6B0-C26CA183B184}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9B18C723-6AC1-4842-A897-3F294F23F551}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9B1B6EEA-4351-4415-89AD-A86171BFAF81}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9B57BF53-396D-41B9-A1FC-31E626FB0F7C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9B92A6A3-0C9F-4EBA-8207-7616853D3A2E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9CD4ACAD-55A2-40C2-981F-73F916C87621}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9CE09D69-563E-4C63-8676-DC49F85A7F03}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9D2E9763-F59B-482B-8FEF-3AE16BBF4067}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9D8126EC-F406-4AF2-A3F3-27D9FD2927D2}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9D9A8E59-E950-4746-8EB1-5CB34FDF1C9A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9D9B3BF4-EF90-4F76-B83E-90EF29761675}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9DB85728-DBA4-4AEA-8C7C-E991D823CBA8}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9E1558E6-8F59-4454-883A-E04E917BDDB7}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9E2640AA-B940-49E2-AA8E-61D6B7517C3F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9E462810-6492-4A82-B5DE-89A03D87131B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9E6FB7F6-5FF5-447E-B163-C15378467A66}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{9F428827-895D-4D39-B66D-332C7B67F68C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A0003CD7-97D1-48BA-865E-30B3CEC75FE6}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A0471C69-1D01-4D23-8794-C1CD624EB2E4}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A04B1740-2419-49C6-8ED8-6A65BF337DA4}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A054A017-4998-446F-96DC-CD9AE340CB94}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A06BC09A-F734-4D03-8DFB-3BE5361E4A24}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A0C2743B-9672-4ED7-B871-D4A4BBF5E7C7}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A0D22872-9A6C-4ABF-92EF-5A256FC42F43}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A0FDA72B-4D04-4526-A36A-0D81D298B2D0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A1366E04-8770-4F33-A0A0-6EAB0276F43B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A1953E61-42A0-4DE1-8B7F-FBD19D5F9C57}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A1A8386D-8CF2-4433-AE47-A60D7B4CC18E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A1D1BE79-7494-430F-B76B-00FB8B286B7A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A20C9DCA-35DC-4781-A814-01412BEF4193}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A342BEE3-B046-4FBE-9ADA-CEC315560D42}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A355A992-48E8-4C98-813D-220330121F8A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A3CE94BC-75D4-4A94-AF15-7DC9ADC0C04C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A4029C28-130A-472E-BDED-7AF180F5C4D0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A4221C27-1A11-42E7-BB57-E7EF50F5DB57}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A443532F-2CAE-4A33-8B9A-6C15EA38C48F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A50C44B9-4E41-4577-BA87-2EA5326A6A03}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A51C578A-B6AB-4995-950B-A6B4042C2367}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A524A783-F51F-4904-AFEF-C562281207C4}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A56ACF5B-F29A-4F63-A38E-C908CB35DE23}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A5935325-12D7-43B9-9A8D-4C659167EF3C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A5A8EFAB-EB67-488E-9E01-52CACF95E529}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A5B806F2-E24B-4138-ACD9-7B48BBAA01C1}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A63AD81C-92DF-4BC8-85FB-6FECB3E26AF0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A6811B01-E498-4060-BF52-9D2F1EA21716}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A7642694-A376-4260-9FEA-1C9376597FD5}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A7E8C6EF-1E31-442B-AADC-E4F58503ABD1}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A80289C1-FE7E-4964-8E36-DC3D0B642229}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A8227975-579A-4B99-99B4-7D42DCC18054}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A856A8B6-F27D-47BD-9978-832B8957140D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A86449A3-3524-46EE-B926-18434689BA9E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A8CEDA12-57B3-45B6-A0FF-7BA077B52913}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A8D804C0-739F-44CD-A447-7A162640954F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A8E05078-F5F1-406F-8EC9-A249DF256A87}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A91B8D18-CC74-4355-BBEB-4AA1713D71CA}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A9D21405-C2BD-4990-A9B1-8B1E9476CCBB}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A9E54B27-ACDA-4221-9A85-D9FE8F7E418C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{A9F35B1E-A480-4BDD-A412-A7F35A6DD8D7}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AA1AD291-63F6-49DC-9073-4270A6727AA0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AABE6027-65BB-4FCC-BE83-2EBB25740B32}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AACF0E1A-3DA4-4B55-8500-29B94EB51337}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AB073E8E-4D12-4B85-B9E4-7C9EFD770653}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AB1DC89C-FA58-4171-A36D-16F0F9879381}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AB6760B9-B9B7-44CD-9F14-7A37B5950DE5}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AB85DE78-24A0-4D03-BF1F-EF7BAC739638}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{ABAC2FFC-5103-4D54-A7DA-0221CFC8DA2F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AC00103E-D89B-487C-8388-AE2B115452B9}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AC53E2DB-6307-4DF4-BE74-70F340024C4E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AC754099-F1E2-4FCB-B832-E0BD293CECFB}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AC9D8E1E-D18B-4198-B367-C0823374CC29}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{ACC884E1-B312-440A-9476-11853742097A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{ACCC6CFD-3334-415E-A709-1C1213D70B43}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{ACD86EA0-D106-47D1-ADB6-6BFE91D9AFE6}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{ACEB5427-295D-4EF4-88C0-BF82B582E3CB}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AD09241F-063D-4499-9001-C80BEAEC03CF}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AD7B68B9-A772-46CF-901A-75B22046F921}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AD8C36DE-9BCE-44FE-913F-549F8C353ADF}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AD8E6AD0-9068-4AAA-9A0A-39EF14982865}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{ADDE70E9-E6C6-4FB5-BBC2-2D1FE248EE1B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AE6533D8-EA1B-47D9-A55D-637816845E3A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AE7C456B-5385-44D7-A38E-04A467A199E5}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AE83728D-46D6-47D5-8DB9-EBBE8835341A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AEBD61C0-6ED0-4403-BFDE-C415FA2115DB}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AEC5F99E-F379-4485-897A-AAE5ABD18749}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AF09F899-9725-4AF4-8D78-5196F5529B7B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AF44F4BB-333F-487E-9B75-021841564FCC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AFAC9C8F-07FC-40F0-BC42-EEF4857E31A9}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AFB4F431-A945-45ED-B056-81C22E37EE95}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{AFECBC3B-CE55-4B43-B178-1BD5ED60CDFE}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B01D069A-F3B1-4FE7-BD1B-6675BBA1BA73}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B021954D-7490-458E-8849-79EBC0D1C9F3}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B1208853-FB0A-4661-91E1-CE6F16F0BC90}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B187C016-EB71-482C-9699-F82F745E9668}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B19FE80F-B70C-4C4A-BC84-4A90600E1DBA}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B1A46724-565A-4EA8-95D9-77BD5F65C93C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B2015BBB-7A59-4BDD-9708-50A308E588AD}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B21C7935-8CC7-4ABC-9B25-3545B028B7FC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B235BBB6-0970-4385-A983-4FD662623A19}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B236F355-227F-45A5-B3A0-556C0FB2BC2A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B23F48BD-C7A4-4ED6-A28D-CFAFE3A2524F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B29A205B-812D-4C73-B1E0-6EFF971F9B08}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B3159B6F-02A9-493E-8A3E-7DD69D6AC573}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B31EA57C-EEA3-4FB8-852D-249573D688CC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B363EA0F-AF06-459E-AD69-A0194F0C9292}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B36E91E0-7C72-492D-B982-C6D506E7DC64}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B39DBAB2-3A04-4FD3-BE6F-BA0B8CB5F78D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B3A2A4E8-46EA-488E-9AA8-E834B244014C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B420664D-3190-4D7A-91BD-F065D5C217B8}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B4823D71-7622-4544-B655-CE0FC96B1029}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B4835E25-8235-4702-B183-C5B2809AFBBF}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B483ACE0-BAD5-48C2-A1F5-BC1A874977D8}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B4EA36B7-3880-4B70-B50C-48F969F81CE3}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B510039C-EC71-47E4-9C74-EEDD1747DF0F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B54FB7D0-CC85-4575-824F-8D4458BDEBAA}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B55297AD-4245-4F56-BDA1-E4E9F967303B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B5E6CBDD-1D2F-4810-A0AE-9048F46A79FD}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B6512A73-42E9-4395-A2E6-D151971DD906}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B6792D59-60BC-4FA1-9AF0-0996710A939F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B6EACCCF-FE9C-4178-9E00-802637AD72C9}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B7BFBB97-BCE2-4352-9C14-D8639882D94B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B84C40F6-1877-4684-BC65-A5B28761EA86}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B8C7C812-3CE7-42E0-A8B0-67D356C0F9B2}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B94BFF17-8FBC-47B7-8EB3-67EC347A5C3C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B993BBC0-8B1A-4F92-B692-A12BDD459E22}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{B99B5924-8EB7-4ABA-86AB-1CC178FFA828}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{BADC3D50-3EC3-4A6A-9DDC-21C6484F02C0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{BAE5C0BD-0C23-466A-9557-F80B39A95889}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{BAF6C92E-2F30-4849-970E-947BB52BC16F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{BB8A426F-B468-4838-BDEB-C8DD8E620B00}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{BB9B4E61-6A2F-4C10-B893-555DC26B1442}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{BBC27667-FEE7-4E5C-BAB2-E64C2C5EB140}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{BC323D45-BA7B-4E25-B57C-E351F85D03C8}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{BCAB382D-76B8-4F22-B8F3-E51E7569AED9}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{BCB342DE-5B74-4182-9364-0A3A0978855F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{BCC6B360-F897-4283-B191-6B51D777F0D6}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{BCD03E53-8BD9-42A1-819C-A62FA5E57614}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{BD180339-4408-4435-B8D1-F465B93AA7A8}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{BD5E2EC9-B468-4B77-B572-ABCDFB244DBA}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{BD757254-B100-4490-B710-D5542429FF5E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{BDB82C5B-D5CB-41B7-9E2A-B49B61E38F93}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{BE53CF84-6484-4595-A400-CD4CAD1D4102}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{BE5C1B84-D9B5-45AD-98AB-37FEFF2AF8DC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{BE6B22F1-A14E-4B14-94D2-242A612B4BFA}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{BE7A3706-642B-430A-A9BE-73FC5CBA775B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{BE95EBB5-AEE6-4CE8-B52E-EF31015C740D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{BEE1DBEF-37FA-46EA-8A7E-0BB529C86B61}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{BF6BE1E8-E322-4F3C-8115-3E8713C4DAA0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{BFF1FA19-04A9-46EE-8A74-A92B5478F068}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C0014BE4-9D93-43A9-B084-C384DC2D7314}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C01B2211-6A35-4783-AB45-8557B7AFBCC4}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C1ECFD48-8793-4B14-B2AB-A4E9EF34AE9A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C21124EE-F06F-45A1-B47B-91F9285A4DDF}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C2243F03-3E8F-4CD3-9BBE-457AC085B005}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C245D10A-3F37-4BCE-9D2C-3E6FF2BC6E3F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C253FF5A-B173-4908-8104-12477117BDCF}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C3323955-C6ED-4A8E-A957-D6F331EC860C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C335A0DC-99A1-47D7-B041-94B9AAB84B2E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C3A365B2-E767-4E2E-B365-22BC8299AE06}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C3ADA01A-4580-4522-9DF9-6C79633D62E0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C3EC4A73-733E-4E6A-9EDF-50330D3AE8BB}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C4160F00-B258-42B0-8B3D-7F9882A6C477}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C429ED55-CAE4-4F04-9BB0-EF847650E637}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C44458AF-BCE8-45DF-9606-DCC51E72244C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C489445A-668F-42F1-8426-7ECB52CA7735}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C4AA86B3-D1B4-42B0-A2D8-10A7168E0AFE}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C4FAD414-60F7-4363-99E3-6437D6D6CC5D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C5BE3FB5-3387-41A4-BFFF-D3CDF1CA6C81}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C609CB1B-032D-4FF7-97DB-7E96EBCBEDD8}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C6218039-59BF-4F17-BC5E-B90A973F3E5E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C71685C4-FC72-4E37-B89C-2E9490E1F293}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C744AE69-A533-448E-AA1C-A213E055C9EA}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C7773A05-80F6-4A16-BA33-9CE1D634CB65}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C8A66A6A-D91B-47B1-8014-DC25A559B65E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C8C86345-1679-40C7-9F10-B822F9BF864B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C8DB3BB7-5E04-4D19-829B-11BF33B8D733}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C94FD365-E660-42FF-97CE-36B00261D45E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C986F4FA-C69E-4C68-8624-EB7885CE996B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C9893F9A-7708-4D6C-B70E-EC98D26F6F84}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{C9BB789D-3B1F-4757-9DD4-D82E6DB9EDD0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CA790864-6611-41FA-AE4A-0ABCD643ED01}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CA859603-BAE0-4569-B469-16231B1AFE25}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CAD013BB-D7FB-4A77-B50D-DB6F513AC130}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CADC830E-FD4F-4F74-AB0A-8652208F61CD}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CAFE1A6C-6D9E-4113-9C3A-835D16CF7192}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CB304829-E7AC-4454-97F3-0BCD98AAE770}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CB591355-E1DC-4EB2-8D7A-E34C939C5FC1}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CBA62076-21ED-483F-BF97-6F574B33A535}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CBDA3789-47A4-43E5-B421-56021D7D2438}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CBF4E2C7-3F9A-426D-8728-39C009066587}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CC3F2654-FFC0-427E-8935-10DDE9776B96}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CC932212-CC75-4590-ABEC-3C7EF6CA6D68}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CCAD20CD-3FD2-40CF-AD0B-9C05E2738290}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CCC264BA-33BE-4240-B881-8E7DE50D41E4}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CD96F5CA-5E7C-45B7-88F0-D07B496BE9AC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CDD46AE8-ADC0-4805-A5E8-B8619768B9E1}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CE54C7BD-8EB4-435C-B4B1-F4D20B1B1221}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CE653796-CE6A-43E5-A6B3-F9E44542E58F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CE7D496D-A5C2-4A9E-A7FA-40C617B97F9E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CEB2D05C-2184-4109-B74A-568167A94FDC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CF3D5259-BD6F-4457-AAA1-EEE6C6791B31}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CF73D32F-8B32-453A-B43B-596A9781095C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CF81EE0B-1B5D-418A-B8FC-9591B7F4798B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CF9FDD06-14EA-4AE7-9098-2C4727F17C94}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CFB9AC2C-9C17-4240-B29A-86AB84103A18}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{CFF79A5E-CD9B-4267-9BA4-DB133111C3BE}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D00078CA-408C-456C-B008-AB9625073511}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D0EAB4B8-E1C1-4896-819A-581B1183F530}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D1D72576-B3DC-4398-8A39-83C35F789AE2}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D238FAED-C023-4D37-A960-ED8DEA807D2F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D2B19063-339D-44C5-9005-710B88B659CE}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D2CE88FC-8E61-4686-8BD1-12188B725C7A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D2E13E54-9A81-45DB-BCC8-9218E560D74D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D334EC9E-D549-4517-B98F-249972FC0227}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D33C3831-8A37-4DFB-BD93-EE8928A979E3}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D3565864-0267-48C6-A197-BC8DCEFABF66}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D3658FFC-F5C1-41DB-93DE-91FAF19C81BB}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D3D4207E-6E4E-4C8C-BC68-D9DD664662B9}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D3F92EAC-5CC8-437F-9AED-BEA8CBD33A89}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D4B03988-DAEC-430C-8048-23E2D190CF9A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D4FCEA88-61DA-463D-B850-5D187A0F71DF}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D5D29E12-C6B8-4238-8AB7-7A15A2DA0122}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D5F2B02C-299B-4BCC-B9DC-B2BA5476F87C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D618EC6B-231F-461F-9083-37DD89D40A6A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D62947C0-32E2-457B-87EF-F87DAE70F548}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D6346310-C4C7-4773-B7A1-64BDF77CCA7D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D67FA995-FA2E-42F0-AE46-A3D15FDB4AD8}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D6B4F425-B20D-4A2E-98CE-3030C020737C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D72C0743-2EBD-4260-BEF2-DBB18695809F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D72EC8E0-65B6-4F8C-AC4D-0EAA2F3383E6}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D7735A64-A3BA-49DF-8700-860DCEF74201}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D7B02A06-B722-4BDA-8F5F-56ACB8A290DA}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D7FC0C28-A1F9-46DE-A78E-8BCF83283A13}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D804A84C-0FD0-48F4-9F73-2AA256172242}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D832898A-3CE1-4F22-8F12-82EF18FF2865}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D919F0FE-1A93-4394-9008-45DCC91BA7E8}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D925BFE3-F658-4C12-9B70-1D4F510FB981}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D957B3E4-1E81-4BC2-B408-97DD4CF58008}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D9B36165-04ED-4842-B2E9-CFAA0A08290C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{D9EB7331-8BA2-401E-B944-BAF422059FC0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{DA8E1703-2CBB-4E36-B047-AFCF9775FB14}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{DB446A00-D0A1-4581-97E2-E587904456A2}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{DBAFCE3A-1728-4394-9008-9ADFAEAECB9D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{DC61A3A4-A687-401F-9D7A-FB53871DD2F7}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{DC6929E5-E69E-474F-8789-2B0D99961EE4}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{DC6FEDAD-8799-4C06-9334-09FF391471B7}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{DCDD78F9-AACA-408B-B091-E5020181B449}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{DD316EC1-056E-4274-A73F-6AC7C7BA6A83}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{DD4E97AE-1C5E-4928-9F5F-F6188DE0A268}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{DD9EC1B5-4B5A-41B3-B8E8-4880E599A4FB}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{DDA6C407-1BF5-48CC-B4B6-C7B736B4B418}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{DDC5B70F-D2B0-4B33-931D-EA7E6B294B0F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{DDD8A1FA-B587-4CC9-9FAA-E5B4FFB00BD3}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{DDF1FB27-024D-437A-A39A-AA682D0D5DDC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{DE69E59A-9CED-491F-93C2-6CCD9AF109FA}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{DE96CC96-B3E3-45C4-B30B-2FBBFFCB528D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{DECBF915-3881-41C5-AD95-28F4A2BF6A2C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{DF0B02C3-DBFF-41A8-ADCF-FC420C8020EF}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{DFB1A154-D223-407B-AAE0-F44791312119}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{DFBA4D2E-0F98-4B29-9F10-21E2BD014E4F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{DFF9240B-E1C0-4122-9556-AD13014F4D86}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E1021314-822B-421B-BCD0-A2395861343A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E17E79A3-406C-4222-AA6D-508D981B1EF8}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E187C3C4-B3D2-4938-B870-60B35A822C45}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E1A3E8F2-9F6B-407E-9D7D-AB499984801D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E2019BF9-BBEC-427B-8221-D791E22559FF}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E2367210-3C58-4152-A8B5-79664E6A79F4}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E2805083-C09D-4D30-BC5A-4AA0F9C25AC4}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E293BD9C-5F61-4720-821B-8FEEFCBFCB1E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E299FF1B-5266-4281-881A-C4392237D178}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E2B9CC94-94E1-459A-8C1A-E6F2578ADE17}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E2FC1F66-F5B3-464A-A05D-6DD776F5E4B1}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E3AE6BFD-7697-482C-A2E6-E8D3FFF5AED5}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E438909C-6D27-47FD-85E0-24BB310565FB}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E4B5D6ED-705C-4961-9459-BEB5900509A7}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E4E2157F-547C-4842-AAD2-D57727D9018C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E4E74990-0FE6-46A1-8BC2-6B55F3AF6939}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E627E323-E88E-4C61-9E1F-B6D13CD45AED}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E66A0002-DED0-4D24-BD0C-05C092296273}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E66B5B02-C3F8-4864-95A6-487D6BF70598}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E671455E-4FD6-4D64-A870-3DED6E6F3885}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E6A54DBE-34D4-4663-BFA1-4A797C8B2393}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E6C0D0A6-0A05-40CA-BF2E-15F2236E7FDA}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E72463AB-1BE2-436C-B59F-0F79B87F20AC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E76BABFF-29BC-4CB4-AD4D-C83A70E86200}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E78D79E0-130B-432F-9D14-90D1610AD862}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E8186BFD-351B-4E1B-8561-1BAE4C8482A2}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E8244F35-4A7F-41F1-B849-F9E55A33472D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E82FDA96-D48B-4783-B66E-33755AB3EDB1}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E8D0ABDE-EE37-4C02-BFF1-F74EAE90F0DC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E929A4D9-441A-4290-B372-A6056A0D1D50}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{E9E47E20-3543-4B5E-98B4-9FF157DAAB6A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{EA467278-9CBB-4D26-8E72-8B948ED1BD91}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{EA83ABDC-2FD4-4615-9A78-9519EC82D8D0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{EB240A4F-EE47-49DA-9976-25506052B08E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{EB3DAD0B-F163-4A08-B508-DA3FDC348C22}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{EB4679BE-B54C-40BA-9AAA-088BCA008206}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{EBB7A05A-B685-42D1-A987-9B97BAA2C233}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{EBE8691F-D74B-4AE2-A26C-CF243EE26A88}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{EC491D2A-D1F6-4514-89B6-6DD3DE9B0D1F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{EC6F68D0-A654-449F-AF4F-61B4100F8B6B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{EC8FB5A4-20C7-4BDF-B8AA-4D1D68A9D77E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{ECAE3158-A351-4039-A61D-0C4879014A28}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{ED2EB56F-6527-408B-9F91-31B78D5CD532}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{EDB27D90-7569-4349-B5CD-CC7ED9664B34}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{EE1E6F5E-FBD0-45D8-B88F-C1AF8B956F81}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{EE5D5407-3BA6-4934-AE73-6B2289A4670D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{EEB120B4-0642-42D7-A6A2-5F3E473223B3}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{EEB1D049-A396-4177-81DC-559800B8673C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{EECB5251-873D-4A05-BD61-8B6C5DC83026}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{EEF2263F-481F-423C-B6D0-4A8970D4733F}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{EF163EB7-717E-428C-9EE8-98BE414A32DB}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{EF450462-1F33-4FB7-A50B-CA70B50AE5A8}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{EF68D81E-C19A-46BC-A12B-3B5D129DA5CD}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{EFA6506D-12E2-4399-A237-556E0E0869A3}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F042E5B6-7F20-49A8-B02D-5BAB3BF61715}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F0BAFB3A-BF01-4378-83D1-64E7FDB5F4EB}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F13E1B95-5E70-4186-A04A-F1E2CBE9F38C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F15D63CB-4978-420A-A2B9-C0B8F45F2C3C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F1B6C117-6EBA-40CB-8B2C-A229D70C29B3}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F1E161C5-7C9A-48A0-8642-603F786FC3E9}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F1FA1246-434A-4416-AA23-4C553E548BBA}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F27B360A-4AC8-4225-8BC3-37F86A9E1132}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F365922D-D7D5-4FC5-9903-1400C5A5C88A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F38757A2-43CA-47D5-BB25-D064214C18A6}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F3BD1DC2-0442-4A43-8EA9-A13AE6EE854A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F3C16D40-6EB8-40E2-AC51-68F457290169}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F3F330E3-8B77-41B6-86DE-C14915DF32C8}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F470A923-84E5-4B31-A95D-7BD413980AB7}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F47F9A7B-94E6-4D89-938B-3ACD28643C07}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F4D08177-3D6D-43E9-946E-4EEB1CB0C13D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F4D9D977-BC96-41E7-889D-35085CC5CFD5}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F52F8DBF-7224-40EA-B103-15FBF40087C4}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F5BE3786-98DB-4FD1-88C4-5EA890A990B4}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F5E54194-F2AB-43E2-8FF5-00219E93C1E5}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F633AE54-CEE3-4E42-9FD9-EF991A58BC31}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F64B68F3-9DD4-450C-963F-1FE98F93AA5D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F652A2E0-FC27-4BA2-9357-4DC1B8B90434}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F6588A7A-BC39-41DA-90ED-AE1B6C97B1BA}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F6728B5A-B8D5-4CAE-8D71-B44C6BF6410A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F716BB4C-6123-451E-90B9-D5F7F544BFCC}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F7E1E05C-4605-4D12-B6B5-DBBAA0804A99}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F8305408-D637-486B-81B4-6E6CE17D6EF9}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F834D4DE-5BDE-4A60-958A-04C26129D122}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F862CEC5-815A-47FB-B9B0-48C4E692C024}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F88B2FD9-2C81-4CB3-810F-D61DC827AA18}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F8B80AB9-2855-442B-96F5-57099ACE25A3}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F8DB0E86-8BF5-4663-8130-EDDECD74C979}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F8F74786-EB5A-45CA-A98A-B6B341145C9E}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F952E9C2-19F0-42C8-A090-881E78F5E166}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F9A8B566-F2AB-421D-909A-EEB182640C90}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F9B8E733-AC3B-4573-9778-35A47339A68D}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{F9BC215B-AB3C-442A-A5AB-D6D32596A3BD}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{FA50835C-06C2-4F84-9715-E6435684BC3A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{FA6F9E7D-40FB-4DA5-BCB4-7F5F9EE4FB63}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{FABFB6D3-C710-4993-B509-F9E9B75FF47B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{FB164421-A9B9-434D-B266-65080A99A9E0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{FB8BFEBD-0F72-4DB0-8F49-27A96757E30B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{FBF21B20-ED23-41BA-8EAC-AD0CB56941A0}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{FC3FD8D7-FFAB-4397-9842-A9F4C6F64A7C}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{FC60B4C5-E9CB-40C3-97B9-0040877EB53A}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{FC6D6D1C-9B8D-42FD-8220-B6EC075F4407}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{FCE585D4-824A-42B6-92C7-79BFF92493B9}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{FD528E76-D279-46AC-B067-3BE9115A6E61}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{FDAA517F-A813-420C-BA10-62A602263A6B}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{FDFEC9AA-43F2-4B3D-B057-DBDCCD123191}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{FE021F08-2475-44E6-B018-701BD6F7A705}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{FE2185C6-F63C-4985-9BBB-14C376998054}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{FE3D61B9-DF45-42B0-9373-1583F1A615BB}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{FE602A02-479B-4162-9FD4-A4A9C5673155}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{FEC3E374-E272-4289-B70B-ADBD40B60999}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{FF0C43BF-882D-4069-A543-CAC0DB912DFF}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{FF387FB7-8E9A-4D30-B0AE-E4D26F4F9397}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{FF43DC98-EB78-4798-8561-3555728E9EA8}
Successfully deleted: [Empty Folder] C:\Users\Darlene\appdata\local\{FFC58F10-754F-409C-A172-6A3DCBD462B5}
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/10/2013 at 14:07:17.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## Cookiegal (Aug 27, 2003)

OK, please delete AdwCleaner by dragging it to the Recycle Bin, download the latest version to your desktop and then run a new scan.

Please download ADWCleaner. Click on the *Download Now* button and save it to your desktop.

Close your browser and double-click on the AdwCleaner icon on your desktop to run the program.

Click on the *Scan* button. It may take several minutes to complete. When it is done click on the *Report* button and copy and paste the log here please.


----------



## ldarlene (Sep 6, 2008)

# AdwCleaner v3.006 - Report created 06/10/2013 at 14:36:50
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Darlene - OURLAPTOP
# Running from : C:\Users\Darlene\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16457

-\\ Google Chrome v24.0.1312.52
[ File : C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************
AdwCleaner[R0].txt - [20409 octets] - [02/10/2013 18:21:54]
AdwCleaner[R1].txt - [20470 octets] - [02/10/2013 18:38:43]
AdwCleaner[R2].txt - [1172 octets] - [02/10/2013 21:58:34]
AdwCleaner[R3].txt - [810 octets] - [06/10/2013 14:36:50]
AdwCleaner[S0].txt - [19231 octets] - [02/10/2013 19:32:41]
AdwCleaner[S1].txt - [1236 octets] - [02/10/2013 22:00:42]
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [990 octets] ##########


----------



## ldarlene (Sep 6, 2008)

sent the adware log. Did you also see the eset log?


----------



## Cookiegal (Aug 27, 2003)

Yes, there were no problems with it.

Are you still having problems with Windows Updates?


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Yes, there were no problems with it.
> 
> Are you still having problems with Windows Updates?


Yes
I had the message that updates were ready to install (1 critical). Clicked on install and it installed successfully. Then I got the message to check for updates. Tried to do this and got an error message.

an error occurred while checking for new updates for your computernot work.

Error Code 80070422
Before I came to this site for help I tried clicking on the get help, there was a 'fix it' program. ran it but it did

Windows update screen tells me
Most recent check for update 22/01/2013 9:31
Updates were installed today at 3:23 pm

the same update has been installed 8 times since the 3rd of October.


----------



## Cookiegal (Aug 27, 2003)

Please download *Farbar Service Scanner* and run it on the computer with the issue.
Make sure the following options are checked:
*Internet Services*
*Windows Firewall*
*Windows Update*
*Security Center*

Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


----------



## ldarlene (Sep 6, 2008)

Farbar Service Scanner Version: 13-09-2013
Ran by Darlene (administrator) on 06-10-2013 at 16:06:48
Running from "C:\Users\Darlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ILH9Z5K0"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy: 
==================

Action Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy: 
============================

Other Services:
==============
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## Cookiegal (Aug 27, 2003)

You need to download these programs to the desktop and not run them from temporary directories.

Please download MiniToolBox, save it to your desktop and run it.

Put a checkmark to select the following options:

Flush DNS
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices
List Users, Partitions and Memory size.
List Minidump Files
Click *Go* and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


----------



## ldarlene (Sep 6, 2008)

MiniToolBox by Farbar Version: 13-07-2013
Ran by Darlene (administrator) on 06-10-2013 at 16:28:12
Running from "C:\Users\Darlene\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ============================== 
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Atheros AR5B125 Wireless Network Adapter = Wireless Network Connection (Connected)
Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

Windows IP Configuration
Host Name . . . . . . . . . . . . : OurLaptop
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 06-27-37-18-51-7A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Atheros AR5B125 Wireless Network Adapter
Physical Address. . . . . . . . . : 64-27-37-18-51-7A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::61e4:f690:78cc:ba89%13(Preferred) 
IPv4 Address. . . . . . . . . . . : 192.168.2.13(Preferred) 
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : October-06-13 3:20:59 PM
Lease Expires . . . . . . . . . . : October-09-13 3:21:04 PM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 425994039
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-8F-8D-06-04-7D-7B-1D-D2-CD
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : A2-LINE.COM
Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 04-7D-7B-1D-D2-CD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.home:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 12:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:833:337b:3f57:fdf2(Preferred) 
Link-local IPv6 Address . . . . . : fe80::833:337b:3f57:fdf2%14(Preferred) 
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: monreseau.home
Address: 192.168.2.1
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 2607:f8b0:4009:805::1004
173.194.46.71
173.194.46.72
173.194.46.65
173.194.46.67
173.194.46.66
173.194.46.78
173.194.46.68
173.194.46.70
173.194.46.64
173.194.46.69
173.194.46.73

Pinging google.com [173.194.46.73] with 32 bytes of data:
Reply from 173.194.46.73: bytes=32 time=30ms TTL=55
Reply from 173.194.46.73: bytes=32 time=28ms TTL=55
Ping statistics for 173.194.46.73:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 28ms, Maximum = 30ms, Average = 29ms
Server: monreseau.home
Address: 192.168.2.1
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 98.139.183.24
206.190.36.45
98.138.253.109

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=48ms TTL=52
Reply from 98.138.253.109: bytes=32 time=51ms TTL=52
Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 48ms, Maximum = 51ms, Average = 49ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...06 27 37 18 51 7a ......Microsoft Virtual WiFi Miniport Adapter
13...64 27 37 18 51 7a ......Atheros AR5B125 Wireless Network Adapter
11...04 7d 7b 1d d2 cd ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.13 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.13 281
192.168.2.13 255.255.255.255 On-link 192.168.2.13 281
192.168.2.255 255.255.255.255 On-link 192.168.2.13 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.13 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.13 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:5ef5:79fd:833:337b:3f57:fdf2/128
On-link
13 281 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::833:337b:3f57:fdf2/128
On-link
13 281 fe80::61e4:f690:78cc:ba89/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (10/06/2013 03:23:46 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
Error: (10/06/2013 03:23:15 PM) (Source: CVHSVC) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
Error: (10/06/2013 03:22:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (10/06/2013 03:21:47 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service depends on the Server service which failed to start because of the following error: 
%%1068
Error: (10/06/2013 03:21:47 PM) (Source: Service Control Manager) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error: 
%%1058
Error: (10/06/2013 03:21:47 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service depends on the Server service which failed to start because of the following error: 
%%1068
Error: (10/06/2013 03:21:47 PM) (Source: Service Control Manager) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error: 
%%1058
Error: (10/06/2013 03:21:36 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service depends on the Server service which failed to start because of the following error: 
%%1068
Error: (10/06/2013 03:21:36 PM) (Source: Service Control Manager) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error: 
%%1058
Error: (10/06/2013 03:21:29 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
Error: (10/06/2013 03:21:29 PM) (Source: Service Control Manager) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error: 
%%1058
Error: (10/06/2013 03:21:29 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
Error: (10/06/2013 03:21:29 PM) (Source: Service Control Manager) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error: 
%%1058

Microsoft Office Sessions:
=========================
Error: (10/06/2013 03:23:46 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed
Error: (10/06/2013 03:23:15 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2
Error: (10/06/2013 03:22:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
Date: 2013-10-04 18:43:58.397
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-04 18:43:58.288
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-04 18:43:58.179
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-04 18:43:58.054
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-03 19:55:41.675
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-03 19:55:41.581
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================
1 Penguin 100 Cases
Acer Backup Manager (Version: 3.0.0.99)
Acer Crystal Eye Webcam (Version: 1.5.2904.00)
Acer ePower Management (Version: 6.00.3008)
Acer eRecovery Management (Version: 5.00.3504)
Acer Games (Version: 1.0.2.5)
Acer Registration (Version: 1.04.3504)
Acer ScreenSaver (Version: 1.1.0517.2011)
Acer Updater (Version: 1.02.3502)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)
Adobe Reader X (10.1.8) MUI (Version: 10.1.8)
Agatha Christie - Death on the Nile (Version: 2.2.0.98)
Agatha Christie: Dead Man's Folly
Alcor Micro USB Card Reader (Version: 1.2.42.68439)
Amazing Adventures: The Lost Tomb
Antique Mysteries: Secrets of Howard's Mansion
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Arizona Rose and the Pirates' Riddles
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.1.42)
avast! Free Antivirus (Version: 8.0.1497.0)
Avenue Flo(TM)
Avenue Flo(TM) - Special Delivery
Avenue Flo: Special Delivery
Backup Manager V3 (Version: 3.0.0.99)
BE Downloadable Edition
BE Downloadable Edition (Version: 1.1)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Big City Adventure: London Story
Big Fish Games: Game Manager (Version: 3.0.1.60)
Bonjour (Version: 3.0.0.10)
Brain Challenge
Build-a-lot 4 - Power Source (Version: 2.2.0.97)
Castle: Never Judge a Book by Its Cover
Chronicles of Albian (Version: 2.2.0.95)
Chuzzle Deluxe (Version: 2.2.0.95)
City of Fools
City of Secrets
clear.fi (Version: 1.0.1517_36458)
clear.fi (Version: 1.0.2024.00)
clear.fi (Version: 9.0.8026)
clear.fi Client (Version: 1.00.3500)
Clutter II: He Said, She Said
Contrôle ActiveX Windows Live Mesh pour connexions à distance (Version: 15.4.5722.2)
Cook'n
Cook'n Recipe Browser
Cradle of Rome 2 (Version: 2.2.0.95)
Crazy Machines
Cute Knight
D3DX10 (Version: 15.4.2368.0902)
Detective Quest: The Crystal Slipper
Dora's World Adventure (Version: 2.2.0.95)
Dream Chronicles: The Book of Air
eBay Worldwide (Version: 2.2.0409)
Efficient Diary Pro 3.0
Emerald City Confidential
Escape the Emerald Star
Escape the Museum
ESET Online Scanner v3
e-Sword (Version: 10.01.0000)
Evernote v. 4.5.1 (Version: 4.5.1.5451)
Everyday Jigsaw
eXtreme Movie Manager 7.2.3.6 - Full Install!
EZDownloader (Version: 1.0)
FATE: The Cursed King (Version: 2.2.0.97)
Fierce Tales: The Dog's Heart
Fierce Tales: The Dog's Heart Collector's Edition
Files Opened (Version: 1.0)
Final Cut: Death on the Silver Screen
Final Drive: Nitro (Version: 2.2.0.95)
Fooz Kids (Version: 3.0.8)
Fooz Kids Platform (Version: 2.1)
Forgotten Riddles - The Mayan Princess
Found: A Hidden Object Adventure - Free to Play
Freddi Fish(R) 5 The Case of The Creature of Coral Cove
Free DWG Viewer 7.1 (Version: 7.1)
Free FreeCell Solitaire 2012 v2.1
Galerie de photos Windows Live (Version: 15.4.3502.0922)
GoodSync (Version: 9.4.8.8)
Google Chrome (Version: 24.0.1312.52)
Google Earth (Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Governor of Poker 2 Premium Edition (Version: 2.2.0.95)
Identity Card (Version: 1.00.3501)
Inspector Parker
Intel(R) Control Center (Version: 1.2.1.1007)
Intel(R) Management Engine Components (Version: 6.0.0.1179)
Intel(R) Processor Graphics (Version: 8.15.10.2342)
Intel(R) Rapid Storage Technology (Version: 10.0.0.1046)
iSEEK AnswerWorks English Runtime (Version: 010.000.0101)
iTunes (Version: 11.0.1.12)
iTunes (Version: 11.0.2.26)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.0 (Version: 2.1.0)
Jewel Match 3 (Version: 2.2.0.97)
Jodie Drake and the World in Peril
Journey: The Heart of Gaia
Junk Mail filter update (Version: 15.4.3502.0922)
Kobo (Version: 3.0.4)
KraiSoft Games Launcher
Kuros
Launch Manager (Version: 5.1.2)
Legends of the Wild West: Golden Hill
Living Cookbook 2013 (Version: 4.0.28)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.5131.5000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Murder, She Wrote
Murder, She Wrote 2: Return to Cabot Cove
Mushroom Age
My digital Diary 3.2b (Version: 3.2b)
Mystery of Mortlake Mansion (Version: 2.2.0.98)
Mystery P.I.: The Curious Case of Counterfeit Cove
Mystery Trackers: Raincliff
MyWinLocker (Version: 4.0.14.27)
MyWinLocker 4 (Version: 4.0.14.27)
MyWinLocker Suite (Version: 4.0.14.19)
Nancy Drew(R) - Phantom of Venice
Nancy Drew: The Final Scene
newsXpresso (Version: 1.0.0.40)
NTI Media Maker 9 (Version: 9.0.2.9002)
NutriBase 5 Plus v.5.17
NutriBase Palm
Palm Desktop (Version: 4.1.0300)
Penguins! (Version: 2.2.0.95)
Picasa 3 (Version: 3.9)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.97)
Polar Golfer (Version: 2.2.0.95)
Puppetshow: Return to Joyville
Quicken 2012 (Version: 21.1.2.14)
QuickTime (Version: 7.74.80.86)
RealMYST
Realtek High Definition Audio Driver (Version: 6.0.1.6324)
RoboForm 7-8-9-5 (All Users) (Version: 7-8-9-5)
Royal Trouble
Shredder (Version: 2.0.8.9)
Skype Click to Call (Version: 6.11.13348)
Skype 5.10 (Version: 5.10.116)
SmartDraw 2014
SmartPCFixer 4.2 (Version: 4.2)
SSC Service Utility v4.30
Strange Cases: The Secrets of Grey Mist Lake
Syberia - Part 1
Synaptics Pointing Device Driver (Version: 15.1.18.0)
Tesla's Tower: The Wardenclyffe Mystery
The Great Unknown: Houdini's Castle
The Legend of Sleepy Hollow: Jar of Marbles III - Free to Play
The Secret of Margrave Manor
The Surprising Adventures of Munchausen
The Tiny Bang Story
Torchlight (Version: 2.2.0.97)
Triazzle Island
Unfinished Tales: Illicit Love
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update Installer for WildTangent Games App
Vault Cracker
Virtual Villagers 5 - New Believers (Version: 2.2.0.97)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
Welcome Center (Version: 1.02.3504)
WildTangent Games App (Version: 4.0.10.2)
Windows Live (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
World of Goo
Zoo Vet 2: Endangered Animals
Zuma's Revenge (Version: 2.2.0.97)
========================= Devices: ================================

========================= Memory info: ===================================
Percentage of memory in use: 36%
Total physical RAM: 3766.81 MB
Available physical RAM: 2399.57 MB
Total Pagefile: 7531.82 MB
Available Pagefile: 6097.71 MB
Total Virtual: 4095.88 MB
Available Virtual: 3973.9 MB
========================= Partitions: =====================================
1 Drive c: (Acer) (Fixed) (Total:281.99 GB) (Free:212.74 GB) NTFS
========================= Users: ========================================
User accounts for \\OURLAPTOP
Administrator Darlene Guest 
Terry 
========================= Minidump Files ==================================
No minidump file found

**** End of log ****


----------



## Cookiegal (Aug 27, 2003)

Please download *RogueKiller* by Tigzy and save it to your desktop.
Allow the download if prompted by your security software and please close all your other browser windows.
Double-click *RogueKiller.exe* to run it.
If it does not run, please try a few times, If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com
Wait for *PreScan* to finish, Then Accept the EULA.
Click on the *Scan* button in the upper right. Wait for it to finish.
Once completed, a log called *RKreport[1].txt* will be created on the desktop. It can also be accessed via the *Report* button.
Please copy and paste the contents of that log in your next reply.
When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click *Yes*.


----------



## ldarlene (Sep 6, 2008)

Did we run this way back near the beginning? here is todays scan.

RogueKiller V8.7.1 [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Darlene [Admin rights]
Mode : Scan -- Date : 10/06/2013 18:16:43
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job : C:\Users\Darlene\AppData\Local\Temp\Fixit\DeleteAclKey.bat [-] -> FOUND
[V2][SUSP PATH] FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051 : C:\Users\Darlene\AppData\Local\Temp\Fixit\DeleteAclKey.bat [-] -> FOUND
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD3200BPVT-22JJ5T0 +++++
--- User ---
[MBR] f95aeb345eb1da949fbe213e0fb68d8f
[BSP] 62893ea9c498ef389fd93d055e0d8c00 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16384 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 33556480 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 33761280 | Size: 288759 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_10062013_181643.txt >>
RKreport[0]_D_10012013_040030.txt;RKreport[0]_S_10012013_035701.txt;RKreport[0]_S_10012013_041356.txt


----------



## Cookiegal (Aug 27, 2003)

Sorry, I didn't think we had.

Is this the MS Fix It that you ran?

http://support.microsoft.com/mats/windows_update/

Try running it again as the things we've done might make a difference this time.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Sorry, I didn't think we had.
> 
> Is this the MS Fix It that you ran?
> 
> ...


Looks like the same one. It's conclusion.. did not find any problems therefore no fixes were applied.
And it still wants to install the same update that has been installed many times.


----------



## Cookiegal (Aug 27, 2003)

What is the number of that update?


----------



## ldarlene (Sep 6, 2008)

KB2813170 first time June 24(I think)

previous updates that installed many times
KB2676562 looks like first time might have been June 20th... many times since
KB2872339 Oct 1 and 2 several times

I went way back in the update history. As far back as 16th or Aug 2012 I have been getting multiple successful updates of the same update... first one was MSe kb2310138


----------



## Cookiegal (Aug 27, 2003)

There is something that needs to be fixed with FRST. Please delete FRST and redownload the latest version.

Please download FRST (Farbar Recovery Scan Tool) and save it to your desktop.

*Note*: You need to run the version that's compatible with your system (32-bit or 64-bit).


Double-click FRST to run it. When the tool opens click *Yes* to the disclaimer.
Press the *Scan* button.
It will make a log named (*FRST.txt*) in the same directory the tool is run (which should be on the desktop). Please copy and paste the contents of the log in your reply.
The first time the tool is run it makes a second log named (*Addition.txt*). Please copy and paste the contents of that log as well.


----------



## Cookiegal (Aug 27, 2003)

You can also try running the System Updated Readiness Tool:

http://windows.microsoft.com/en-ca/windows7/what-is-the-system-update-readiness-tool

Make sure you download the correct version which is Windows 7 (64-bit).


----------



## ldarlene (Sep 6, 2008)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Darlene (administrator) on OURLAPTOP on 06-10-2013 20:11:18
Running from C:\Users\Darlene\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Guest\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2013-06-25] (Siber Systems)
HKU\Terry.OURLAPTOP\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2013-06-25] (Siber Systems)
HKU\Terry.OURLAPTOP\...\Run: [SearchProtect] - C:\Users\Terry.OURLAPTOP\AppData\Roaming\SearchProtect\bin\cltmng.exe
BootExecute: autocheck autochk * bootdelete
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Docs) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Skype Click to Call) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (Gmail) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [aaaanoehjhfnnichccofiabhckegmaaj] - C:\Users\Darlene\AppData\Local\APN\GoogleCRXs\aaaanoehjhfnnichccofiabhckegmaaj_7.15.4.0.crx
CHR HKLM-x32\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Darlene\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Darlene\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S4 GsServer; C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [5802128 2013-04-02] ()
S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
S3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
==================== Drivers (Whitelisted) ====================
S3 AceecaUSBDx64; C:\Windows\System32\DRIVERS\AceecaUSBDx64.sys [66552 2012-10-18] (PalmSource, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2013-10-01] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-10-06 20:10 - 2013-10-06 20:10 - 01954124 _____ (Farbar) C:\Users\Darlene\Desktop\FRST64.exe
2013-10-06 18:16 - 2013-10-06 18:16 - 00002118 _____ C:\Users\Darlene\Desktop\RKreport[0]_S_10062013_181643.txt
2013-10-06 18:12 - 2013-10-06 18:12 - 00950272 _____ C:\Users\Darlene\Desktop\RogueKiller.exe
2013-10-06 16:28 - 2013-10-06 16:28 - 00028422 _____ C:\Users\Darlene\Desktop\Result.txt
2013-10-06 16:26 - 2013-10-06 16:26 - 00760937 _____ (Farbar) C:\Users\Darlene\Desktop\MiniToolBox.exe
2013-10-06 16:06 - 2013-10-06 16:06 - 00001897 _____ C:\Users\Darlene\Desktop\FSS.txt
2013-10-06 14:36 - 2013-10-06 14:36 - 01045226 _____ C:\Users\Darlene\Desktop\AdwCleaner.exe
2013-10-06 14:07 - 2013-10-06 14:07 - 00102054 _____ C:\Users\Darlene\Desktop\JRT.txt
2013-10-06 13:56 - 2013-10-06 13:56 - 00000000 ____D C:\Windows\ERUNT
2013-10-05 22:52 - 2013-10-05 22:52 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-05 12:42 - 2013-10-05 12:42 - 00000826 _____ C:\Users\Darlene\Desktop\SystemLook.txt
2013-10-05 12:35 - 2013-10-05 12:35 - 00096256 _____ C:\Users\Darlene\Desktop\SystemLook_x64.exe
2013-10-05 10:50 - 2013-10-05 10:52 - 00507227 _____ C:\Users\Darlene\Desktop\avgremover.log
2013-10-05 10:49 - 2013-10-05 10:49 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Darlene\Desktop\avg_remover_stf_x64_2014_4116.exe
2013-10-05 10:44 - 2013-10-05 11:44 - 00000358 _____ C:\Windows\Tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job
2013-10-05 10:44 - 2013-10-05 10:45 - 00002790 _____ C:\Windows\System32\Tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051
2013-10-05 10:44 - 2013-10-05 10:44 - 00013780 _____ C:\FixitRegBackup.reg
2013-10-04 19:28 - 2013-10-04 19:28 - 00063670 _____ C:\Users\Darlene\Desktop\Extras.Txt
2013-10-04 19:24 - 2013-10-05 11:10 - 00119304 _____ C:\Users\Darlene\Desktop\OTL.Txt
2013-10-04 19:13 - 2013-10-04 19:13 - 00602112 _____ (OldTimer Tools) C:\Users\Darlene\Desktop\OTL.exe
2013-10-04 18:53 - 2013-10-04 18:53 - 00021343 _____ C:\ComboFix.txt
2013-10-04 16:20 - 2013-10-04 14:07 - 05130782 ____R (Swearware) C:\Users\Darlene\Desktop\ComboFix.exe
2013-10-04 13:20 - 2013-10-04 13:20 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-10-04 13:19 - 2013-10-04 13:20 - 04009167 _____ C:\Users\Darlene\Desktop\ServicesRepair.exe
2013-10-04 09:00 - 2013-10-05 10:51 - 00002490 _____ C:\Windows\PFRO.log
2013-10-03 23:03 - 2013-10-03 23:03 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-03 23:03 - 2013-10-03 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-03 23:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-03 19:39 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-03 19:39 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-03 19:39 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-03 19:39 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-03 19:39 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-03 19:39 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-03 19:39 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-03 19:39 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-03 19:37 - 2013-10-04 18:53 - 00000000 ____D C:\Qoobox
2013-10-03 19:37 - 2013-10-04 18:44 - 00000000 ____D C:\Windows\erdnt
2013-10-03 19:36 - 2013-10-04 14:07 - 05130782 ____R (Swearware) C:\Users\Darlene\Downloads\ComboFix.exe
2013-10-02 18:21 - 2013-10-06 14:37 - 00000000 ____D C:\AdwCleaner
2013-10-02 15:39 - 2013-10-02 15:40 - 00028966 _____ C:\Users\Darlene\Downloads\Addition.txt
2013-10-02 15:35 - 2013-10-02 15:35 - 00000000 ____D C:\FRST
2013-10-02 14:04 - 2013-10-02 14:05 - 00275181 _____ C:\Users\Darlene\Downloads\WindowsUpdateDiagnostic (1).diagcab
2013-10-02 09:37 - 2013-10-02 09:37 - 00985600 _____ C:\Users\Darlene\Downloads\MicrosoftFixit50123 (2).msi
2013-10-01 17:50 - 2013-10-01 17:50 - 00985600 _____ C:\Users\Darlene\Downloads\MicrosoftFixit50123 (1).msi
2013-10-01 16:14 - 2013-10-01 16:14 - 00275181 _____ C:\Users\Darlene\Downloads\WindowsUpdateDiagnostic.diagcab
2013-10-01 15:33 - 2013-10-01 15:45 - 00000000 ____D C:\Windows\system32\MRT
2013-10-01 14:20 - 2013-10-01 14:20 - 00003094 _____ C:\Users\Darlene\Documents\.reg
2013-10-01 04:37 - 2013-10-01 04:37 - 00032512 ____H C:\Windows\system32\Drivers\hitmanpro37.sys
2013-10-01 04:36 - 2013-10-01 04:36 - 00011118 _____ C:\Windows\system32\.crusader
2013-10-01 04:16 - 2013-10-01 04:36 - 00000000 ____D C:\ProgramData\HitmanPro
2013-10-01 04:13 - 2013-10-01 04:13 - 00001495 _____ C:\Users\Darlene\Desktop\RKreport[0]_S_10012013_041356.txt
2013-10-01 04:00 - 2013-10-01 04:00 - 00006256 _____ C:\Users\Darlene\Desktop\RKreport[0]_D_10012013_040030.txt
2013-10-01 03:57 - 2013-10-01 03:57 - 00004455 _____ C:\Users\Darlene\Desktop\RKreport[0]_S_10012013_035701.txt
2013-10-01 03:54 - 2013-10-06 18:12 - 00000000 ____D C:\Users\Darlene\Desktop\RK_Quarantine
2013-10-01 00:01 - 2013-10-01 00:04 - 00006520 _____ C:\Users\Darlene\Desktop\Rkill.txt
2013-10-01 00:01 - 2013-10-01 00:01 - 00000000 ____D C:\Users\Darlene\Desktop\rkill
2013-09-30 23:57 - 2013-09-30 23:57 - 00000805 _____ C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Internet Security.lnk
2013-09-30 23:57 - 2013-09-30 23:57 - 00000097 _____ C:\Users\Darlene\AppData\Roaming\avbase.dat
2013-09-30 18:08 - 2013-10-06 15:21 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-30 18:08 - 2013-10-04 18:24 - 00002075 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-30 18:08 - 2013-09-30 18:08 - 00000000 ____H C:\Windows\SysWOW64\config.nt
2013-09-30 18:08 - 2013-08-30 03:48 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-30 18:08 - 2013-08-30 03:48 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-30 18:08 - 2013-08-30 03:48 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-30 18:08 - 2013-08-30 03:48 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-30 18:08 - 2013-08-30 03:48 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-30 18:08 - 2013-08-30 03:48 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-30 18:08 - 2013-08-30 03:48 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-30 18:08 - 2013-08-30 03:48 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-30 18:08 - 2013-08-30 03:47 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-09-30 18:07 - 2013-09-30 18:07 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-30 18:07 - 2013-08-30 03:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-30 18:06 - 2013-09-30 18:07 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-30 07:31 - 2013-09-30 07:31 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{4D549AA8-9609-44B2-9A11-C76D47BC7631}
2013-09-29 22:55 - 2013-09-29 22:55 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-09-26 12:01 - 2013-10-04 15:17 - 00015965 _____ C:\Users\Darlene\Documents\Currentbills2013-2014.xlsx
2013-09-26 11:21 - 2013-09-26 11:21 - 00010484 _____ C:\Users\Darlene\Documents\Book3.xlsx
2013-09-23 19:14 - 2013-09-23 19:14 - 00000000 ____D C:\MATS
2013-09-23 11:02 - 2013-09-23 11:02 - 01565744 _____ C:\Users\Darlene\Downloads\AVG_Remover_en.exe
2013-09-23 09:40 - 2013-09-23 09:40 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-23 09:38 - 2013-09-23 09:39 - 78407592 _____ (AVG) C:\Users\Darlene\Downloads\avg_tuh_stf_all_2014_146_24c4(1).exe
2013-09-23 09:31 - 2013-09-23 09:32 - 78407592 _____ (AVG) C:\Users\Darlene\Downloads\avg_tuh_stf_all_2014_146_24c4.exe
2013-09-22 20:36 - 2013-09-22 20:36 - 209715200 _____ C:\Users\Darlene\Documents\Data Safe.avgfv
2013-09-22 20:31 - 2013-09-22 20:31 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-09-22 19:40 - 2013-09-22 19:40 - 00910992 _____ (Symantec Corporation) C:\Users\Darlene\Downloads\AutoDetectPkg(1).exe
2013-09-22 19:12 - 2013-09-22 19:12 - 00985600 _____ C:\Users\Darlene\Downloads\MicrosoftFixit50123.msi
2013-09-22 05:41 - 2013-09-22 05:41 - 00000000 ____D C:\Users\Darlene\AppData\Local\avgchrome
2013-09-20 22:19 - 2013-09-20 22:19 - 00000000 ____D C:\Users\Darlene\AppData\Local\Mozilla
2013-09-20 22:19 - 2013-09-20 22:19 - 00000000 ____D C:\ProgramData\Mozilla
2013-09-20 22:18 - 2013-10-02 19:33 - 00000601 _____ C:\Users\Darlene\Desktop\Search.lnk
2013-09-20 22:18 - 2013-09-23 11:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-20 22:18 - 2013-09-20 22:18 - 22404568 _____ (Mozilla) C:\Users\Darlene\Downloads\Firefox_Setup [1].exe
2013-09-20 11:16 - 2013-09-20 11:16 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{E4A54E6A-A62E-4F52-B555-D764A2894CEA}
2013-09-18 13:43 - 2013-09-18 13:44 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{C5C33947-A5D5-4E0F-8B5A-CC7FFD6059AF}
2013-09-15 09:14 - 2013-09-15 09:15 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{5FEACF98-042A-4A9C-9338-076D30EC2428}
2013-09-09 16:55 - 2013-09-09 16:55 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{A1D86197-73AA-4412-AC12-F79EB9DD4B2B}
2013-09-09 00:49 - 2013-09-08 16:27 - 00001050 _____ C:\Users\Darlene\Desktop\Free FreeCell Solitaire.lnk
2013-09-08 16:28 - 2013-09-08 16:28 - 00000000 ____D C:\ProgramData\TreeCardGames
2013-09-08 16:27 - 2013-09-08 16:27 - 00001038 _____ C:\Users\Public\Desktop\Free FreeCell Solitaire.lnk
2013-09-08 16:27 - 2013-09-08 16:27 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\TreeCardGames
2013-09-08 16:27 - 2013-09-08 16:27 - 00000000 ____D C:\Program Files (x86)\Free FreeCell Solitaire
==================== One Month Modified Files and Folders =======
2013-10-06 20:10 - 2013-10-06 20:10 - 01954124 _____ (Farbar) C:\Users\Darlene\Desktop\FRST64.exe
2013-10-06 19:56 - 2012-05-27 16:43 - 00000830 ____H C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-06 19:46 - 2012-11-16 11:26 - 00000900 ____H C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-06 18:51 - 2011-12-30 11:14 - 01432792 _____ C:\Windows\WindowsUpdate.log
2013-10-06 18:16 - 2013-10-06 18:16 - 00002118 _____ C:\Users\Darlene\Desktop\RKreport[0]_S_10062013_181643.txt
2013-10-06 18:12 - 2013-10-06 18:12 - 00950272 _____ C:\Users\Darlene\Desktop\RogueKiller.exe
2013-10-06 18:12 - 2013-10-01 03:54 - 00000000 ____D C:\Users\Darlene\Desktop\RK_Quarantine
2013-10-06 16:28 - 2013-10-06 16:28 - 00028422 _____ C:\Users\Darlene\Desktop\Result.txt
2013-10-06 16:26 - 2013-10-06 16:26 - 00760937 _____ (Farbar) C:\Users\Darlene\Desktop\MiniToolBox.exe
2013-10-06 16:06 - 2013-10-06 16:06 - 00001897 _____ C:\Users\Darlene\Desktop\FSS.txt
2013-10-06 15:28 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-06 15:28 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-06 15:21 - 2013-09-30 18:08 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-10-06 15:21 - 2013-02-07 16:47 - 00000476 ____H C:\Windows\Tasks\SDMsgUpdate (TE).job
2013-10-06 15:21 - 2012-11-16 11:26 - 00000896 ____H C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-06 15:21 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-06 15:20 - 2009-07-14 00:51 - 00098659 ____H C:\Windows\setupact.log
2013-10-06 14:37 - 2013-10-02 18:21 - 00000000 ____D C:\AdwCleaner
2013-10-06 14:36 - 2013-10-06 14:36 - 01045226 _____ C:\Users\Darlene\Desktop\AdwCleaner.exe
2013-10-06 14:07 - 2013-10-06 14:07 - 00102054 _____ C:\Users\Darlene\Desktop\JRT.txt
2013-10-06 13:56 - 2013-10-06 13:56 - 00000000 ____D C:\Windows\ERUNT
2013-10-05 22:52 - 2013-10-05 22:52 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-05 12:42 - 2013-10-05 12:42 - 00000826 _____ C:\Users\Darlene\Desktop\SystemLook.txt
2013-10-05 12:35 - 2013-10-05 12:35 - 00096256 _____ C:\Users\Darlene\Desktop\SystemLook_x64.exe
2013-10-05 11:44 - 2013-10-05 10:44 - 00000358 _____ C:\Windows\Tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job
2013-10-05 11:10 - 2013-10-04 19:24 - 00119304 _____ C:\Users\Darlene\Desktop\OTL.Txt
2013-10-05 10:52 - 2013-10-05 10:50 - 00507227 _____ C:\Users\Darlene\Desktop\avgremover.log
2013-10-05 10:51 - 2013-10-04 09:00 - 00002490 _____ C:\Windows\PFRO.log
2013-10-05 10:49 - 2013-10-05 10:49 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Darlene\Desktop\avg_remover_stf_x64_2014_4116.exe
2013-10-05 10:45 - 2013-10-05 10:44 - 00002790 _____ C:\Windows\System32\Tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051
2013-10-05 10:44 - 2013-10-05 10:44 - 00013780 _____ C:\FixitRegBackup.reg
2013-10-04 19:28 - 2013-10-04 19:28 - 00063670 _____ C:\Users\Darlene\Desktop\Extras.Txt
2013-10-04 19:13 - 2013-10-04 19:13 - 00602112 _____ (OldTimer Tools) C:\Users\Darlene\Desktop\OTL.exe
2013-10-04 18:54 - 2012-05-30 22:22 - 00003498 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2013-10-04 18:53 - 2013-10-04 18:53 - 00021343 _____ C:\ComboFix.txt
2013-10-04 18:53 - 2013-10-03 19:37 - 00000000 ____D C:\Qoobox
2013-10-04 18:46 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2013-10-04 18:45 - 2009-07-13 22:34 - 66060288 _____ C:\Windows\system32\config\software.bak
2013-10-04 18:45 - 2009-07-13 22:34 - 21757952 _____ C:\Windows\system32\config\system.bak
2013-10-04 18:45 - 2009-07-13 22:34 - 00524288 _____ C:\Windows\system32\config\default.bak
2013-10-04 18:45 - 2009-07-13 22:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-10-04 18:45 - 2009-07-13 22:34 - 00028672 _____ C:\Windows\system32\config\security.bak
2013-10-04 18:44 - 2013-10-03 19:37 - 00000000 ____D C:\Windows\erdnt
2013-10-04 18:24 - 2013-09-30 18:08 - 00002075 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-04 16:23 - 2012-06-14 21:49 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\SoftGrid Client
2013-10-04 15:17 - 2013-09-26 12:01 - 00015965 _____ C:\Users\Darlene\Documents\Currentbills2013-2014.xlsx
2013-10-04 14:07 - 2013-10-04 16:20 - 05130782 ____R (Swearware) C:\Users\Darlene\Desktop\ComboFix.exe
2013-10-04 14:07 - 2013-10-03 19:36 - 05130782 ____R (Swearware) C:\Users\Darlene\Downloads\ComboFix.exe
2013-10-04 13:20 - 2013-10-04 13:20 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-10-04 13:20 - 2013-10-04 13:19 - 04009167 _____ C:\Users\Darlene\Desktop\ServicesRepair.exe
2013-10-03 23:03 - 2013-10-03 23:03 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-03 23:03 - 2013-10-03 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-03 20:01 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
2013-10-03 19:37 - 2009-07-14 01:08 - 00032570 ____H C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-02 19:33 - 2013-09-20 22:18 - 00000601 _____ C:\Users\Darlene\Desktop\Search.lnk
2013-10-02 15:40 - 2013-10-02 15:39 - 00028966 _____ C:\Users\Darlene\Downloads\Addition.txt
2013-10-02 15:35 - 2013-10-02 15:35 - 00000000 ____D C:\FRST
2013-10-02 14:05 - 2013-10-02 14:04 - 00275181 _____ C:\Users\Darlene\Downloads\WindowsUpdateDiagnostic (1).diagcab
2013-10-02 09:37 - 2013-10-02 09:37 - 00985600 _____ C:\Users\Darlene\Downloads\MicrosoftFixit50123 (2).msi
2013-10-01 21:03 - 2012-05-17 23:01 - 00803792 ____H C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-01 17:50 - 2013-10-01 17:50 - 00985600 _____ C:\Users\Darlene\Downloads\MicrosoftFixit50123 (1).msi
2013-10-01 17:46 - 2012-06-12 15:46 - 00000000 ____D C:\Users\Darlene
2013-10-01 17:45 - 2012-07-06 07:56 - 00000000 ____D C:\Users\Guest
2013-10-01 17:45 - 2012-06-12 15:46 - 00000000 ____D C:\Users\Darlene\AppData\Local\PowerCinema
2013-10-01 17:45 - 2012-06-12 15:41 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\PowerCinema
2013-10-01 17:45 - 2012-06-12 15:41 - 00000000 ____D C:\Users\Terry.OURLAPTOP
2013-10-01 17:45 - 2012-05-17 23:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-10-01 17:45 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\registration
2013-10-01 16:14 - 2013-10-01 16:14 - 00275181 _____ C:\Users\Darlene\Downloads\WindowsUpdateDiagnostic.diagcab
2013-10-01 15:53 - 2009-07-14 01:13 - 00801466 ____H C:\Windows\system32\PerfStringBackup.INI
2013-10-01 15:45 - 2013-10-01 15:33 - 00000000 ____D C:\Windows\system32\MRT
2013-10-01 14:20 - 2013-10-01 14:20 - 00003094 _____ C:\Users\Darlene\Documents\.reg
2013-10-01 04:37 - 2013-10-01 04:37 - 00032512 ____H C:\Windows\system32\Drivers\hitmanpro37.sys
2013-10-01 04:36 - 2013-10-01 04:36 - 00011118 _____ C:\Windows\system32\.crusader
2013-10-01 04:36 - 2013-10-01 04:16 - 00000000 ____D C:\ProgramData\HitmanPro
2013-10-01 04:13 - 2013-10-01 04:13 - 00001495 _____ C:\Users\Darlene\Desktop\RKreport[0]_S_10012013_041356.txt
2013-10-01 04:00 - 2013-10-01 04:00 - 00006256 _____ C:\Users\Darlene\Desktop\RKreport[0]_D_10012013_040030.txt
2013-10-01 03:57 - 2013-10-01 03:57 - 00004455 _____ C:\Users\Darlene\Desktop\RKreport[0]_S_10012013_035701.txt
2013-10-01 00:04 - 2013-10-01 00:01 - 00006520 _____ C:\Users\Darlene\Desktop\Rkill.txt
2013-10-01 00:01 - 2013-10-01 00:01 - 00000000 ____D C:\Users\Darlene\Desktop\rkill
2013-09-30 23:57 - 2013-09-30 23:57 - 00000805 _____ C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Internet Security.lnk
2013-09-30 23:57 - 2013-09-30 23:57 - 00000097 _____ C:\Users\Darlene\AppData\Roaming\avbase.dat
2013-09-30 23:08 - 2012-07-16 23:31 - 00002186 _____ C:\Windows\epplauncher.mif
2013-09-30 20:16 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-30 20:16 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\AppCompat
2013-09-30 18:08 - 2013-09-30 18:08 - 00000000 ____H C:\Windows\SysWOW64\config.nt
2013-09-30 18:07 - 2013-09-30 18:07 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-30 18:07 - 2013-09-30 18:06 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-30 07:31 - 2013-09-30 07:31 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{4D549AA8-9609-44B2-9A11-C76D47BC7631}
2013-09-29 22:55 - 2013-09-29 22:55 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-09-26 12:15 - 2012-12-18 13:19 - 00016468 _____ C:\Users\Darlene\Documents\bills2013.xlsx
2013-09-26 11:21 - 2013-09-26 11:21 - 00010484 _____ C:\Users\Darlene\Documents\Book3.xlsx
2013-09-26 11:21 - 2013-07-22 17:00 - 00012978 _____ C:\Users\Darlene\Documents\billsbackpage2013July.xlsx
2013-09-23 19:36 - 2013-01-22 16:48 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Softarama
2013-09-23 19:31 - 2011-10-13 11:17 - 00000000 ____D C:\ProgramData\McAfee
2013-09-23 19:25 - 2013-01-22 18:09 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-09-23 19:24 - 2013-02-06 18:08 - 00000000 ____D C:\Program Files\McAfee
2013-09-23 19:14 - 2013-09-23 19:14 - 00000000 ____D C:\MATS
2013-09-23 11:12 - 2013-09-20 22:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-23 11:12 - 2012-11-13 02:01 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Mozilla
2013-09-23 11:02 - 2013-09-23 11:02 - 01565744 _____ C:\Users\Darlene\Downloads\AVG_Remover_en.exe
2013-09-23 09:40 - 2013-09-23 09:40 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-23 09:39 - 2013-09-23 09:38 - 78407592 _____ (AVG) C:\Users\Darlene\Downloads\avg_tuh_stf_all_2014_146_24c4(1).exe
2013-09-23 09:32 - 2013-09-23 09:31 - 78407592 _____ (AVG) C:\Users\Darlene\Downloads\avg_tuh_stf_all_2014_146_24c4.exe
2013-09-22 20:36 - 2013-09-22 20:36 - 209715200 _____ C:\Users\Darlene\Documents\Data Safe.avgfv
2013-09-22 20:31 - 2013-09-22 20:31 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-09-22 19:40 - 2013-09-22 19:40 - 00910992 _____ (Symantec Corporation) C:\Users\Darlene\Downloads\AutoDetectPkg(1).exe
2013-09-22 19:12 - 2013-09-22 19:12 - 00985600 _____ C:\Users\Darlene\Downloads\MicrosoftFixit50123.msi
2013-09-22 05:41 - 2013-09-22 05:41 - 00000000 ____D C:\Users\Darlene\AppData\Local\avgchrome
2013-09-20 22:19 - 2013-09-20 22:19 - 00000000 ____D C:\Users\Darlene\AppData\Local\Mozilla
2013-09-20 22:19 - 2013-09-20 22:19 - 00000000 ____D C:\ProgramData\Mozilla
2013-09-20 22:18 - 2013-09-20 22:18 - 22404568 _____ (Mozilla) C:\Users\Darlene\Downloads\Firefox_Setup [1].exe
2013-09-20 11:16 - 2013-09-20 11:16 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{E4A54E6A-A62E-4F52-B555-D764A2894CEA}
2013-09-19 15:56 - 2012-05-27 16:43 - 00692616 ____H (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 15:56 - 2012-05-27 16:43 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 15:56 - 2011-10-13 11:29 - 00071048 ____H (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-18 13:44 - 2013-09-18 13:43 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{C5C33947-A5D5-4E0F-8B5A-CC7FFD6059AF}
2013-09-16 15:19 - 2012-11-13 01:48 - 00000000 ____D C:\Users\Darlene\Documents\Cook'n10
2013-09-15 09:15 - 2013-09-15 09:14 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{5FEACF98-042A-4A9C-9338-076D30EC2428}
2013-09-11 00:52 - 2013-09-03 00:57 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Tubyuv
2013-09-11 00:22 - 2013-09-03 00:57 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Iqlu
2013-09-09 16:55 - 2013-09-09 16:55 - 00000000 ____D C:\Users\Terry.OURLAPTOP\AppData\Local\{A1D86197-73AA-4412-AC12-F79EB9DD4B2B}
2013-09-08 16:28 - 2013-09-08 16:28 - 00000000 ____D C:\ProgramData\TreeCardGames
2013-09-08 16:27 - 2013-09-09 00:49 - 00001050 _____ C:\Users\Darlene\Desktop\Free FreeCell Solitaire.lnk
2013-09-08 16:27 - 2013-09-08 16:27 - 00001038 _____ C:\Users\Public\Desktop\Free FreeCell Solitaire.lnk
2013-09-08 16:27 - 2013-09-08 16:27 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\TreeCardGames
2013-09-08 16:27 - 2013-09-08 16:27 - 00000000 ____D C:\Program Files (x86)\Free FreeCell Solitaire
2013-09-07 10:58 - 2013-01-03 02:09 - 00000000 ____D C:\Users\Darlene\AppData\Local\Apple Computer
2013-09-06 12:14 - 2012-07-31 21:59 - 00000000 ____D C:\Users\Darlene\AppData\Roaming\Skype
Some content of TEMP:
====================
C:\Users\Darlene\AppData\Local\Temp\ntdll_dump.dll

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-01 02:35
==================== End Of Log ============================


----------



## ldarlene (Sep 6, 2008)

I am assuming this is a large program... it took several minutes to download. It has been installing for several minutes now. The green bar that shows progress very quickly went across to about 80% done... and it has been hanging there now for at least 4 or 5 minutes.
Not sure if I should be using computer while it is trying to install. Should I just shut it down and try again?


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> You can also try running the System Updated Readiness Tool:
> 
> http://windows.microsoft.com/en-ca/windows7/what-is-the-system-update-readiness-tool
> 
> Make sure you download the correct version which is Windows 7 (64-bit).


It finally said it was finished installing. Rebooted and went to windows update page. Still wants to download the same one.
Clicked on update button and still get the message that windows can not update.


----------



## Cookiegal (Aug 27, 2003)

ldarlene said:


> Clicked on update button and still get the message that windows can not update.


What is the exact message, word for word please?


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> What is the exact message, word for word please?


Exact message between slashed lines
-------
Windows could not search for new updates
an error occurred while checking for new updates for your computer
Error(s) found

Code 80070422 Windows Update encountered an unknown error.

Get help with this error

----------
When I click on the get help message i get options
1 how to install windows 7 service pack 1....... I have that installed
2 Troubleshoot problems with installing updates... thats brings me to the update fix it that did not work
3 windows updare errow 80072efe or 80072f76
4 windows update error 80070422...... since this is the error.. i clicked on it... that is the microsoft fix it tool....doesn't work
5 windows update error 800B0100


----------



## Cookiegal (Aug 27, 2003)

Go to *Start *- *Control Panel *and type *administrative tools* in the search box then click on *Administrative Tools*. Next, double-click *Services*. If prompted for password please provide it. Then scroll down the list of services to find the *Windows Update* service. Right-click on the Windows Update service and then click *Properties*.

On the General tab, please report back what the startup type and the service status are showing please.

Also, please do the same for the BITS (Background Intelligent Transfer) service.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Go to *Start *- *Control Panel *and type *administrative tools* in the search box then click on *Administrative Tools*. Next, double-click *Services*. If prompted for password please provide it. Then scroll down the list of services to find the *Windows Update* service. Right-click on the Windows Update service and then click *Properties*.
> 
> On the General tab, please report back what the startup type and the service status are showing please.
> 
> Also, please do the same for the BITS (Background Intelligent Transfer) service.


When I was trying to find info on my own I went through this.
Windows Update 
Startup type is set to automatic (Delayed Start).... I have set it to Automatic several times
it is started

BIT
Same thing. I have set it to Automatic several times... it is now set on Automatic (delayed start)
It is started


----------



## Cookiegal (Aug 27, 2003)

Download attached *fixlist.txt* file and save it to the Desktop.

*NOTE.* It's important that both files, *FRST64* and *fixlist.txt *are in the same location or the fix will not work so that means you must place this file on the Desktop.

*NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*

Run *FRST64* and press the *Fix* button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


----------



## ldarlene (Sep 6, 2008)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by Darlene at 2013-10-07 09:50:05 Run:1
Running from C:\Users\Darlene\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
c:\Program Files\Microsoft Security Client
HKLM-x32\...\Run: [] - [x]
HKU\Terry.OURLAPTOP\...\Run: [SearchProtect] - C:\Users\Terry.OURLAPTOP\AppData\Roaming\SearchProtect
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
CHR HKLM-x32\...\Chrome\Extension: [aaaanoehjhfnnichccofiabhckegmaaj] - C:\Users\Darlene\AppData\Local\APN\GoogleCRXs\aaaanoehjhfnnichccofiabhckegmaaj_7.15.4.0.crx
CHR HKLM-x32\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Darlene\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Darlene\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx
2013-09-23 19:36 - 2013-01-22 16:48 - 00000000____D C:\Users\Darlene\AppData\Roaming\Softarama
2013-09-11 00:52 - 2013-09-03 00:57 - 00000000____D C:\Users\Darlene\AppData\Roaming\Tubyuv
2013-09-11 00:22 - 2013-09-03 00:57 - 00000000____D C:\Users\Darlene\AppData\Roaming\Iqlu
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSC => Value was restored successfully.
"c:\Program Files\Microsoft Security Client" => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\Terry.OURLAPTOP\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => Value deleted successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaanoehjhfnnichccofiabhckegmaaj => Key deleted successfully.
"C:\Users\Darlene\AppData\Local\APN\GoogleCRXs\aaaanoehjhfnnichccofiabhckegmaaj_7.15.4.0.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd => Key deleted successfully.
"C:\Users\Darlene\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi => Key deleted successfully.
"C:\Users\Darlene\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx" => File/Directory not found.
C:\Users\Darlene\AppData\Roaming\Softarama => Moved successfully.
C:\Users\Darlene\AppData\Roaming\Tubyuv => Moved successfully.
C:\Users\Darlene\AppData\Roaming\Iqlu => Moved successfully.
==== End of Fixlog ====


----------



## Cookiegal (Aug 27, 2003)

OK, that's very good.

Now please try downloading this update manually rather than through Windows Updates:

http://www.microsoft.com/en-us/download/details.aspx?id=40068

Let me know how that goes or if you get any error messages.


----------



## ldarlene (Sep 6, 2008)

I get the message
The update is not applicable to your computer


----------



## Cookiegal (Aug 27, 2003)

That's strange because it's one of the updates you listed.

Anyway, when you ran the MS Fix It did you run it in agressive mode?

If not, please do that:

http://support.microsoft.com/kb/971058


----------



## ldarlene (Sep 6, 2008)

40068.... do not see that number in the list of updates installed.... 

Is this a link for the aggressive mode? I did not see any options.
I ran it. got told 'online search for updates ran successfully. Restart Windows update and clidk 'Check for updates' ."
did that.. again it did not work


----------



## Cookiegal (Aug 27, 2003)

40068 is not the number of the update, it was KB2872339.

Try running this troubleshooter and let me know what it reports:

http://windows.microsoft.com/en-GB/windows7/Windows-Update-error-80072efe-or-80072f76


----------



## ldarlene (Sep 6, 2008)

yes, that update installed many times.

I ran this fix and the only message I get is
this Microsoft Fix it has been processed.

then three things to click on
Tell us what you think
get online help now
read more about Microsoft Fix it

no report


----------



## Cookiegal (Aug 27, 2003)

Please visit Windows Updates now and let me know what happens.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Please visit Windows Updates now and let me know what happens.


I assume you mean the 'check for updates' button. After rebooting I tried that after the last fix and it gave me the same error message.
Tried it again just now... still same error message


----------



## Cookiegal (Aug 27, 2003)

Please download the Event Viewer Tool by Vino Rosso *VEW* and save it to your Desktop:


For XP operating sysetms double-click *VEW.exe* For later operating systems right-click VEW.exe and select "Run As Administrator"

Under "Select log to query", select:

*Application*
*System*

Under "Select type to list", select:

*Error*
*Information*
*Warning*

Click the radio button for "Number of events"
Type *10* in the 1 to 20 box 
Then click the *Run* button.

Notepad will open with the output log. Please copy and paste the contents here.


----------



## ldarlene (Sep 6, 2008)

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 07/10/2013 3:45:47 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 07/10/2013 5:36:32 PM
Type: Error Category: 1
Event: 100 Source: CVHSVC
Information only. (Stream product id=0x0066): Streaming Failed
Log: 'Application' Date/Time: 07/10/2013 5:35:15 PM
Type: Error Category: 1
Event: 100 Source: CVHSVC
Information only. Too many failures while downloading ranges: 2
Log: 'Application' Date/Time: 07/10/2013 5:34:31 PM
Type: Error Category: 1
Event: 100 Source: CVHSVC
Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: 
Log: 'Application' Date/Time: 07/10/2013 5:24:09 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 07/10/2013 3:53:08 PM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Log: 'Application' Date/Time: 07/10/2013 1:56:57 PM
Type: Error Category: 1
Event: 100 Source: CVHSVC
Information only. (Stream product id=0x0066): Streaming Failed
Log: 'Application' Date/Time: 07/10/2013 1:56:27 PM
Type: Error Category: 1
Event: 100 Source: CVHSVC
Information only. Too many failures while downloading ranges: 2
Log: 'Application' Date/Time: 07/10/2013 1:55:59 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 07/10/2013 12:47:12 PM
Type: Error Category: 1
Event: 100 Source: CVHSVC
Information only. (Stream product id=0x0066): Streaming Failed
Log: 'Application' Date/Time: 07/10/2013 12:46:20 PM
Type: Error Category: 1
Event: 100 Source: CVHSVC
Information only. Too many failures while downloading ranges: 2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 07/10/2013 6:53:47 PM
Type: Information Category: 0
Event: 1001 Source: Windows Error Reporting
Fault bucket 3385756122, type 5 Event Name: MSHTMLLAYOUTHARDASSERT Response: Not available Cab Id: 0 Problem signature: P1: iexplore.exe P2: 9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) P3: mshtml.dll P4: 9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) P5: 0x0098DB30 (Layout9) P6: P7: P8: P9: P10: Attached files: These files may be available here: C:\Users\Darlene\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_iexplore.exe_3e0a387a06320725d1bbe0db2b0e4d9d34d86_13efe81e Analysis symbol: Rechecking for solution: 0 Report Id: be0eecbb-2f81-11e3-93fb-047d7b1dd2cd Report Status: 0
Log: 'Application' Date/Time: 07/10/2013 6:50:11 PM
Type: Information Category: 0
Event: 1001 Source: Windows Error Reporting
Fault bucket 3031343797, type 5 Event Name: WindowsUpdateFailure Response: Not available Cab Id: 0 Problem signature: P1: 7.6.7600.256 P2: 80070422 P3: 61CA813A-7585-442E-A66B-B0D15CE6BDC0 P4: Scan P5: 101 P6: Unmanaged P7: P8: P9: P10: Attached files: These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.6.7600.256_8527c9548e5637bd185e8f64257625cb5e8b9c_0ca89953 Analysis symbol: Rechecking for solution: 0 Report Id: 4498e039-2f81-11e3-93fb-047d7b1dd2cd Report Status: 0
Log: 'Application' Date/Time: 07/10/2013 6:50:07 PM
Type: Information Category: 0
Event: 1001 Source: Windows Error Reporting
Fault bucket 3031343797, type 5 Event Name: WindowsUpdateFailure Response: Not available Cab Id: 0 Problem signature: P1: 7.6.7600.256 P2: 80070422 P3: 61CA813A-7585-442E-A66B-B0D15CE6BDC0 P4: Scan P5: 101 P6: Unmanaged P7: P8: P9: P10: Attached files: These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.6.7600.256_8527c9548e5637bd185e8f64257625cb5e8b9c_0f7c8cf4 Analysis symbol: Rechecking for solution: 0 Report Id: 3c277ec1-2f81-11e3-93fb-047d7b1dd2cd Report Status: 0
Log: 'Application' Date/Time: 07/10/2013 6:50:01 PM
Type: Information Category: 0
Event: 1001 Source: Windows Error Reporting
Fault bucket , type 0 Event Name: WindowsUpdateFailure Response: Not available Cab Id: 0 Problem signature: P1: 7.6.7600.256 P2: 80070422 P3: 61CA813A-7585-442E-A66B-B0D15CE6BDC0 P4: Scan P5: 101 P6: Unmanaged P7: P8: P9: P10: Attached files: These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.6.7600.256_8527c9548e5637bd185e8f64257625cb5e8b9c_04e07214 Analysis symbol: Rechecking for solution: 0 Report Id: 4498e039-2f81-11e3-93fb-047d7b1dd2cd Report Status: 4
Log: 'Application' Date/Time: 07/10/2013 6:50:00 PM
Type: Information Category: 0
Event: 1001 Source: Windows Error Reporting
Fault bucket , type 0 Event Name: WindowsUpdateFailure Response: Not available Cab Id: 0 Problem signature: P1: 7.6.7600.256 P2: 80070422 P3: 61CA813A-7585-442E-A66B-B0D15CE6BDC0 P4: Scan P5: 101 P6: Unmanaged P7: P8: P9: P10: Attached files: These files may be available here: Analysis symbol: Rechecking for solution: 0 Report Id: 4498e039-2f81-11e3-93fb-047d7b1dd2cd Report Status: 0
Log: 'Application' Date/Time: 07/10/2013 6:49:46 PM
Type: Information Category: 0
Event: 1001 Source: Windows Error Reporting
Fault bucket , type 0 Event Name: WindowsUpdateFailure Response: Not available Cab Id: 0 Problem signature: P1: 7.6.7600.256 P2: 80070422 P3: 61CA813A-7585-442E-A66B-B0D15CE6BDC0 P4: Scan P5: 101 P6: Unmanaged P7: P8: P9: P10: Attached files: These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.6.7600.256_8527c9548e5637bd185e8f64257625cb5e8b9c_04443ac0 Analysis symbol: Rechecking for solution: 0 Report Id: 3c277ec1-2f81-11e3-93fb-047d7b1dd2cd Report Status: 4
Log: 'Application' Date/Time: 07/10/2013 6:49:46 PM
Type: Information Category: 0
Event: 1001 Source: Windows Error Reporting
Fault bucket , type 0 Event Name: WindowsUpdateFailure Response: Not available Cab Id: 0 Problem signature: P1: 7.6.7600.256 P2: 80070422 P3: 61CA813A-7585-442E-A66B-B0D15CE6BDC0 P4: Scan P5: 101 P6: Unmanaged P7: P8: P9: P10: Attached files: These files may be available here: Analysis symbol: Rechecking for solution: 0 Report Id: 3c277ec1-2f81-11e3-93fb-047d7b1dd2cd Report Status: 0
Log: 'Application' Date/Time: 07/10/2013 6:43:22 PM
Type: Information Category: 0
Event: 1001 Source: Windows Error Reporting
Fault bucket 3031343797, type 5 Event Name: WindowsUpdateFailure Response: Not available Cab Id: 0 Problem signature: P1: 7.6.7600.256 P2: 80070422 P3: 61CA813A-7585-442E-A66B-B0D15CE6BDC0 P4: Scan P5: 101 P6: Unmanaged P7: P8: P9: P10: Attached files: These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.6.7600.256_8527c9548e5637bd185e8f64257625cb5e8b9c_05625df8 Analysis symbol: Rechecking for solution: 0 Report Id: 4aa0454a-2f80-11e3-93fb-047d7b1dd2cd Report Status: 0
Log: 'Application' Date/Time: 07/10/2013 6:43:01 PM
Type: Information Category: 0
Event: 1001 Source: Windows Error Reporting
Fault bucket , type 0 Event Name: WindowsUpdateFailure Response: Not available Cab Id: 0 Problem signature: P1: 7.6.7600.256 P2: 80070422 P3: 61CA813A-7585-442E-A66B-B0D15CE6BDC0 P4: Scan P5: 101 P6: Unmanaged P7: P8: P9: P10: Attached files: These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.6.7600.256_8527c9548e5637bd185e8f64257625cb5e8b9c_0e1a0be3 Analysis symbol: Rechecking for solution: 0 Report Id: 4aa0454a-2f80-11e3-93fb-047d7b1dd2cd Report Status: 4
Log: 'Application' Date/Time: 07/10/2013 6:43:01 PM
Type: Information Category: 0
Event: 1001 Source: Windows Error Reporting
Fault bucket , type 0 Event Name: WindowsUpdateFailure Response: Not available Cab Id: 0 Problem signature: P1: 7.6.7600.256 P2: 80070422 P3: 61CA813A-7585-442E-A66B-B0D15CE6BDC0 P4: Scan P5: 101 P6: Unmanaged P7: P8: P9: P10: Attached files: These files may be available here: Analysis symbol: Rechecking for solution: 0 Report Id: 4aa0454a-2f80-11e3-93fb-047d7b1dd2cd Report Status: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 07/10/2013 5:36:32 PM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. Load range failed: 1194568 1917522 : [SoftGrid Error: 0x0000000010000001 in Module: Net Transport Agent, File: httpresource.cpp:120]
Log: 'Application' Date/Time: 07/10/2013 5:35:30 PM
Type: Warning Category: 11
Event: 3211 Source: Application Virtualization Client
{tid=97C}
Attempting Transport Connection URL: http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.6131.5001.sft Error: 24600F0A-10000001
Log: 'Application' Date/Time: 07/10/2013 5:35:15 PM
Type: Warning Category: 11
Event: 3211 Source: Application Virtualization Client
{tid=97C}
Attempting Transport Connection URL: http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.6131.5001.sft Error: 24600F0A-10000001
Log: 'Application' Date/Time: 07/10/2013 5:35:15 PM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. Load range failed: 1194568 1917522 : [SoftGrid Error: 0x0000000010000001 in Module: Net Transport Agent, File: httpresource.cpp:120]
Log: 'Application' Date/Time: 07/10/2013 5:35:15 PM
Type: Warning Category: 11
Event: 3211 Source: Application Virtualization Client
{tid=97C}
Attempting Transport Connection URL: http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.6131.5001.sft Error: 24600F0A-10000001
Log: 'Application' Date/Time: 07/10/2013 5:35:00 PM
Type: Warning Category: 11
Event: 3211 Source: Application Virtualization Client
{tid=97C}
Attempting Transport Connection URL: http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.6131.5001.sft Error: 24600F0A-10000001
Log: 'Application' Date/Time: 07/10/2013 5:34:45 PM
Type: Warning Category: 11
Event: 3211 Source: Application Virtualization Client
{tid=97C}
Attempting Transport Connection URL: http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.6131.5001.sft Error: 24600F0A-10000001
Log: 'Application' Date/Time: 07/10/2013 5:34:45 PM
Type: Warning Category: 11
Event: 3211 Source: Application Virtualization Client
{tid=97C}
Attempting Transport Connection URL: http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.6131.5001.sft Error: 24600F0A-10000001
Log: 'Application' Date/Time: 07/10/2013 5:34:30 PM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. Failed to complete bits job
Log: 'Application' Date/Time: 07/10/2013 5:34:30 PM
Type: Warning Category: 11
Event: 3211 Source: Application Virtualization Client
{tid=97C}
Attempting Transport Connection URL: http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.6131.5001.sft Error: 24600F0A-10000001
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/10/2013 7:41:16 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
Log: 'System' Date/Time: 07/10/2013 7:41:16 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Server service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Log: 'System' Date/Time: 07/10/2013 7:41:16 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
Log: 'System' Date/Time: 07/10/2013 7:41:16 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Server service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Log: 'System' Date/Time: 07/10/2013 7:40:40 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
Log: 'System' Date/Time: 07/10/2013 7:40:40 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Server service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Log: 'System' Date/Time: 07/10/2013 7:40:40 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
Log: 'System' Date/Time: 07/10/2013 7:40:40 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Server service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Log: 'System' Date/Time: 07/10/2013 7:40:39 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The HomeGroup Listener service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
Log: 'System' Date/Time: 07/10/2013 7:40:39 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Server service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/10/2013 7:41:08 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Application Experience service entered the running state.
Log: 'System' Date/Time: 07/10/2013 7:40:41 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Multimedia Class Scheduler service entered the running state.
Log: 'System' Date/Time: 07/10/2013 7:40:39 PM
Type: Information Category: 0
Event: 1 Source: Microsoft-Windows-Power-Troubleshooter
The system has resumed from sleep. Sleep Time: ?2013?-?10?-?07T19:05:15.838315000Z Wake Time: ?2013?-?10?-?07T19:40:35.482801700Z Wake Source: Power Button
Log: 'System' Date/Time: 07/10/2013 7:40:38 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The TCP/IP NetBIOS Helper service entered the running state.
Log: 'System' Date/Time: 07/10/2013 7:40:34 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Windows Image Acquisition (WIA) service entered the running state.
Log: 'System' Date/Time: 07/10/2013 7:40:34 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The DNS Client service entered the running state.
Log: 'System' Date/Time: 07/10/2013 7:40:34 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The DNS Client service entered the stopped state.
Log: 'System' Date/Time: 07/10/2013 7:40:34 PM
Type: Information Category: 0
Event: 1 Source: Microsoft-Windows-Kernel-General
The system time has changed to ?2013?-?10?-?07T19:40:34.500000000Z from ?2013?-?10?-?07T19:05:31.843943100Z.
Log: 'System' Date/Time: 07/10/2013 7:05:30 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The TCP/IP NetBIOS Helper service entered the stopped state.
Log: 'System' Date/Time: 07/10/2013 7:05:29 PM
Type: Information Category: 0
Event: 7042 Source: Service Control Manager
The TCP/IP NetBIOS Helper service was successfully sent a stop control. The reason specified was: 0x40030011 [Operating System: Network Connectivity (Planned)] Comment: None
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/10/2013 7:41:14 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 07/10/2013 7:40:46 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name DARLENE.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 07/10/2013 7:05:29 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name DARLENE.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 07/10/2013 5:52:31 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name DARLENE.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 07/10/2013 5:52:19 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name DARLENE.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 07/10/2013 5:35:43 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 07/10/2013 5:34:30 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 07/10/2013 5:34:26 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name DARLENE.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 07/10/2013 5:22:52 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 07/10/2013 5:21:25 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.


----------



## ldarlene (Sep 6, 2008)

Did you see anything significant in the last scan? (VEW)


----------



## Cookiegal (Aug 27, 2003)

I haven't had a chance to check out everything and probable won't until tomorrow.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> I haven't had a chance to check out everything and probable won't until tomorrow.


OK. No rush. Thanks for all your help so far. I am begining to think that Windows Update is not going to ever work properly.


----------



## Cookiegal (Aug 27, 2003)

Many people are having this problem with Windows 7 and so far solutions have been hit and miss, meaning they work for some but not for others.

I'd like you to run SURT (System Update Readiness Tool) again from the following link:

http://support.microsoft.com/kb/947821

Please be sure to run the correct version for your system which is the seventh one down the list: "All supported x64-based versions of Windows 7"

After running it a log will be created called CheckSur.log in the following folder:

C:\Windows\Logs\CBS

Please open the log in Notepad and copy and paste the contents here.


----------



## ldarlene (Sep 6, 2008)

After running it a log will be created called CheckSur.log in the following folder:

C:\Windows\Logs\CBS

Please open the log in Notepad and copy and paste the contents here.[/QUOTE]

Downloaded the program and said yes when it asked if I wanted to replace the one already installed and said yes. The installation took sevearal minites. Said it had finished installing.
All other reports have altomatically opened but this one did not. I can't find the log.


----------



## ldarlene (Sep 6, 2008)

Can't even find the SURT program.


----------



## ldarlene (Sep 6, 2008)

Think I found the problem!!!

In services.... software protection was disabled
...Windows module was disabled.

after turning them to automatic I checked for updates
26 downloaded
Only two installed
Second attempt the rest seemed to install

However, now I have the message that I have 24 that need to install. Checked the history and many "failed" to install. I will try again.

```

```


----------



## ldarlene (Sep 6, 2008)

See previous posts today.

Several frustrating hours of trying to install 26 updates. I resorting to selecting 7 or less at a time and got successful results that way.... except for one update that refuses to install. KB2853952

After this windows live mail and internet explorer would not work..unknown error. Did a search on line on other computer and found out how to uninstall updates... looked for anything to do with IE... found and uninstalled one and it now works again. Not sure if I should try to install it again or not.

going to see if I can find solution for windows live


----------



## ldarlene (Sep 6, 2008)

looked for update KB2670838 in the installed updates... as an internet search suggested that could be the problem.. that update was not installed.
Tried 'fix' in the uninstall section... that resulted with the message that it had been fixed.... but it still will not open.
Tried rebooting...still does not work... stopped working before it is totally open.


----------



## Cookiegal (Aug 27, 2003)

Please run SystemLook with the following script and post the log:


```
:filefind
*CheckSur*
```
Also, please run OTL again but I only want to see Services so I'm uploading a screenshot to show you which options to select. On "Services" I want "All" and on everything else "None" like it is in the screenshot. Then click on "Run Scan". It will be very quick because it's only scanning services. Please post the log here.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Please run SystemLook with the following script and post the log:
> 
> 
> ```
> ...


doing one thing at a time...do not want to lose any logs.

SystemLook 04.09.10 by jpshortstuff
Log created at 16:10 on 08/10/2013 by Darlene
Administrator - Elevation successful
========== filefind ==========
Searching for "*CheckSur*"
C:\Users\Darlene\AppData\Local\ElevatedDiagnostics\2560293460\2013100120.000\CheckSURLog.cab --a---- 23903 bytes [20:20 01/10/2013] [20:23 01/10/2013] 8E69234AF24DFBBC943F02ED4D80D0C2
C:\Users\Darlene\AppData\Local\ElevatedDiagnostics\2560293460\2013100201.000\CheckSURLog.cab --a---- 23873 bytes [01:48 02/10/2013] [01:50 02/10/2013] C2BB0BD263F058A07B38231E7FD8A79E
C:\Users\Darlene\AppData\Local\ElevatedDiagnostics\2560293460\2013100218.000\CheckSURLog.cab --a---- 23875 bytes [18:06 02/10/2013] [18:07 02/10/2013] B43BF819D9C6EDFEAF2D855B5215B6E3
C:\Windows\Logs\CBS\CheckSUR.log --a---- 394 bytes [00:25 07/10/2013] [13:36 08/10/2013] D9EF5251CE93F0C6EDA01E03665F90E1
C:\Windows\Logs\CBS\CheckSUR.persist.log --a---- 791 bytes [00:25 07/10/2013] [13:36 08/10/2013] 17AE43BA42B0125427235145B9E5FE31
C:\Windows\Prefetch\CHECKSUR.EXE-81FD23A8.pf --a---- 26314 bytes [13:21 08/10/2013] [13:21 08/10/2013] 6322653DBB7EB35784AABD7D27A32302
C:\Windows\Prefetch\CHECKSURLAUNCHER.EXE-1AF82ABA.pf --a---- 16480 bytes [13:21 08/10/2013] [13:21 08/10/2013] 8F1BFB3BF02DE70F885A0A501B3EC546
C:\Windows\Prefetch\CHECKSURPACKAGE.EXE-D86D91A9.pf --a---- 34250 bytes [13:21 08/10/2013] [13:21 08/10/2013] ACE463B446ACE6EE672A15F2772A6738
C:\Windows\temp\CheckSUR\CheckSurSqm.dat --a---- 706 bytes [00:40 07/10/2013] [13:36 08/10/2013] 191DC0FF862AD954990CE78ED6D09273
-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

OK, the log is right there where I said it was but you said you couldn't find it. I need to see this log:

C:\Windows\Logs\CBS\CheckSUR.log


----------



## ldarlene (Sep 6, 2008)

here is the next one.

OTL logfile created on: 08/10/2013 4:16:55 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Darlene\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.68 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 59.73% Memory free
7.36 Gb Paging File | 5.87 Gb Available in Paging File | 79.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.99 Gb Total Space | 211.41 Gb Free Space | 74.97% Space Free | Partition Type: NTFS

Computer Name: OURLAPTOP | User Name: Darlene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Services (All) ==========

SRV:*64bit:* - File not found [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:*64bit:* - File not found [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:*64bit:* - [2013/08/30 03:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:*64bit:* - [2013/07/09 01:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:*64bit:* - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:*64bit:* - [2013/04/02 13:34:04 | 005,802,128 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe -- (GsServer)
SRV:*64bit:* - [2013/02/20 12:35:32 | 000,641,352 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV:*64bit:* - [2012/10/03 13:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:*64bit:* - [2012/10/03 13:42:16 | 000,569,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iphlpsvc.dll -- (IpHlpSvc)
SRV:*64bit:* - [2012/07/25 23:08:14 | 000,084,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WUDFSvc.dll -- (wudfsvc)
SRV:*64bit:* - [2012/07/04 18:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:*64bit:* - [2012/06/02 18:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:*64bit:* - [2012/05/18 16:35:34 | 001,255,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:*64bit:* - [2012/05/01 01:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:*64bit:* - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:*64bit:* - [2012/02/11 02:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:*64bit:* - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (VaultSvc)
SRV:*64bit:* - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:*64bit:* - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
SRV:*64bit:* - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (Netlogon)
SRV:*64bit:* - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:*64bit:* - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (EFS)
SRV:*64bit:* - [2011/09/21 05:37:16 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:*64bit:* - [2011/09/21 05:36:31 | 000,591,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SearchIndexer.exe -- (WSearch)
SRV:*64bit:* - [2011/08/31 00:05:32 | 000,462,184 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV:*64bit:* - [2011/08/02 15:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:*64bit:* - [2011/07/14 01:28:35 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:*64bit:* - [2011/03/29 00:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:*64bit:* - [2011/03/17 23:05:46 | 001,139,200 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:*64bit:* - [2010/11/20 23:25:14 | 001,504,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:*64bit:* - [2010/11/20 23:25:14 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:*64bit:* - [2010/11/20 23:25:10 | 000,092,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TabSvc.dll -- (TabletInputService)
SRV:*64bit:* - [2010/11/20 23:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:*64bit:* - [2010/11/20 23:25:05 | 001,525,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:*64bit:* - [2010/11/20 23:24:52 | 000,117,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpdbusenum.dll -- (WPDBusEnum)
SRV:*64bit:* - [2010/11/20 23:24:51 | 000,232,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:*64bit:* - [2010/11/20 23:24:51 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:*64bit:* - [2010/11/20 23:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:*64bit:* - [2010/11/20 23:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:*64bit:* - [2010/11/20 23:24:36 | 001,743,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\sysmain.dll -- (SysMain)
SRV:*64bit:* - [2010/11/20 23:24:36 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wcncsvc.dll -- (wcncsvc)
SRV:*64bit:* - [2010/11/20 23:24:35 | 000,258,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WebClnt.dll -- (WebClient)
SRV:*64bit:* - [2010/11/20 23:24:34 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:*64bit:* - [2010/11/20 23:24:33 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SessEnv.dll -- (SessionEnv)
SRV:*64bit:* - [2010/11/20 23:24:32 | 000,777,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\gpsvc.dll -- (gpsvc)
SRV:*64bit:* - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:*64bit:* - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:*64bit:* - [2010/11/20 23:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV:*64bit:* - [2010/11/20 23:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
SRV:*64bit:* - [2010/11/20 23:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:*64bit:* - [2010/11/20 23:24:24 | 002,018,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WsmSvc.dll -- (WinRM)
SRV:*64bit:* - [2010/11/20 23:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:*64bit:* - [2010/11/20 23:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:*64bit:* - [2010/11/20 23:24:16 | 000,162,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dps.dll -- (DPS)
SRV:*64bit:* - [2010/11/20 23:24:16 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\KMSVC.DLL -- (hkmsvc)
SRV:*64bit:* - [2010/11/20 23:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:*64bit:* - [2010/11/20 23:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV:*64bit:* - [2010/11/20 23:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:*64bit:* - [2010/11/20 23:24:09 | 000,080,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\certprop.dll -- (SCPolicySvc)
SRV:*64bit:* - [2010/11/20 23:24:09 | 000,080,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\certprop.dll -- (CertPropSvc)
SRV:*64bit:* - [2010/11/20 23:24:08 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:*64bit:* - [2010/11/20 23:24:07 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\termsrv.dll -- (TermService)
SRV:*64bit:* - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:*64bit:* - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:*64bit:* - [2010/11/20 23:24:00 | 001,389,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pla.dll -- (pla)
SRV:*64bit:* - [2010/11/20 23:24:00 | 000,853,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\IKEEXT.DLL -- (IKEEXT)
SRV:*64bit:* - [2010/11/20 23:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:*64bit:* - [2010/11/20 23:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:*64bit:* - [2010/11/20 23:23:56 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:*64bit:* - [2010/11/20 23:23:56 | 000,444,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\winhttp.dll -- (WinHttpAutoProxySvc)
SRV:*64bit:* - [2010/11/20 23:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:*64bit:* - [2010/11/20 23:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:*64bit:* - [2010/11/20 23:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV:*64bit:* - [2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:*64bit:* - [2010/11/20 23:23:51 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vds.exe -- (vds)
SRV:*64bit:* - [2010/11/20 23:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:*64bit:* - [2010/11/20 23:23:48 | 000,476,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\QAGENTRT.DLL -- (napagent)
SRV:*64bit:* - [2010/11/20 23:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:*64bit:* - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:*64bit:* - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV:*64bit:* - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:*64bit:* - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:*64bit:* - [2009/07/13 21:41:57 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpcsvc.dll -- (WPCSvc)
SRV:*64bit:* - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:*64bit:* - [2009/07/13 21:41:56 | 000,381,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\w32time.dll -- (W32Time)
SRV:*64bit:* - [2009/07/13 21:41:56 | 000,353,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\upnphost.dll -- (upnphost)
SRV:*64bit:* - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:*64bit:* - [2009/07/13 21:41:56 | 000,237,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wecsvc.dll -- (Wecsvc)
SRV:*64bit:* - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:*64bit:* - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:*64bit:* - [2009/07/13 21:41:56 | 000,090,624 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\wdi.dll -- (WdiSystemHost)
SRV:*64bit:* - [2009/07/13 21:41:56 | 000,090,624 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\wdi.dll -- (WdiServiceHost)
SRV:*64bit:* - [2009/07/13 21:41:56 | 000,084,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wercplsupport.dll -- (wercplsupport)
SRV:*64bit:* - [2009/07/13 21:41:56 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wersvc.dll -- (WerSvc)
SRV:*64bit:* - [2009/07/13 21:41:56 | 000,040,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WcsPlugInService.dll -- (WcsPlugInService)
SRV:*64bit:* - [2009/07/13 21:41:56 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\uxsms.dll -- (UxSms)
SRV:*64bit:* - [2009/07/13 21:41:55 | 000,119,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\trkwks.dll -- (TrkWks)
SRV:*64bit:* - [2009/07/13 21:41:55 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tbssvc.dll -- (TBS)
SRV:*64bit:* - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:*64bit:* - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:*64bit:* - [2009/07/13 21:41:54 | 000,193,024 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ssdpsrv.dll -- (SSDPSRV)
SRV:*64bit:* - [2009/07/13 21:41:54 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sstpsvc.dll -- (SstpSvc)
SRV:*64bit:* - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:*64bit:* - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:*64bit:* - [2009/07/13 21:41:53 | 000,438,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\p2psvc.dll -- (p2psvc)
SRV:*64bit:* - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:*64bit:* - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:*64bit:* - [2009/07/13 21:41:53 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qwave.dll -- (QWAVE)
SRV:*64bit:* - [2009/07/13 21:41:53 | 000,190,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SCardSvr.dll -- (SCardSvr)
SRV:*64bit:* - [2009/07/13 21:41:53 | 000,186,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\pcasvc.dll -- (PcaSvc)
SRV:*64bit:* - [2009/07/13 21:41:53 | 000,159,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\regsvc.dll -- (RemoteRegistry)
SRV:*64bit:* - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:*64bit:* - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:*64bit:* - [2009/07/13 21:41:53 | 000,064,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\Sens.dll -- (SENS)
SRV:*64bit:* - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:*64bit:* - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:*64bit:* - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV:*64bit:* - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:*64bit:* - [2009/07/13 21:41:28 | 000,368,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msdtckrm.dll -- (KtmRm)
SRV:*64bit:* - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (THREADORDER)
SRV:*64bit:* - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:*64bit:* - [2009/07/13 21:41:18 | 000,300,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lltdsvc.dll -- (lltdsvc)
SRV:*64bit:* - [2009/07/13 21:41:18 | 000,023,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lmhsvc.dll -- (lmhosts)
SRV:*64bit:* - [2009/07/13 21:41:11 | 000,156,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\iscsiexe.dll -- (MSiSCSI)
SRV:*64bit:* - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:*64bit:* - [2009/07/13 21:41:09 | 000,101,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPBusEnum.dll -- (IPBusEnum)
SRV:*64bit:* - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV:*64bit:* - [2009/07/13 21:40:52 | 000,034,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\FDResPub.dll -- (FDResPub)
SRV:*64bit:* - [2009/07/13 21:40:52 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\fdPHost.dll -- (fdPHost)
SRV:*64bit:* - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV:*64bit:* - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:*64bit:* - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:*64bit:* - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:*64bit:* - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:*64bit:* - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:*64bit:* - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:*64bit:* - [2009/07/13 21:39:55 | 000,203,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbem\WmiApSrv.exe -- (wmiApSrv)
SRV:*64bit:* - [2009/07/13 21:39:48 | 000,040,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\UI0Detect.exe -- (UI0Detect)
SRV:*64bit:* - [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\svchost.exe -- (RemoteAccess)
SRV:*64bit:* - [2009/07/13 21:39:41 | 000,014,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\snmptrap.exe -- (SNMPTRAP)
SRV:*64bit:* - [2009/07/13 21:39:21 | 000,141,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msdtc.exe -- (MSDTC)
SRV:*64bit:* - [2009/07/13 21:39:15 | 000,010,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Locator.exe -- (RpcLocator)
SRV:*64bit:* - [2009/07/13 21:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dllhost.exe -- (COMSysApp)
SRV:*64bit:* - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV - [2013/09/19 15:56:22 | 000,257,416 | -H-- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/07/30 18:47:46 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/09 00:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012/11/16 11:26:30 | 000,194,032 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2012/11/16 11:26:01 | 000,136,176 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdatem)
SRV - [2012/11/16 11:26:01 | 000,136,176 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011/12/30 11:31:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/21 05:36:31 | 000,427,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWow64\SearchIndexer.exe -- (WSearch)
SRV - [2011/06/21 16:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/05/29 22:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/04/23 21:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/02/11 08:49:44 | 000,346,704 | ---- | M] (Dritek System Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/11/20 23:25:10 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2010/11/20 23:24:53 | 000,856,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2010/11/20 23:24:52 | 000,042,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2010/11/20 23:24:49 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\wcncsvc.dll -- (wcncsvc)
SRV - [2010/11/20 23:24:49 | 000,204,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WebClnt.dll -- (WebClient)
SRV - [2010/11/20 23:24:42 | 000,696,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2010/11/20 23:24:32 | 001,175,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WsmSvc.dll -- (WinRM)
SRV - [2010/11/20 23:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV - [2010/11/20 23:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 23:24:08 | 001,508,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\pla.dll -- (pla)
SRV - [2010/11/20 23:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/11/20 23:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 23:24:03 | 000,194,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller)
SRV - [2010/11/20 23:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 23:23:55 | 000,113,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\SessEnv.dll -- (SessionEnv)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/13 21:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/07/01 00:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/07/01 00:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 17:23:04 | 000,044,376 | -H-- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 14:27:14 | 000,138,576 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/07/13 21:39:09 | 000,127,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2009/07/13 21:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\wpcsvc.dll -- (WPCSvc)
SRV - [2009/07/13 21:16:18 | 000,076,288 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\wdi.dll -- (WdiSystemHost)
SRV - [2009/07/13 21:16:18 | 000,076,288 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\wdi.dll -- (WdiServiceHost)
SRV - [2009/07/13 21:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WcsPlugInService.dll -- (WcsPlugInService)
SRV - [2009/07/13 21:16:17 | 000,266,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\upnphost.dll -- (upnphost)
SRV - [2009/07/13 21:16:13 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\Sens.dll -- (SENS)
SRV - [2009/07/13 21:16:12 | 000,210,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\qwave.dll -- (QWAVE)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV - [2009/07/13 21:14:28 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\perfhost.exe -- (PerfHost)
SRV - [2009/07/13 21:14:18 | 000,007,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\dllhost.exe -- (COMSysApp)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)

< End of report >


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> OK, the log is right there where I said it was but you said you couldn't find it. I need to see this log:
> 
> C:\Windows\Logs\CBS\CheckSUR.log


When I first checked I could not find it.

=================================
Checking System Update Readiness.
Binary Version 6.1.7601.21645
Package Version 20.0
2013-10-08 09:23
Checking Windows Servicing Packages
Checking Package Manifests and Catalogs
Checking Package Watchlist
Checking Component Watchlist
Checking Packages
Checking Component Store
Summary:
Seconds executed: 831
No errors detected


----------



## Cookiegal (Aug 27, 2003)

I have to check all of those services and will do so tomorrow but there are a few that are marked "Automatic" yet they're not running.

Please go to services and open Computer Browser and see if you can start that service.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> I have to check all of those services and will do so tomorrow but there are a few that are marked "Automatic" yet they're not running.
> 
> Please go to services and open Computer Browser and see if you can start that service.


Computer browser did not start... error 1068 The dependency service or group failed to start

When clicking this off I accidently hit something else
iSCSI Initiator.. it gave a warning... sorry can't remember exactly what it said... maybe 'not turned on'
I hit yes and anothproperties screen came up... no idea what I am doing.. maybe I should have said no..anyways I closed it off without doing anything.


----------



## Cookiegal (Aug 27, 2003)

Windows 7 is different so I can't look myself. While in the Computer Browser service please click on the Dependencies tab and let me know what it says there.


----------



## Cookiegal (Aug 27, 2003)

Also, try to start the LanmanServer service.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Windows 7 is different so I can't look myself. While in the Computer Browser service please click on the Dependencies tab and let me know what it says there.


 Server
Workstation

Do you need to know all the stuff in these folders?


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Also, try to start the LanmanServer service.


Think I am going crazy. Is this supposed to be under Services?
I assume everything is in alphbetical order.
I have
KtmRm for Dis....
Link-Layer Topology Discovery mapper
Live updater service (which is disabled by the way)
Media Center Extender Service

NO LanmanServer service.

see next post... found it


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Also, try to start the LanmanServer service.


Found it. It was not under LanmanServer but under server
tried to start it. error 1068 the dependancy service or group failed to start.

under dependancies
service dependant on following
Security Accounts manager
Server SMB 1xxx Driver

Following system components dependant on this service
Computer Browser
HomeGroup Listener

hope this helps


----------



## Cookiegal (Aug 27, 2003)

Yes it helps.

So, you said Windows Updates is working but there's one update that won't install: KB2853952 

Does Windows Update now indicate the last successful updates are from October rather than January as was the case previously?


----------



## Cookiegal (Aug 27, 2003)

I believe I just found the problem with Windows Update KB2454826 and Live Mail in this MS article:

http://support.microsoft.com/kb/2505524

Don't do anything just yet (we will run the fix it later) but we need to check if you do have the problematic driver first so please do the following:

Go to *Start *then type *dxdiag *in the search box, and then press Enter.
If you are prompted to check whether your drivers are digitally signed, click Yes.
In the DirectX Diagnostic Tool dialog box, click the Display tab and report back all of the information shown including the version number for your graphics driver please.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Yes it helps.
> 
> So, you said Windows Updates is working but there's one update that won't install: KB2853952
> 
> Does Windows Update now indicate the last successful updates are from October rather than January as was the case previously?


yes.... Mostg recent check for updates: Yesterday at 12:24PM
Updates were installed Yesterday at 11:40 PM
Right about the update that will not install.

Tried to install the last 3 optional updates last night, they all failed.

Until after Thanksgiving I have an extremely slow connection ( so slow that if I try to watch a video on utube I get about 20 sec. at a time. This morning I tried to check for updates... it tried for a few minutes and then got an unknown error. sorry I forgot to write down the number but I think it ended in 4022. Is it possible that the slow connection is the problem? I will try it again at Tim Horton's this afternoon.

In the meantime, any ideas on how to get Live Mail working again. It was working fine before the updates


----------



## Cookiegal (Aug 27, 2003)

Please see my last post about Live Mail as we are posting at the same time.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> I believe I just found the problem with Windows Update KB2454826 and Live Mail in this MS article:
> 
> http://support.microsoft.com/kb/2505524
> 
> ...


Main driver: igdumd64.dll,igd10umd64.dll,igdumd>

Version: 8.15.10.2342

Date 25/03/2011 6:17:46 AM

WHQL Logo'd: Yes

DDI Version: 10

Driver Model: WDDM 1.1


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Please see my last post about Live Mail as we are posting at the same time.


Yes, saw it. Looks like the driver is not the same one.


----------



## Cookiegal (Aug 27, 2003)

Are you sure it says 8.15.10.2342 and not 8.15.10.2341? Perhaps a typo?


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Are you sure it says 8.15.10.2342 and not 8.15.10.2341? Perhaps a typo?


I just rechecked. Definitely a 2 on the end, not a 1


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Are you sure it says 8.15.10.2342 and not 8.15.10.2341? Perhaps a typo?


Tried update again.. this time I got 28 updates....checked out the numbers and they are all new ones that have not been installed since the 7th... did not have time to check further back.

Since I have problems yesterday when I tried to install themall at once should I be checking off only a few at a time? Also, should I wait till I have a faster connection?

Will not be back till after lunch


----------



## Cookiegal (Aug 27, 2003)

Were you saying that Live Mail is still not working even after uninstalling that update KB2454826?

I'd go ahead and install them all. Take note of the numbers before installing them.

Also, I'd like to see the full dxdiag report so please run it again and once it's finished, to the bottom right you will see a button called "Save All Information". Please click on that and save it to Notepad and then copy and paste the contents here.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Were you saying that Live Mail is still not working even after uninstalling that update KB2454826?
> 
> I'd go ahead and install them all. Take note of the numbers before installing them.
> 
> Also, I'd like to see the full dxdiag report so please run it again and once it's finished, to the bottom right you will see a button called "Save All Information". Please click on that and save it to Notepad and then copy and paste the contents here.


 I looked for KB2454826 and KB2670838 in my update history when I found those update were related to live mail not opening. I DID NOT uninstall them as neither of them were in my update history.
Windows Live Mail worked find right before the updates, stopped opening after the updates were installed and still will not open.

------------------
System Information
------------------
Time of this report: 10/9/2013, 13:42:15
Machine name: OURLAPTOP
Operating System: Windows 7 Home Premium 64-bit (6.1, Build 7601) Service Pack 1 (7601.win7sp1_gdr.130708-1532)
Language: English (Regional Setting: English)
System Manufacturer: Acer
System Model: Aspire 4739
BIOS: InsydeH2O Version V1.05
Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz (4 CPUs), ~2.5GHz
Memory: 4096MB RAM
Available OS Memory: 3766MB RAM
Page File: 1493MB used, 6038MB available
Windows Dir: C:\Windows
DirectX Version: DirectX 11
DX Setup Parameters: Not found
User DPI Setting: 96 DPI (100 percent)
System DPI Setting: 96 DPI (100 percent)
DWM DPI Scaling: Disabled
DxDiag Version: 6.01.7601.17514 64bit Unicode
------------
DxDiag Notes
------------
Display Tab 1: No problems found.
Sound Tab 1: No problems found.
Input Tab: No problems found.
--------------------
DirectX Debug Levels
--------------------
Direct3D: 0/4 (retail)
DirectDraw: 0/4 (retail)
DirectInput: 0/5 (retail)
DirectMusic: 0/5 (retail)
DirectPlay: 0/9 (retail)
DirectSound: 0/5 (retail)
DirectShow: 0/6 (retail)
---------------
Display Devices
---------------
Card name: Intel(R) HD Graphics
Manufacturer: Intel Corporation
Chip type: Intel(R) HD Graphics (Core i3)
DAC type: Internal
Device Key: Enum\PCI\VEN_8086&DEV_0046&SUBSYS_06031025&REV_18
Display Memory: 1755 MB
Dedicated Memory: 128 MB
Shared Memory: 1627 MB
Current Mode: 1366 x 768 (32 bit) (60Hz)
Monitor Name: Generic PnP Monitor
Monitor Model: unknown
Monitor Id: AUO183C
Native Mode: 1366 x 768(p) (60.098Hz)
Output Type: Internal
Driver Name: igdumd64.dll,igd10umd64.dll,igdumdx32,igd10umd32
Driver File Version: 8.15.0010.2342 (English)
Driver Version: 8.15.10.2342
DDI Version: 10
Driver Model: WDDM 1.1
Driver Attributes: Final Retail
Driver Date/Size: 3/25/2011 06:17:46, 7473664 bytes
WHQL Logo'd: Yes
WHQL Date Stamp: 
Device Identifier: {D7B78E66-4306-11CF-B37A-0926B8C2C535}
Vendor ID: 0x8086
Device ID: 0x0046
SubSys ID: 0x06031025
Revision ID: 0x0018
Driver Strong Name: oem8.inf:Intel.Mfg.NTamd64:iILKM0:8.15.10.2342ci\ven_8086&dev_0046&subsys_06031025
Rank Of Driver: 00E60001
Video Accel: ModeMPEG2_A ModeMPEG2_C ModeWMV9_B ModeWMV9_C ModeVC1_B ModeVC1_C 
Deinterlace Caps: {BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering 
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch 
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend 
{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering 
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch 
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend 
{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(YV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering 
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch 
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(YV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend 
{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(NV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering 
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(NV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch 
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(NV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend 
{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(IMC1,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering 
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC1,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch 
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC1,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend 
{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(IMC2,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering 
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch 
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend 
{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(IMC3,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering 
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC3,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch 
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC3,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend 
{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(IMC4,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering 
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC4,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch 
{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC4,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend 
D3D9 Overlay: Supported
DXVA-HD: Supported
DDraw Status: Enabled
D3D Status: Enabled
AGP Status: Enabled
-------------
Sound Devices
-------------
Description: Speakers (Realtek High Definition Audio)
Default Sound Playback: Yes
Default Voice Playback: Yes
Hardware ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0269&SUBSYS_10250603&REV_1001
Manufacturer ID: 1
Product ID: 100
Type: WDM
Driver Name: RTKVHD64.sys
Driver Version: 6.00.0001.6324 (English)
Driver Attributes: Final Retail
WHQL Logo'd: Yes
Date and Size: 3/8/2011 08:36:28, 2795880 bytes
Other Files: 
Driver Provider: Realtek Semiconductor Corp.
HW Accel Level: Basic
Cap Flags: 0xF1F
Min/Max Sample Rate: 100, 200000
Static/Strm HW Mix Bufs: 1, 0
Static/Strm HW 3D Bufs: 0, 0
HW Memory: 0
Voice Management: No
EAX(tm) 2.0 Listen/Src: No, No
I3DL2(tm) Listen/Src: No, No
Sensaura(tm) ZoomFX(tm): No
---------------------
Sound Capture Devices
---------------------
Description: Microphone (Realtek High Definition Audio)
Default Sound Capture: Yes
Default Voice Capture: Yes
Driver Name: RTKVHD64.sys
Driver Version: 6.00.0001.6324 (English)
Driver Attributes: Final Retail
Date and Size: 3/8/2011 08:36:28, 2795880 bytes
Cap Flags: 0x1
Format Flags: 0xFFFFF
-------------------
DirectInput Devices
-------------------
Device Name: Mouse
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a
Device Name: Keyboard
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a
Device Name: USB Receiver
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x046D, 0xC52F
FF Driver: n/a
Device Name: USB Receiver
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x046D, 0xC52F
FF Driver: n/a
Device Name: USB Receiver
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x046D, 0xC52F
FF Driver: n/a
Poll w/ Interrupt: No
-----------
USB Devices
-----------
+ USB Root Hub
| Vendor/Product ID: 0x8086, 0x3B3C
| Matching Device ID: usb\root_hub20
| Service: usbhub
| Driver: usbhub.sys, 7/14/2011 01:31:18, 343040 bytes
| Driver: usbd.sys, 7/14/2011 01:31:18, 7936 bytes
| 
+-+ Generic USB Hub
| | Vendor/Product ID: 0x8087, 0x0020
| | Location: Port_#0001.Hub_#0001
| | Matching Device ID: usb\class_09
| | Service: usbhub
| | Driver: usbhub.sys, 7/14/2011 01:31:18, 343040 bytes
----------------
Gameport Devices
----------------
------------
PS/2 Devices
------------
+ Standard PS/2 Keyboard
| Matching Device ID: *pnp0303
| Service: i8042prt
| Driver: i8042prt.sys, 7/13/2009 19:19:57, 105472 bytes
| Driver: kbdclass.sys, 7/13/2009 21:48:04, 50768 bytes
| 
+ Terminal Server Keyboard Driver
| Matching Device ID: root\rdp_kbd
| Upper Filters: kbdclass
| Service: TermDD
| Driver: i8042prt.sys, 7/13/2009 19:19:57, 105472 bytes
| Driver: kbdclass.sys, 7/13/2009 21:48:04, 50768 bytes
| 
+ Synaptics PS/2 Port TouchPad
| Matching Device ID: *syn1b20
| Upper Filters: SynTP
| Service: i8042prt
| 
+ HID-compliant mouse
| Vendor/Product ID: 0x046D, 0xC52F
| Matching Device ID: hid_device_system_mouse
| Service: mouhid
| Driver: mouhid.sys, 7/13/2009 20:00:20, 31232 bytes
| Driver: mouclass.sys, 7/13/2009 21:48:27, 49216 bytes
| 
+ Terminal Server Mouse Driver
| Matching Device ID: root\rdp_mou
| Upper Filters: mouclass
| Service: TermDD
| Driver: termdd.sys, 11/20/2010 23:23:47, 63360 bytes
| Driver: sermouse.sys, 7/13/2009 20:00:20, 26624 bytes
| Driver: mouclass.sys, 7/13/2009 21:48:27, 49216 bytes
------------------------
Disk & DVD/CD-ROM Drives
------------------------
Drive: C:
Free Space: 215.1 GB
Total Space: 288.8 GB
File System: NTFS
Model: WDC WD3200BPVT-22JJ5T0
Drive: Q:
Model: n/a
Drive: D:
Model: MAT****A DVD-RAM UJ8B0AW
Driver: c:\windows\system32\drivers\cdrom.sys, 6.01.7601.17514 (English), 11/20/2010 23:23:47, 147456 bytes
--------------
System Devices
--------------
Name: Intel(R) HD Graphics
Device ID: PCI\VEN_8086&DEV_0046&SUBSYS_06031025&REV_18\3&11583659&0&10
Driver: C:\Windows\system32\DRIVERS\igdkmd64.sys, 8.15.0010.2342 (English), 3/25/2011 06:17:48, 12262336 bytes
Driver: C:\Windows\system32\igdumd64.dll, 8.15.0010.2342 (English), 3/25/2011 06:17:46, 7473664 bytes
Driver: C:\Windows\system32\igd10umd64.dll, 8.15.0010.2342 (English), 3/25/2011 06:05:32, 7386624 bytes
Driver: C:\Windows\system32\igfxcmrt64.dll, 1.00.0000.0004 (English), 3/25/2011 05:28:22, 122368 bytes
Driver: C:\Windows\system32\IccLibDll_x64.dll, 3/25/2011 05:28:22, 94208 bytes
Driver: C:\Windows\system32\igkrng575.bin, 3/25/2011 06:16:08, 867020 bytes
Driver: C:\Windows\system32\igcompkrng575.bin, 3/25/2011 06:16:10, 128204 bytes
Driver: C:\Windows\system32\igfcg575m.bin, 3/25/2011 06:16:08, 105428 bytes
Driver: C:\Windows\SysWow64\igkrng575.bin, 3/25/2011 06:16:08, 867020 bytes
Driver: C:\Windows\SysWow64\igcompkrng575.bin, 3/25/2011 06:16:10, 128204 bytes
Driver: C:\Windows\SysWow64\igfcg575m.bin, 3/25/2011 06:16:08, 105428 bytes
Driver: C:\Windows\system32\iglhxs64.vp, 3/25/2011 06:36:34, 13488 bytes
Driver: C:\Windows\system32\iglhxo64.vp, 3/25/2011 05:28:22, 60015 bytes
Driver: C:\Windows\system32\iglhxc64.vp, 3/25/2011 05:28:22, 60226 bytes
Driver: C:\Windows\system32\iglhxg64.vp, 3/25/2011 05:28:22, 60254 bytes
Driver: C:\Windows\system32\iglhxa64.vp, 3/25/2011 05:28:22, 1090 bytes
Driver: C:\Windows\system32\iglhxa64.cpa, 3/25/2011 05:28:22, 1991936 bytes
Driver: C:\Windows\system32\iglhcp64.dll, 2.00.0002.0002 (English), 3/25/2011 05:28:22, 95744 bytes
Driver: C:\Windows\system32\iglhsip64.dll, 2.00.0002.0002 (English), 3/25/2011 05:28:22, 364032 bytes
Driver: C:\Windows\SysWow64\igdumd32.dll, 8.15.0010.2342 (English), 3/25/2011 06:12:04, 5692416 bytes
Driver: C:\Windows\SysWow64\igdumdx32.dll, 8.15.0010.2342 (English), 3/25/2011 06:08:44, 575488 bytes
Driver: C:\Windows\SysWow64\igfxdv32.dll, 8.15.0010.2342 (English), 3/25/2011 05:33:48, 288768 bytes
Driver: C:\Windows\SysWow64\igd10umd32.dll, 8.15.0010.2342 (English), 3/25/2011 06:02:06, 6068736 bytes
Driver: C:\Windows\SysWow64\iglhcp32.dll, 2.00.0002.0002 (English), 3/25/2011 05:28:22, 86528 bytes
Driver: C:\Windows\SysWow64\iglhsip32.dll, 2.00.0002.0002 (English), 3/25/2011 05:28:22, 368640 bytes
Driver: C:\Windows\SysWow64\igfxcmrt32.dll, 1.00.0000.0004 (English), 3/25/2011 05:28:22, 142848 bytes
Driver: C:\Windows\system32\difx64.exe, 5/8/2011 22:45:30, 179992 bytes
Driver: C:\Windows\system32\hccutils.dll, 8.15.0010.2342 (English), 3/25/2011 05:38:58, 109056 bytes
Driver: C:\Windows\system32\igfxsrvc.dll, 8.15.0010.2342 (English), 3/25/2011 05:39:24, 62464 bytes
Driver: C:\Windows\system32\igfxsrvc.exe, 8.15.0010.2342 (English), 5/8/2011 22:46:00, 510232 bytes
Driver: C:\Windows\system32\igfxpph.dll, 8.15.0010.2342 (English), 3/25/2011 05:39:46, 335872 bytes
Driver: C:\Windows\system32\igfxcpl.cpl, 8.15.0010.2342 (English), 3/25/2011 05:40:12, 126976 bytes
Driver: C:\Windows\system32\igfxdev.dll, 8.15.0010.2342 (English), 3/25/2011 05:38:48, 385024 bytes
Driver: C:\Windows\system32\igfxdo.dll, 8.15.0010.2342 (English), 3/25/2011 05:38:10, 142336 bytes
Driver: C:\Windows\system32\igfxtray.exe, 8.15.0010.2342 (English), 5/8/2011 22:46:06, 168216 bytes
Driver: C:\Windows\system32\hkcmd.exe, 8.15.0010.2342 (English), 5/8/2011 22:45:48, 391960 bytes
Driver: C:\Windows\system32\igfxress.dll, 8.15.0010.2342 (English), 3/25/2011 05:38:08, 9014784 bytes
Driver: C:\Windows\system32\igfxpers.exe, 8.15.0010.2342 (English), 5/8/2011 22:45:56, 419096 bytes
Driver: C:\Windows\system32\igfxTMM.dll, 8.15.0010.2342 (English), 3/25/2011 05:39:42, 380928 bytes
Driver: C:\Windows\system32\gfxSrvc.dll, 8.15.0010.2342 (English), 3/25/2011 05:38:50, 144896 bytes
Driver: C:\Windows\system32\GfxUI.exe, 8.15.0010.2342 (English), 5/8/2011 22:45:38, 4370712 bytes
Driver: C:\Windows\system32\GfxUI.exe.config, 3/25/2011 05:31:52, 151 bytes
Driver: C:\Windows\system32\IGFXDEVLib.dll, 1.00.0000.0000 (Invariant Language), 3/25/2011 05:38:48, 4096 bytes
Driver: C:\Windows\system32\igfxext.exe, 8.15.0010.2342 (English), 5/8/2011 22:45:52, 239384 bytes
Driver: C:\Windows\system32\igfxexps.dll, 8.15.0010.2342 (English), 3/25/2011 05:39:36, 28672 bytes
Driver: C:\Windows\SysWow64\igfxexps32.dll, 8.15.0010.2342 (English), 3/25/2011 05:34:38, 24576 bytes
Driver: C:\Windows\system32\igfxrara.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:14, 285184 bytes
Driver: C:\Windows\system32\igfxrchs.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:14, 282624 bytes
Driver: C:\Windows\system32\igfxrcht.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:16, 282624 bytes
Driver: C:\Windows\system32\igfxrdan.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:16, 285696 bytes
Driver: C:\Windows\system32\igfxrdeu.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:20, 286720 bytes
Driver: C:\Windows\system32\igfxrenu.lrc, 8.15.0010.2342 (English), 3/25/2011 05:38:16, 285696 bytes
Driver: C:\Windows\system32\igfxresn.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:26, 287232 bytes
Driver: C:\Windows\system32\igfxrfin.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:18, 286208 bytes
Driver: C:\Windows\system32\igfxrfra.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:18, 287232 bytes
Driver: C:\Windows\system32\igfxrheb.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:20, 285184 bytes
Driver: C:\Windows\system32\igfxrhrv.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:30, 286720 bytes
Driver: C:\Windows\system32\igfxrita.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:22, 286720 bytes
Driver: C:\Windows\system32\igfxrjpn.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:22, 283648 bytes
Driver: C:\Windows\system32\igfxrkor.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:22, 283136 bytes
Driver: C:\Windows\system32\igfxrnld.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:18, 286720 bytes
Driver: C:\Windows\system32\igfxrnor.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:24, 286208 bytes
Driver: C:\Windows\system32\igfxrplk.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:24, 286720 bytes
Driver: C:\Windows\system32\igfxrptb.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:24, 286208 bytes
Driver: C:\Windows\system32\igfxrptg.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:24, 286720 bytes
Driver: C:\Windows\system32\igfxrrom.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:30, 286720 bytes
Driver: C:\Windows\system32\igfxrrus.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:26, 286720 bytes
Driver: C:\Windows\system32\igfxrsky.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:30, 286720 bytes
Driver: C:\Windows\system32\igfxrslv.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:28, 286208 bytes
Driver: C:\Windows\system32\igfxrsve.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:28, 286208 bytes
Driver: C:\Windows\system32\igfxrtha.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:28, 285696 bytes
Driver: C:\Windows\system32\igfxrcsy.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:16, 286720 bytes
Driver: C:\Windows\system32\igfxrell.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:20, 287232 bytes
Driver: C:\Windows\system32\igfxrhun.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:20, 286208 bytes
Driver: C:\Windows\system32\igfxrtrk.lrc, 8.15.0010.2342 (English), 3/25/2011 05:40:28, 286208 bytes
Driver: C:\Windows\system32\Gfxres.ar-SA.resources, 3/25/2011 05:40:32, 154366 bytes
Driver: C:\Windows\system32\Gfxres.cs-CZ.resources, 3/25/2011 05:40:34, 131897 bytes
Driver: C:\Windows\system32\Gfxres.da-DK.resources, 3/25/2011 05:40:34, 127109 bytes
Driver: C:\Windows\system32\Gfxres.de-DE.resources, 3/25/2011 05:40:36, 136226 bytes
Driver: C:\Windows\system32\Gfxres.el-GR.resources, 3/25/2011 05:40:38, 195681 bytes
Driver: C:\Windows\system32\Gfxres.es-ES.resources, 3/25/2011 05:40:38, 136172 bytes
Driver: C:\Windows\system32\Gfxres.en-US.resources, 3/25/2011 05:40:14, 122646 bytes
Driver: C:\Windows\system32\Gfxres.fi-FI.resources, 3/25/2011 05:40:40, 131456 bytes
Driver: C:\Windows\system32\Gfxres.fr-FR.resources, 3/25/2011 05:40:40, 134081 bytes
Driver: C:\Windows\system32\Gfxres.he-IL.resources, 3/25/2011 05:40:42, 147392 bytes
Driver: C:\Windows\system32\Gfxres.hr-HR.resources, 3/25/2011 05:41:06, 130414 bytes
Driver: C:\Windows\system32\Gfxres.hu-HU.resources, 3/25/2011 05:40:44, 132861 bytes
Driver: C:\Windows\system32\Gfxres.it-IT.resources, 3/25/2011 05:40:44, 138635 bytes
Driver: C:\Windows\system32\Gfxres.ja-JP.resources, 3/25/2011 05:40:46, 151350 bytes
Driver: C:\Windows\system32\Gfxres.ko-KR.resources, 3/25/2011 05:40:48, 137000 bytes
Driver: C:\Windows\system32\Gfxres.nb-NO.resources, 3/25/2011 05:40:48, 127367 bytes
Driver: C:\Windows\system32\Gfxres.nl-NL.resources, 3/25/2011 05:40:50, 132876 bytes
Driver: C:\Windows\system32\Gfxres.pl-PL.resources, 3/25/2011 05:40:52, 131711 bytes
Driver: C:\Windows\system32\Gfxres.pt-BR.resources, 3/25/2011 05:40:52, 133321 bytes
Driver: C:\Windows\system32\Gfxres.pt-PT.resources, 3/25/2011 05:40:54, 132299 bytes
Driver: C:\Windows\system32\Gfxres.ro-RO.resources, 3/25/2011 05:41:08, 135119 bytes
Driver: C:\Windows\system32\Gfxres.ru-RU.resources, 3/25/2011 05:40:56, 180246 bytes
Driver: C:\Windows\system32\Gfxres.sk-SK.resources, 3/25/2011 05:40:56, 131290 bytes
Driver: C:\Windows\system32\Gfxres.sl-SI.resources, 3/25/2011 05:40:58, 127599 bytes
Driver: C:\Windows\system32\Gfxres.sv-SE.resources, 3/25/2011 05:41:00, 132422 bytes
Driver: C:\Windows\system32\Gfxres.th-TH.resources, 3/25/2011 05:41:00, 208335 bytes
Driver: C:\Windows\system32\Gfxres.tr-TR.resources, 3/25/2011 05:41:02, 133868 bytes
Driver: C:\Windows\system32\Gfxres.zh-CN.resources, 3/25/2011 05:41:04, 115195 bytes
Driver: C:\Windows\system32\Gfxres.zh-TW.resources, 3/25/2011 05:41:04, 116413 bytes
Driver: C:\Windows\system32\ig4icd64.dll, 8.15.0010.2342 (English), 3/25/2011 05:54:12, 19592704 bytes
Driver: C:\Windows\SysWow64\ig4icd32.dll, 8.15.0010.2342 (English), 3/25/2011 05:45:14, 14294016 bytes
Driver: C:\Windows\system32\igfxCoIn_v2342.dll, 1.02.0030.0000 (English), 3/25/2011 06:24:16, 90112 bytes
Name: High Definition Audio Controller
Device ID: PCI\VEN_8086&DEV_3B56&SUBSYS_06031025&REV_05\3&11583659&0&D8
Driver: C:\Windows\system32\DRIVERS\hdaudbus.sys, 6.01.7601.17514 (English), 11/20/2010 23:23:47, 122368 bytes
Name: Intel(R) HM55 Express Chipset LPC Interface Controller - 3B09
Device ID: PCI\VEN_8086&DEV_3B09&SUBSYS_06031025&REV_05\3&11583659&0&F8
Driver: C:\Windows\system32\DRIVERS\msisadrv.sys, 6.01.7600.16385 (English), 7/13/2009 21:48:27, 15424 bytes
Name: Intel(R) processor DRAM Controller - 0044
Device ID: PCI\VEN_8086&DEV_0044&SUBSYS_06031025&REV_18\3&11583659&0&00
Driver: n/a
Name: Reserved - 2D13
Device ID: PCI\VEN_8086&DEV_2D13&SUBSYS_06031025&REV_05\3&4F11E61&0&13
Driver: n/a
Name: Intel(R) 5 Series/3400 Series Chipset Family PCI Express Root Port 6 - 3B4C
Device ID: PCI\VEN_8086&DEV_3B4C&SUBSYS_06031025&REV_05\3&11583659&0&E5
Driver: C:\Windows\system32\DRIVERS\pci.sys, 6.01.7601.17514 (English), 11/20/2010 23:23:47, 184704 bytes
Name: Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Device ID: PCI\VEN_1969&DEV_2062&SUBSYS_06031025&REV_C1\4&71F6122&0&00E0
Driver: n/a
Name: Reserved - 2D12
Device ID: PCI\VEN_8086&DEV_2D12&SUBSYS_06031025&REV_05\3&4F11E61&0&12
Driver: n/a
Name: Intel(R) 5 Series/3400 Series Chipset Family PCI Express Root Port 1 - 3B42
Device ID: PCI\VEN_8086&DEV_3B42&SUBSYS_06031025&REV_05\3&11583659&0&E0
Driver: C:\Windows\system32\DRIVERS\pci.sys, 6.01.7601.17514 (English), 11/20/2010 23:23:47, 184704 bytes
Name: Atheros AR5B125 Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_0032&SUBSYS_E047105B&REV_01\4&3B0BEF3&0&00E5
Driver: C:\Windows\system32\DRIVERS\athrx.sys, 9.02.0000.0419 (English), 6/1/2011 23:37:32, 2750464 bytes
Name: QPI Physical 0 - 2D11
Device ID: PCI\VEN_8086&DEV_2D11&SUBSYS_06031025&REV_05\3&4F11E61&0&11
Driver: n/a
Name: Intel(R) 5 Series/3400 Series Chipset Family USB Enhanced Host Controller - 3B3C
Device ID: PCI\VEN_8086&DEV_3B3C&SUBSYS_06031025&REV_05\3&11583659&0&D0
Driver: C:\Windows\system32\drivers\usbehci.sys, 6.01.7601.17586 (English), 7/14/2011 01:31:18, 52736 bytes
Driver: C:\Windows\system32\drivers\usbport.sys, 6.01.7601.17586 (English), 7/14/2011 01:31:18, 325120 bytes
Driver: C:\Windows\system32\drivers\usbhub.sys, 6.01.7601.17586 (English), 7/14/2011 01:31:18, 343040 bytes
Name: QPI Link 0 - 2D10
Device ID: PCI\VEN_8086&DEV_2D10&SUBSYS_06031025&REV_05\3&4F11E61&0&10
Driver: n/a
Name: Intel(R) 5 Series/3400 Series Chipset Family USB Enhanced Host Controller - 3B34
Device ID: PCI\VEN_8086&DEV_3B34&SUBSYS_06031025&REV_05\3&11583659&0&E8
Driver: C:\Windows\system32\drivers\usbehci.sys, 6.01.7601.17586 (English), 7/14/2011 01:31:18, 52736 bytes
Driver: C:\Windows\system32\drivers\usbport.sys, 6.01.7601.17586 (English), 7/14/2011 01:31:18, 325120 bytes
Driver: C:\Windows\system32\drivers\usbhub.sys, 6.01.7601.17586 (English), 7/14/2011 01:31:18, 343040 bytes
Name: QuickPath Architecture System Address Decoder - 2D01
Device ID: PCI\VEN_8086&DEV_2D01&SUBSYS_06031025&REV_05\3&4F11E61&0&01
Driver: n/a
Name: Intel(R) Turbo Boost Technology Driver
Device ID: PCI\VEN_8086&DEV_3B32&SUBSYS_06031025&REV_05\3&11583659&0&FE
Driver: C:\Windows\system32\DRIVERS\Impcd.sys, 1.02.0000.1002 (English), 2/26/2010 04:32:12, 158976 bytes
Name: QuickPath Architecture Generic Non-core Registers - 2C62
Device ID: PCI\VEN_8086&DEV_2C62&SUBSYS_06031025&REV_05\3&4F11E61&0&00
Driver: n/a
Name: Intel(R) 5 Series/3400 Series Chipset Family SMBus Controller - 3B30
Device ID: PCI\VEN_8086&DEV_3B30&SUBSYS_06031025&REV_05\3&11583659&0&FB
Driver: n/a
Name: Intel(R) 82801 PCI Bridge - 2448
Device ID: PCI\VEN_8086&DEV_2448&SUBSYS_06031025&REV_A5\3&11583659&0&F0
Driver: C:\Windows\system32\DRIVERS\pci.sys, 6.01.7601.17514 (English), 11/20/2010 23:23:47, 184704 bytes
Name: Intel(R) Management Engine Interface
Device ID: PCI\VEN_8086&DEV_3B64&SUBSYS_06031025&REV_06\3&11583659&0&B0
Driver: n/a
Name: Intel(R) 5 Series 4 Port SATA AHCI Controller
Device ID: PCI\VEN_8086&DEV_3B29&SUBSYS_06031025&REV_05\3&11583659&0&FA
Driver: C:\Windows\system32\DRIVERS\iaStor.sys, 10.00.0000.1046 (English), 9/13/2010 21:24:26, 437272 bytes
------------------
DirectShow Filters
------------------
DirectShow Filters:
WMAudio Decoder DMO,0x00800800,1,1,WMADMOD.DLL,6.01.7601.17514
WMAPro over S/PDIF DMO,0x00600800,1,1,WMADMOD.DLL,6.01.7601.17514
WMSpeech Decoder DMO,0x00600800,1,1,WMSPDMOD.DLL,6.01.7601.17514
MP3 Decoder DMO,0x00600800,1,1,mp3dmod.dll,6.01.7600.16385
Mpeg4s Decoder DMO,0x00800001,1,1,mp4sdecd.dll,6.01.7600.16385
WMV Screen decoder DMO,0x00600800,1,1,wmvsdecd.dll,6.01.7601.17514
WMVideo Decoder DMO,0x00800001,1,1,wmvdecod.dll,6.01.7601.18221
Mpeg43 Decoder DMO,0x00800001,1,1,mp43decd.dll,6.01.7600.16385
Mpeg4 Decoder DMO,0x00800001,1,1,mpg4decd.dll,6.01.7600.16385
DV Muxer,0x00400000,0,0,qdv.dll,6.06.7601.17514
Color Space Converter,0x00400001,1,1,quartz.dll,6.06.7601.17713
WM ASF Reader,0x00400000,0,0,qasf.dll,12.00.7601.17514
Screen Capture filter,0x00200000,0,1,wmpsrcwp.dll,12.00.7601.17514
AVI Splitter,0x00600000,1,1,quartz.dll,6.06.7601.17713
VGA 16 Color Ditherer,0x00400000,1,1,quartz.dll,6.06.7601.17713
SBE2MediaTypeProfile,0x00200000,0,0,sbe.dll,6.06.7601.17528
Microsoft DTV-DVD Video Decoder,0x005fffff,2,4,msmpeg2vdec.dll,6.01.7140.0000
AC3 Parser Filter,0x00600000,1,1,mpg2splt.ax,6.06.7601.17528
StreamBufferSink,0x00200000,0,0,sbe.dll,6.06.7601.17528
Microsoft TV Captions Decoder,0x00200001,1,0,MSTVCapn.dll,6.01.7601.17715
MJPEG Decompressor,0x00600000,1,1,quartz.dll,6.06.7601.17713
CBVA DMO wrapper filter,0x00200000,1,1,cbva.dll,6.01.7601.17514
MPEG-I Stream Splitter,0x00600000,1,2,quartz.dll,6.06.7601.17713
SAMI (CC) Parser,0x00400000,1,1,quartz.dll,6.06.7601.17713
VBI Codec,0x00600000,1,4,VBICodec.ax,6.06.7601.17514
MPEG-2 Splitter,0x005fffff,1,0,mpg2splt.ax,6.06.7601.17528
Closed Captions Analysis Filter,0x00200000,2,5,cca.dll,6.06.7601.17514
SBE2FileScan,0x00200000,0,0,sbe.dll,6.06.7601.17528
Microsoft MPEG-2 Video Encoder,0x00200000,1,1,msmpeg2enc.dll,6.01.7601.17514
Internal Script Command Renderer,0x00800001,1,0,quartz.dll,6.06.7601.17713
MPEG Audio Decoder,0x03680001,1,1,quartz.dll,6.06.7601.17713
DV Splitter,0x00600000,1,2,qdv.dll,6.06.7601.17514
Video Mixing Renderer 9,0x00200000,1,0,quartz.dll,6.06.7601.17713
Microsoft MPEG-2 Encoder,0x00200000,2,1,msmpeg2enc.dll,6.01.7601.17514
ACM Wrapper,0x00600000,1,1,quartz.dll,6.06.7601.17713
Video Renderer,0x00800001,1,0,quartz.dll,6.06.7601.17713
MPEG-2 Video Stream Analyzer,0x00200000,0,0,sbe.dll,6.06.7601.17528
Line 21 Decoder,0x00600000,1,1,,
Video Port Manager,0x00600000,2,1,quartz.dll,6.06.7601.17713
Video Renderer,0x00400000,1,0,quartz.dll,6.06.7601.17713
VPS Decoder,0x00200000,0,0,WSTPager.ax,6.06.7601.17514
WM ASF Writer,0x00400000,0,0,qasf.dll,12.00.7601.17514
VBI Surface Allocator,0x00600000,1,1,vbisurf.ax,6.01.7601.17514
File writer,0x00200000,1,0,qcap.dll,6.06.7601.17514
iTV Data Sink,0x00600000,1,0,itvdata.dll,6.06.7601.17514
iTV Data Capture filter,0x00600000,1,1,itvdata.dll,6.06.7601.17514
DVD Navigator,0x00200000,0,3,qdvd.dll,6.06.7601.17713
Microsoft TV Subtitles Decoder,0x00200001,1,0,MSTVCapn.dll,6.01.7601.17715
Overlay Mixer2,0x00200000,1,1,,
RDP DShow Redirection Filter,0xffffffff,1,0,DShowRdpFilter.dll,
Microsoft MPEG-2 Audio Encoder,0x00200000,1,1,msmpeg2enc.dll,6.01.7601.17514
WST Pager,0x00200000,1,1,WSTPager.ax,6.06.7601.17514
MPEG-2 Demultiplexer,0x00600000,1,1,mpg2splt.ax,6.06.7601.17528
DV Video Decoder,0x00800000,1,1,qdv.dll,6.06.7601.17514
SampleGrabber,0x00200000,1,1,qedit.dll,6.06.7601.18175
Null Renderer,0x00200000,1,0,qedit.dll,6.06.7601.18175
MPEG-2 Sections and Tables,0x005fffff,1,0,Mpeg2Data.ax,6.06.7601.17514
Microsoft AC3 Encoder,0x00200000,1,1,msac3enc.dll,6.01.7601.17514
StreamBufferSource,0x00200000,0,0,sbe.dll,6.06.7601.17528
Smart Tee,0x00200000,1,2,qcap.dll,6.06.7601.17514
Overlay Mixer,0x00200000,0,0,,
AVI Decompressor,0x00600000,1,1,quartz.dll,6.06.7601.17713
NetBridge,0x00200000,2,0,netbridge.dll,6.01.7601.17514
AVI/WAV File Source,0x00400000,0,2,quartz.dll,6.06.7601.17713
Wave Parser,0x00400000,1,1,quartz.dll,6.06.7601.17713
MIDI Parser,0x00400000,1,1,quartz.dll,6.06.7601.17713
Multi-file Parser,0x00400000,1,1,quartz.dll,6.06.7601.17713
File stream renderer,0x00400000,1,1,quartz.dll,6.06.7601.17713
Microsoft DTV-DVD Audio Decoder,0x005fffff,1,1,msmpeg2adec.dll,6.01.7140.0000
StreamBufferSink2,0x00200000,0,0,sbe.dll,6.06.7601.17528
AVI Mux,0x00200000,1,0,qcap.dll,6.06.7601.17514
Line 21 Decoder 2,0x00600002,1,1,quartz.dll,6.06.7601.17713
File Source (Async.),0x00400000,0,1,quartz.dll,6.06.7601.17713
File Source (URL),0x00400000,0,1,quartz.dll,6.06.7601.17713
Media Center Extender Encryption Filter,0x00200000,2,2,Mcx2Filter.dll,6.01.7601.17514
AudioRecorder WAV Dest,0x00200000,0,0,WavDest.dll,
AudioRecorder Wave Form,0x00200000,0,0,WavDest.dll,
SoundRecorder Null Renderer,0x00200000,0,0,WavDest.dll,
Infinite Pin Tee Filter,0x00200000,1,1,qcap.dll,6.06.7601.17514
Enhanced Video Renderer,0x00200000,1,0,evr.dll,6.01.7601.17514
BDA MPEG2 Transport Information Filter,0x00200000,2,0,psisrndr.ax,6.06.7601.17669
MPEG Video Decoder,0x40000001,1,1,quartz.dll,6.06.7601.17713
WDM Streaming Tee/Splitter Devices:
Tee/Sink-to-Sink Converter,0x00200000,1,1,ksproxy.ax,6.01.7601.17514
Video Compressors:
WMVideo8 Encoder DMO,0x00600800,1,1,wmvxencd.dll,6.01.7600.16385
WMVideo9 Encoder DMO,0x00600800,1,1,wmvencod.dll,6.01.7600.16385
MSScreen 9 encoder DMO,0x00600800,1,1,wmvsencd.dll,6.01.7600.16385
DV Video Encoder,0x00200000,0,0,qdv.dll,6.06.7601.17514
MJPEG Compressor,0x00200000,0,0,quartz.dll,6.06.7601.17713
Audio Compressors:
WM Speech Encoder DMO,0x00600800,1,1,WMSPDMOE.DLL,6.01.7600.16385
WMAudio Encoder DMO,0x00600800,1,1,WMADMOE.DLL,6.01.7600.16385
IMA ADPCM,0x00200000,1,1,quartz.dll,6.06.7601.17713
PCM,0x00200000,1,1,quartz.dll,6.06.7601.17713
Microsoft ADPCM,0x00200000,1,1,quartz.dll,6.06.7601.17713
GSM 6.10,0x00200000,1,1,quartz.dll,6.06.7601.17713
CCITT A-Law,0x00200000,1,1,quartz.dll,6.06.7601.17713
CCITT u-Law,0x00200000,1,1,quartz.dll,6.06.7601.17713
MPEG Layer-3,0x00200000,1,1,quartz.dll,6.06.7601.17713
Audio Capture Sources:
Microphone (Realtek High Defini,0x00200000,0,0,qcap.dll,6.06.7601.17514
PBDA CP Filters:
PBDA DTFilter,0x00600000,1,1,CPFilters.dll,6.06.7601.17528
PBDA ETFilter,0x00200000,0,0,CPFilters.dll,6.06.7601.17528
PBDA PTFilter,0x00200000,0,0,CPFilters.dll,6.06.7601.17528
Midi Renderers:
Default MidiOut Device,0x00800000,1,0,quartz.dll,6.06.7601.17713
Microsoft GS Wavetable Synth,0x00200000,1,0,quartz.dll,6.06.7601.17713
WDM Streaming Capture Devices:
Realtek HD Audio Mic input,0x00200000,1,1,ksproxy.ax,6.01.7601.17514
Realtek HD Audio Stereo input,0x00200000,1,1,ksproxy.ax,6.01.7601.17514
WebCam,0x00200000,1,1,ksproxy.ax,6.01.7601.17514
WDM Streaming Rendering Devices:
Realtek HD Audio output,0x00200000,1,1,ksproxy.ax,6.01.7601.17514
BDA Network Providers:
Microsoft ATSC Network Provider,0x00200000,0,1,MSDvbNP.ax,6.06.7601.17514
Microsoft DVBC Network Provider,0x00200000,0,1,MSDvbNP.ax,6.06.7601.17514
Microsoft DVBS Network Provider,0x00200000,0,1,MSDvbNP.ax,6.06.7601.17514
Microsoft DVBT Network Provider,0x00200000,0,1,MSDvbNP.ax,6.06.7601.17514
Microsoft Network Provider,0x00200000,0,1,MSNP.ax,6.06.7601.17514
Video Capture Sources:
WebCam,0x00200000,1,1,ksproxy.ax,6.01.7601.17514
Multi-Instance Capable VBI Codecs:
VBI Codec,0x00600000,1,4,VBICodec.ax,6.06.7601.17514
BDA Transport Information Renderers:
BDA MPEG2 Transport Information Filter,0x00600000,2,0,psisrndr.ax,6.06.7601.17669
MPEG-2 Sections and Tables,0x00600000,1,0,Mpeg2Data.ax,6.06.7601.17514
BDA CP/CA Filters:
Decrypt/Tag,0x00600000,1,1,EncDec.dll,6.06.7601.17708
Encrypt/Tag,0x00200000,0,0,EncDec.dll,6.06.7601.17708
PTFilter,0x00200000,0,0,EncDec.dll,6.06.7601.17708
XDS Codec,0x00200000,0,0,EncDec.dll,6.06.7601.17708
WDM Streaming Communication Transforms:
Tee/Sink-to-Sink Converter,0x00200000,1,1,ksproxy.ax,6.01.7601.17514
Audio Renderers:
Speakers (Realtek High Definiti,0x00200000,1,0,quartz.dll,6.06.7601.17713
Default DirectSound Device,0x00800000,1,0,quartz.dll,6.06.7601.17713
Default WaveOut Device,0x00200000,1,0,quartz.dll,6.06.7601.17713
DirectSound: Speakers (Realtek High Definition Audio),0x00200000,1,0,quartz.dll,6.06.7601.17713
---------------
EVR Power Information
---------------
Current Setting: {16260968-C914-4AA1-8736-B7A6F3C5AE9B} (Power)
Quality Flags: 2576
Enabled:
Force throttling
Allow half deinterlace
Allow scaling
Decode Power Usage: 100
Balanced Flags: 1424
Enabled:
Force throttling
Allow batching
Force half deinterlace
Force scaling
Decode Power Usage: 50
PowerFlags: 1424
Enabled:
Force throttling
Allow batching
Force half deinterlace
Force scaling
Decode Power Usage: 0


----------



## ldarlene (Sep 6, 2008)

now quick reply is comingup, but only after several minutes of waiting after I hit reply... .maybe as many as 5. this is what is across the bottom of the page.
http://forums.techguy.org/newreply.php?do=newreply&p=8787425

also forgot to meantion that after one of the updates, when I logged back onto my desktop the screen went black with this message
Detecting proxy setting
Stayed there for a few minutes, then my desktop icons showed up. Don't think I have ever gotten that message and don't know if it means anything.
Still getting live mail errors after the updates


----------



## ldarlene (Sep 6, 2008)

got really frustrated Wed evening.
After an afternoon fighting with updates.... again, some would install, some not... had to choose a few at a time...
Then the trouble with this page not letting me reply.
Then discovering that IE was changed to a new version and all my favourites and history were wiped out. that was the last straw.
After company left late last evening I decided to do a system restore to earlier Wed afternoon before some of the updates were installed. First one failed.. then computer would not restart... another restore point chosen.. that one failed too.... I have lost track of things the computer lead me through.
Finally, it was reset to 09/10/2013/ 2;21:53.
I have IE back with my history.
When I get up in the morning I will start over again trying to install updates but for now I will not install any updates that have to do with IE.

After that I discovered that Avast was not working... it was a 30 day trial. I forgot that when you start fooling with anything to do with time/dates a trial program will think that you are trying to cheat...so I had not trial days left. So I have uninstalled it and downloaded the free version.

I am not sure if all this means you need to run any scans over again. Let me know.

Next time I will try to wait for your guidance... itwas not really worth all thefrustration and over 3 hours of fighting with this into the wee hours of the morning.


----------



## Cookiegal (Aug 27, 2003)

I think the best thing you could do given the serious infection you had and the problems it has likely cause would be to back up everything important like documents, photos, etc. and then reformat and reinstall Windows.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> I think the best thing you could do given the serious infection you had and the problems it has likely cause would be to back up everything important like documents, photos, etc. and then reformat and reinstall Windows.


A friend last night was just suggesting that.
First, can you tell me what infections I had?

And second, can things be backed up to another drive on the computer?

Thirdly, can anyone there walk me through the process, giving step by step directions on how to back up....

And before I do any of that I need to be sure of what programs I should be using to protect and help to prevent this from happening in future. Are the free versions good enough?


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> I think the best thing you could do given the serious infection you had and the problems it has likely cause would be to back up everything important like documents, photos, etc. and then reformat and reinstall Windows.


Also,I am pretty sure this computer came with everything backed up on a second drive. When I renstall windows will all the registration information be there?


----------



## Cookiegal (Aug 27, 2003)

> First, can you tell me what infections I had?


You had a variant of the ZeroAccess rootkit along with multiple other infections, adware and rogue browser extensions.


> And second, can things be backed up to another drive on the computer?


There isn't another physical drive in the computer that I can see, only partitions and I don't know what's on those partitions (presumably one is a recovery partition). You're best to back things up to an external drive.


> Thirdly, can anyone there walk me through the process, giving step by step directions on how to back up...


I suggest starting another thread for assistance with that.


> And before I do any of that I need to be sure of what programs I should be using to protect and help to prevent this from happening in future. Are the free versions good enough?


Many will say they are good enough but I'm of the opinion that they are not. In other words, you get what you pay for. The two I prefer are Eset (Nod32) and Kaspersky. But that doesn't mean that even those would have protected you from this infection. A lot depends on your browsing habits and keeping Windows and programs such as Java and Adobe Flash and Reader up to date to make sure vulernabilities are patched. And a further word of advice, be careful when downloading programs as they are often bundled with unwanted toolbars and other undesirable applications. Most of the time there will be an option to opt out of any unnecessary "extras" so be on the lookout for that, even with legitmate programs.

You should also change all of your passwords for logging into websites or accessing online bank accounts, etc. as a precaution as well but only from a clean computer or once this one has been reinstalled and therefore would be clean.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> You had a variant of the ZeroAccess rootkit along with multiple other infections, adware and rogue browser extensions.There isn't another physical drive in the computer that I can see, only partitions and I don't know what's on those partitions (presumably one is a recovery partition). You're best to back things up to an external drive.I suggest starting another thread for assistance with that.Many will say they are good enough but I'm of the opinion that they are not. In other words, you get what you pay for. The two I prefer are Eset (Nod32) and Kaspersky. But that doesn't mean that even those would have protected you from this infection. A lot depends on your browsing habits and keeping Windows and programs such as Java and Adobe Flash and Reader up to date to make sure vulernabilities are patched. And a further word of advice, be careful when downloading programs as they are often bundled with unwanted toolbars and other undesirable applications. Most of the time there will be an option to opt out of any unnecessary "extras" so be on the lookout for that, even with legitmate programs.
> 
> You should also change all of your passwords for logging into websites or accessing online bank accounts, etc. as a precaution as well but only from a clean computer or once this one has been reinstalled and therefore would be clean.


Thanks for all your help. I am pretty sure there is a recovery program on the partition as I know the computer did not come with discs.
I am in process of trying to confirm license key... the last figure on the sticker on back of computer is very hard to read... then trying to figure out what I need to backup.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> You had a variant of the ZeroAccess rootkit along with multiple other infections, adware and rogue browser extensions.There isn't another physical drive in the computer that I can see, only partitions and I don't know what's on those partitions (presumably one is a recovery partition). You're best to back things up to an external drive.I suggest starting another thread for assistance with that.Many will say they are good enough but I'm of the opinion that they are not. In other words, you get what you pay for. The two I prefer are Eset (Nod32) and Kaspersky. But that doesn't mean that even those would have protected you from this infection. A lot depends on your browsing habits and keeping Windows and programs such as Java and Adobe Flash and Reader up to date to make sure vulernabilities are patched. And a further word of advice, be careful when downloading programs as they are often bundled with unwanted toolbars and other undesirable applications. Most of the time there will be an option to opt out of any unnecessary "extras" so be on the lookout for that, even with legitmate programs.
> 
> You should also change all of your passwords for logging into websites or accessing online bank accounts, etc. as a precaution as well but only from a clean computer or once this one has been reinstalled and therefore would be clean.


I have my backup discs made. Found where to do the re installing of windows and got help from friends to confirm the letters and numbers on sticker on back of laptop so I know I have the correct license key.
Will start reinstalling windows in the morning. Once I get my programs reloaded would you work with me again to be sure I have not picked up anything bad while downloading programs? It would be great to get confirmation that I really am starting off clean.


----------



## Cookiegal (Aug 27, 2003)

ldarlene said:


> Once I get my programs reloaded would you work with me again to be sure I have not picked up anything bad while downloading programs? It would be great to get confirmation that I really am starting off clean.


Sure. I'd be happy to.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Sure. I'd be happy to.


Thanks.. that will be great. Have not had time to start reloading progarms or restoring data yet but computer is now working well. Windows updates working as it should as far as I can tell... it automatically installed a lot of update

Very curious about some of the problems I had with reinstalling, wondering if you have any ideas why.

1. before I started the process I had my 10 cd back up disks. Decided that I wanted to scan them for viruses first, the first three scanned fine (inserted disc, went to my computer, clicked on D drive and then right click and scan.) The fourth disc showed up as empty. Inserted 5th disc and D drive no longer showed up at all. Inserted a movie and D drive still did not show up. Inserted a memory stick into a USB port and that showed up as D drive.
(I did get it back after the reinstalling..but do you have any ideas where it went???

2. When I got into the factory restall area I had the option of doing a backup first...then rest of computer would be put back to factory shape. Decided that since I did not have a cd drive and did not know if it was a software or hardware prob I decided to do the backup. (I had already tried the Fixit program... which had found a problem but could not fix and suggested I contact manufacturer)
The program started.. got to the restart computer.. after a few minutes of what looked like normal startup the screen went blank and I got the message "Windows cannot be installed on this computer"
then it restarted and I soon got the message "could not configure windows to run on this computer"
It restarted several times with the same message popping up.
Any idea what could have caused this?

3. Got back into the factory restore area and tried the total reformat selection..... this one worked with no problems. When everything was back and I had my desktop D drive was back again.

Looking forward to getting data reinstalled


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Sure. I'd be happy to.


Having probs. with restoring files... starting a new post under Windows..not sure if that is the right place for it.
"media in the drive is not the requested media"


----------



## Cookiegal (Aug 27, 2003)

Please start a new thread for assistance with the factory reset and backup recovery as this is not my area of expertise.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Please start a new thread for assistance with the factory reset and backup recovery as this is not my area of expertise.


Thanks, I have done that.


----------



## Cookiegal (Aug 27, 2003)

You're welcome and good luck.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> You're welcome and good luck.


I will get back to you when finished with this so we can be sure computer is 'clean and free'

We have spent a lot of time together since Oct 2.... don't know WHAT I am going to do with all my free time once this is done...

I will have to log on once in a while just to say "hi"


----------



## Cookiegal (Aug 27, 2003)

Yes, of course. I'll be around.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Yes, of course. I'll be around.


Think I am going to try taking a 'computer break' today.
Have a great Thanksgiving.


----------



## Cookiegal (Aug 27, 2003)

Thanks. 

I've been off quite a bit over the past few days doing lots of work outside while the weather is nice and preparing for Thanksgiving as well. You have to make hay while the sun is shining, as they say.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Thanks.
> 
> I've been off quite a bit over the past few days doing lots of work outside while the weather is nice and preparing for Thanksgiving as well. You have to make hay while the sun is shining, as they say.


Weather has been great here too, esp Sat. Rainy yesterday.
Closing up our trailer tomorrow.


----------



## ldarlene (Sep 6, 2008)

Think I am finally ready to have you recheck to be sure we are rid of any potential probs.

Just to give you a heads up. When I tried to automatically restore my stuff only the first disk worked..no matter how hard I tried I could not get the computer to accept the 'media' (see my other post) That turned out to be a great blessing!! I goofed when doing the backup. Windows suggested to 'let it decide what to backup'. Somehow I assumed that was the better choice... I assumed it was only looking at *my* files.... instead of backing up everything. So if I had succeeded I would have been back where I started...with corrupt stuff....
I am a little concerned that there might have been something on the disk that did install that could cause problems.

I have trial full versions of McAfee and Malwarebytes as well as Superantispyware.
windows updates seem to be working OK though there were two updates that did not install on first try. They did install the second time windows tried to install.


----------



## Cookiegal (Aug 27, 2003)

I hope you didn't lose any data or photos. 

Please download DDS by sUBs to your desktop from the following location:

http://download.bleepingcomputer.com/sUBs/dds.scr

Double-click the *dds.scr* file to run the program.

It will automatically run in silent mode and then you will see the following note:

*"Two logs shall be created on your Desktop".*

The logs will be named *dds.txt* and *attach.txt*.

Wait until the logs appear and then copy and paste their contents in your post.


----------



## ldarlene (Sep 6, 2008)

I got file after file of photos.. and I think I have them all on disk and another computer.... but fairly sure I got them all back. As for data.. I had so much outdated unused stuff on here I am not sure ifI would notice if things were missing. I definitely got back several that I use all the time so I should be ok. Got my recipes back.. that was important.
So for now, as long as I did not get bad stuff back I will be satisfied.

Had a problem last night and first thing this morning with McAfee installing updates. It usually only takes a few seconds but it seemed to hang on "installing updates for a long time. I finally forced shut down. When I started the computer this morning it still said it was updating, 0%. After about 5 min tried to close but everything was frozen, removed battery, put it back in. When I restarted McAfee seemed to be fine. Computer does seem to be running slowly and last night for several minutes seemed to be 'reving up and slowing down'.... went on for at least 10 minutes. Not sure if these things indicate any problems.

Here are the reports.

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16720
Run by Darlene at 10:36:37 on 2013-10-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3767.1881 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.roboform.com/
uDefault_Page_URL = hxxp://acer.msn.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{010CBEE5-753D-46CF-9002-9D95B2919FAF} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{010CBEE5-753D-46CF-9002-9D95B2919FAF}\668647F67756C6 : DHCPNameServer = 10.25.0.1
TCP: Interfaces\{010CBEE5-753D-46CF-9002-9D95B2919FAF}\668663030327F67713 : DHCPNameServer = 10.25.0.1
TCP: Interfaces\{010CBEE5-753D-46CF-9002-9D95B2919FAF}\668677966696 : DHCPNameServer = 10.25.0.1
TCP: Interfaces\{35B3B995-37CF-435A-8F2C-8E7D04D4EB63} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{3AD23420-A547-4F71-AE79-B6AAF56D6F28} : DHCPNameServer = 192.168.1.250
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 776168]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-13 343568]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2013-10-11 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2013-10-11 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2013-10-11 62776]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-10-13 346704]
R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2013-10-11 872552]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-12 328928]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-13 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-10-13 255376]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-11 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-11 701512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\msc\McAPExe.exe [2013-10-12 178048]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-12 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-12 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-12 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-12 328928]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-10-13 199304]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe [2013-10-12 1017016]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-10-13 219272]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-10-13 182752]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-23 256832]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-10-11 2533400]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-13 70112]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-10-13 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-10-13 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-13 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-10-13 77424]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-11 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-13 310224]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-13 519064]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2013-7-9 377040]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-1-13 74840]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-10-12 197264]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-10-13 224704]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2013-7-9 95984]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-13 100912]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-13 1255736]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-10-17 01:13:42 -------- d-----w- C:\Users\Darlene\AppData\Local\{E1C2C8DF-A606-42AF-A129-37EFA0B17FDD}
2013-10-16 13:12:38 -------- d-----w- C:\Users\Darlene\AppData\Local\{2919F33C-E349-42E3-9346-BF17890A79D1}
2013-10-15 19:53:10 -------- d-----w- C:\Users\Darlene\AppData\Local\{D4E50D14-AE5E-4C11-B689-1B0229B7365A}
2013-10-15 19:51:05 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{71E718CB-A9A1-4287-A1F7-DDA13E61991F}\mpengine.dll
2013-10-15 03:49:40 -------- d-----w- C:\Users\Darlene\AppData\Local\{1130E053-46C8-488A-BC0D-94DAAFD9D667}
2013-10-14 21:21:18 -------- d-----w- C:\Users\Darlene\AppData\Roaming\FoozKids
2013-10-14 13:52:24 -------- d-----w- C:\Users\Darlene\AppData\Local\{4E7F7040-228D-4ABC-8529-B48528895B6E}
2013-10-13 23:08:38 -------- d-----w- C:\Users\Darlene\AppData\Local\DVO
2013-10-13 22:47:46 -------- d-----w- C:\Users\Darlene\AppData\Local\{22FF252A-03F8-4C6E-85F9-935D1D0584C1}
2013-10-13 22:19:56 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-10-13 22:19:49 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-10-13 22:19:49 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-10-13 17:07:45 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-13 17:04:21 -------- d-----w- C:\Windows\System32\MRT
2013-10-13 17:03:14 -------- d-----r- C:\Program Files (x86)\Skype
2013-10-13 17:02:18 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-10-13 17:02:18 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-10-13 17:02:17 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-10-13 17:02:17 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-10-13 17:02:17 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-10-13 17:02:17 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-10-13 17:02:17 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-10-13 16:35:31 -------- d-----w- C:\Users\Darlene\AppData\Roaming\PowerCinema
2013-10-13 15:58:11 -------- d-----w- C:\Users\Darlene\AppData\Local\Diagnostics
2013-10-13 13:52:39 -------- d-----w- C:\Windows\SysWow64\Wat
2013-10-13 13:52:38 -------- d-----w- C:\Windows\System32\Wat
2013-10-13 13:37:47 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-10-13 13:21:45 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-10-13 13:21:45 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-10-13 13:21:44 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-10-13 13:21:44 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-10-13 13:21:43 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-10-13 13:21:43 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-10-13 13:21:43 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-10-13 13:18:34 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-13 13:18:34 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-10-13 13:18:34 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-10-13 13:18:34 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-10-13 13:18:34 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-13 04:11:38 -------- d-----w- C:\Users\Darlene\AppData\Local\{1DB5B93B-B05B-4BAE-9E45-7CC8EA93171E}
2013-10-13 04:10:49 -------- d-----w- C:\Users\Darlene\AppData\Roaming\OpenOffice
2013-10-13 04:09:48 -------- d-----w- C:\Program Files (x86)\OpenOffice 4
2013-10-13 03:44:39 197264 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2013-10-13 01:14:45 -------- d-----w- C:\ProgramData\Big Fish
2013-10-13 01:14:43 -------- d-----w- C:\Program Files (x86)\bfgclient
2013-10-13 01:09:10 -------- d-----w- C:\Users\Darlene\AppData\Local\Microsoft Games
2013-10-13 00:55:11 -------- d-----w- C:\Users\Darlene\AppData\Local\Big Fish
2013-10-13 00:55:10 -------- d-----w- C:\BigFishCache
2013-10-13 00:42:06 -------- d-----w- C:\Users\Darlene\AppData\Roaming\SUPERAntiSpyware.com
2013-10-13 00:42:05 -------- d-----w- C:\Users\Darlene\AppData\Local\Google
2013-10-13 00:41:56 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-10-13 00:41:56 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-10-13 00:27:09 -------- d-----w- C:\Users\Darlene\AppData\Local\Kobo
2013-10-12 22:28:13 633856 ----a-w- C:\Windows\System32\comctl32.dll
2013-10-12 22:28:13 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2013-10-12 22:25:57 1572864 ----a-w- C:\Windows\System32\quartz.dll
2013-10-12 22:24:24 515584 ----a-w- C:\Windows\System32\timedate.cpl
2013-10-12 22:24:23 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2013-10-12 22:24:05 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-12 22:24:05 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-10-12 22:22:41 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-10-12 22:22:40 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2013-10-12 22:18:07 -------- d-----w- C:\Program Files (x86)\e-Sword
2013-10-12 22:18:07 -------- d-----w- C:\Program Files (x86)\Common Files\EzTools
2013-10-12 22:17:10 -------- d-----w- C:\Users\Darlene\AppData\Local\Downloaded Installations
2013-10-12 22:16:06 185344 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2013-10-12 22:16:05 100864 ----a-w- C:\Windows\System32\drivers\usbcir.sys
2013-10-12 22:10:04 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-10-12 22:10:03 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-10-12 22:10:03 478208 ----a-w- C:\Windows\System32\dpnet.dll
2013-10-12 22:10:02 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2013-10-12 22:10:01 259584 ----a-w- C:\Windows\System32\WebClnt.dll
2013-10-12 22:10:01 205824 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2013-10-12 22:10:00 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll
2013-10-12 22:10:00 140800 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2013-10-12 22:10:00 102400 ----a-w- C:\Windows\System32\davclnt.dll
2013-10-12 22:09:58 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-10-12 22:09:58 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-10-12 22:09:54 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2013-10-12 22:06:00 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-10-12 22:04:50 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2013-10-12 22:04:48 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2013-10-12 22:04:47 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2013-10-12 22:04:46 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2013-10-12 22:04:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2013-10-12 22:04:44 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-12 21:57:55 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2013-10-12 21:57:54 715776 ----a-w- C:\Windows\System32\kerberos.dll
2013-10-12 21:57:53 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2013-10-12 21:57:52 3216384 ----a-w- C:\Windows\System32\msi.dll
2013-10-12 21:57:51 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2013-10-12 21:57:24 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-10-12 21:57:24 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-10-12 21:57:24 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-10-12 21:40:15 95744 ----a-w- C:\Windows\System32\synceng.dll
2013-10-12 21:40:14 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-10-12 21:05:12 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-10-12 21:05:11 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-10-12 21:05:09 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-10-12 21:05:00 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-10-12 21:05:00 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-10-12 21:03:05 956928 ----a-w- C:\Windows\System32\localspl.dll
2013-10-12 21:03:03 331776 ----a-w- C:\Windows\System32\oleacc.dll
2013-10-12 21:03:03 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2013-10-12 21:03:02 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2013-10-12 21:03:02 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2013-10-12 21:03:00 723456 ----a-w- C:\Windows\System32\EncDec.dll
2013-10-12 21:03:00 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2013-10-12 21:02:53 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-10-12 21:02:53 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-10-12 21:02:53 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-10-12 20:58:59 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-10-12 20:58:52 67072 ----a-w- C:\Windows\splwow64.exe
2013-10-12 20:58:52 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-10-12 20:58:50 77312 ----a-w- C:\Windows\System32\packager.dll
2013-10-12 20:58:50 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-10-12 17:02:36 -------- d-----w- C:\Users\Darlene\AppData\Local\Adobe
2013-10-12 15:22:18 -------- d-----w- C:\Users\Darlene\AppData\Local\{332AED09-58FB-44B3-8E41-3FBF7DF8ABDC}
2013-10-12 04:59:15 -------- d-----w- C:\ProgramData\VirtualizedApplications
2013-10-12 03:43:49 -------- d-----w- C:\Users\Darlene\AppData\Roaming\WildTangent
2013-10-12 03:14:05 -------- d-----w- C:\Users\Darlene\AppData\Local\{1502B1C4-67DA-4FD7-A67B-65E19BA1D994}
2013-10-12 03:13:53 -------- d-----w- C:\Users\Darlene\AppData\Roaming\Windows Live Writer
2013-10-12 03:13:53 -------- d-----w- C:\Users\Darlene\AppData\Local\Windows Live Writer
2013-10-12 02:46:25 -------- d-----w- C:\Users\Darlene\AppData\Local\SoftGrid Client
2013-10-12 02:46:24 -------- d-----w- C:\Users\Darlene\AppData\Roaming\SoftGrid Client
2013-10-12 02:45:22 -------- d-----w- C:\Users\Darlene\AppData\Roaming\TP
2013-10-11 21:24:29 -------- d-----w- C:\Windows\NAPP_Dism_Log
2013-10-11 19:25:33 -------- d-----w- C:\Users\Darlene\AppData\Roaming\RoboForm
2013-10-11 19:23:47 -------- d-----w- C:\Program Files (x86)\Siber Systems
2013-10-11 19:04:50 -------- d-----w- C:\Users\Darlene\AppData\Roaming\Malwarebytes
2013-10-11 19:04:29 -------- d-----w- C:\ProgramData\Malwarebytes
2013-10-11 19:04:23 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-10-11 19:04:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-11 19:03:56 -------- d-----w- C:\Users\Darlene\AppData\Local\Programs
2013-10-11 18:40:21 -------- d-----w- C:\ProgramData\clear.fi
2013-10-11 18:35:00 -------- d-----w- C:\Users\Darlene\AppData\Local\Software
2013-10-11 18:34:59 -------- d-----w- C:\Users\Darlene\AppData\Local\Cyberlink
2013-10-11 18:27:29 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-10-11 18:27:29 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-10-11 18:27:28 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-10-11 18:24:00 -------- d-----w- C:\Users\Darlene\AppData\Local\EgisTec IPS
2013-10-11 18:19:51 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-10-11 18:19:47 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-10-11 18:19:38 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-10-11 18:19:38 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-10-11 18:14:54 -------- d-----w- C:\Program Files (x86)\Kobo
2013-10-11 18:14:39 -------- d-----w- C:\Users\Darlene\AppData\Local\Acer
2013-10-11 18:14:31 -------- d-----w- C:\Users\Darlene\AppData\Local\PowerCinema
2013-10-11 18:14:26 -------- d-----w- C:\ProgramData\OEM_E471269A730E
2013-10-11 18:14:12 -------- d-----w- C:\Users\Darlene\AppData\Local\VirtualStore
2013-10-11 17:55:12 -------- d-----w- C:\ProgramData\EgisTec
2013-10-11 17:49:58 -------- d-----w- C:\ProgramData\CLSK
2013-10-11 17:45:56 -------- d-----w- C:\ProgramData\NTI Launcher
2013-10-11 17:44:57 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2013-10-11 17:44:10 -------- d-----w- C:\Program Files (x86)\EgisTec Shredder
2013-10-11 17:43:53 62776 ----a-w- C:\Windows\System32\drivers\mwlPSDVDisk.sys
2013-10-11 17:43:53 22648 ----a-w- C:\Windows\System32\drivers\mwlPSDFilter.sys
2013-10-11 17:43:53 20520 ----a-w- C:\Windows\System32\drivers\mwlPSDNserv.sys
2013-10-11 17:43:46 -------- d-----w- C:\ProgramData\EgisTec IPS
2013-10-11 17:43:46 -------- d-----w- C:\Program Files (x86)\EgisTec IPS
2013-10-11 17:43:46 -------- d-----w- C:\Program Files (x86)\Common Files\EgisTec
2013-10-11 17:43:35 -------- d-----w- C:\Program Files\EgisTec IPS
2013-10-11 17:43:35 -------- d-----w- C:\Program Files (x86)\EgisTec MyWinLocker
2013-10-11 17:43:23 -------- d-----w- C:\Program Files (x86)\EgisTec MyWinLockerSuite
2013-10-11 17:41:05 -------- d-----w- C:\Program Files (x86)\Microsoft
2013-10-11 17:40:48 -------- d-----w- C:\ProgramData\boost_interprocess
2013-10-11 17:38:02 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2013-10-11 17:37:00 -------- d-----w- C:\Windows\SysWow64\RTCOM
2013-10-11 17:34:26 -------- d-----w- C:\Program Files (x86)\Launch Manager
2013-10-11 17:32:18 -------- d--ha-w- C:\book
2013-10-11 17:29:05 -------- d-----w- C:\Program Files\Common Files\Intel
2013-10-11 17:29:05 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2013-10-11 03:32:00 204920726 ------w- C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\cookn.exe
2013-10-11 01:46:00 897024 ------w- C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVO\Cook'n10App\plugins\com.dvo.cookn.help_10.6.2\html\Cookn8\upgrade.exe
.
==================== Find3M ====================
.
2013-10-13 17:07:45 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-07 16:43:14 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2013-08-07 16:40:20 343568 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2013-08-07 16:40:08 182752 ----a-w- C:\Windows\System32\mfevtps.exe
2013-08-07 16:38:20 776168 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2013-08-07 16:37:02 519064 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2013-08-07 16:36:06 310224 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2013-08-07 16:35:44 179664 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2013-08-07 08:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 18:47:38 1535608 ----a-w- C:\Windows\SysWow64\Codejock.ReportControl.Unicode.v16.2.2.ocx
2013-07-25 18:47:06 1138296 ----a-w- C:\Windows\SysWow64\Codejock.DockingPane.Unicode.v16.2.2.ocx
2013-07-25 18:47:00 1977976 ----a-w- C:\Windows\SysWow64\Codejock.Controls.Unicode.v16.2.2.ocx
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-20 10:33:12 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-07-20 10:33:08 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
.
============= FINISH: 10:41:33.38 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 11/10/2013 2:13:56 PM
System Uptime: 17/10/2013 10:31:32 AM (0 hours ago)
.
Motherboard: Acer | | HMA_CP
Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz | CPU | 1317/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 282 GiB total, 234.137 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 11/10/2013 2:19:25 PM - Windows Update
RP4: 11/10/2013 2:27:31 PM - Windows Update
RP5: 12/10/2013 3:43:50 PM - Windows Backup
RP6: 12/10/2013 6:17:38 PM - Installed e-Sword.
RP7: 12/10/2013 7:42:05 PM - Windows Backup
RP8: 12/10/2013 10:26:17 PM - Windows Backup
RP9: 12/10/2013 11:51:39 PM - Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
RP10: 12/10/2013 11:52:26 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
RP11: 13/10/2013 12:09:34 AM - Installed OpenOffice 4.0.1
RP12: 13/10/2013 12:12:20 AM - Windows Update
RP13: 13/10/2013 11:52:13 AM - Installed Microsoft Fix it 50123
RP14: 13/10/2013 1:02:22 PM - Windows Update
RP15: 13/10/2013 1:34:49 PM - Windows Update
RP16: 13/10/2013 7:00:06 PM - Windows Backup
RP17: 13/10/2013 11:53:58 PM - Windows Update
RP18: 14/10/2013 8:55:16 AM - Windows Modules Installer
RP19: 14/10/2013 1:38:07 PM - Removed Microsoft Office Click-to-Run 2010
RP20: 14/10/2013 1:42:51 PM - Removed Microsoft Office 2010
RP21: 14/10/2013 1:45:11 PM - Removed eBay Worldwide
.
==== Installed Programs ======================
.
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0) MUI
Agatha Christie - Death on the Nile
Alcor Micro USB Card Reader
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Backup Manager V3
Bejeweled 2 Deluxe
Big Fish: Game Manager
Bing Bar
Build-a-lot 4 - Power Source
Chuzzle Deluxe
clear.fi
clear.fi Client
Cook'n
Cradle of Rome 2
D3DX10
Dora's World Adventure
e-Sword
Evernote v. 4.5.1
Final Drive: Nitro
Fooz Kids
Fooz Kids Platform
Galerie de photos Windows Live
Google Update Helper
Governor of Poker 2 Premium Edition
Identity Card
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Jewel Match 3
Junk Mail filter update
Kobo
Launch Manager
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Internet Security Suite
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
Mystery of Mortlake Mansion
MyWinLocker
MyWinLocker 4
MyWinLocker Suite
newsXpresso
Norton Online Backup
NTI Media Maker 9
OpenOffice 4.0.1
Penguins!
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
RoboForm 7-9-2-5 (All Users)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Shredder
Skype™ 5.10
SUPERAntiSpyware
Synaptics Pointing Device Driver
Torchlight
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Virtual Villagers 5 - New Believers
Welcome Center
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
17/10/2013 10:25:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
17/10/2013 10:25:19 AM, Error: Service Control Manager [7000] - The McAfee Platform Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
17/10/2013 10:24:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Anti-Spam Service service to connect.
17/10/2013 10:24:34 AM, Error: Service Control Manager [7000] - The McAfee Anti-Spam Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
16/10/2013 8:12:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McNaiAnn service.
16/10/2013 11:56:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service mcpltsvc with arguments "" in order to run the server: {20966775-18A4-4299-B8E3-772C336B52A7}
14/10/2013 7:20:14 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer TSPEZ that believes that it is the master browser for the domain on transport NetBT_Tcpip_{010CBEE5-753D-46CF-9002-9D95B2919FAF}. The master browser is stopping or an election is being forced.
13/10/2013 9:56:11 AM, Error: Service Control Manager [7023] - 
13/10/2013 9:53:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application Local Management Service service to connect.
13/10/2013 9:53:46 AM, Error: Service Control Manager [7000] - The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
13/10/2013 9:53:45 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Rapid Storage Technology service to connect.
13/10/2013 9:53:45 AM, Error: Service Control Manager [7000] - The Intel(R) Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
13/10/2013 9:53:40 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
13/10/2013 9:53:40 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
13/10/2013 9:53:07 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/10/2013 8:50:59 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
12/10/2013 8:07:55 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
12/10/2013 1:48:47 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/10/2013 2:55:50 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
11/10/2013 10:40:28 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
11/10/2013 10:40:28 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
.
==== End Of File ===========================


----------



## Cookiegal (Aug 27, 2003)

If you don't mind, I'll check all of this tomorrow. It's been a very long, busy and stressful week for me and I'm very tired so I need to rest a bit. I'll be on and off this evening but not doing anything that demands much attention for the rest of today.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> If you don't mind, I'll check all of this tomorrow. It's been a very long, busy and stressful week for me and I'm very tired so I need to rest a bit. I'll be on and off this evening but not doing anything that demands much attention for the rest of today.


Not a problem at all. Take a break and do something that relieves stress.


----------



## Cookiegal (Aug 27, 2003)

Thanks for understanding.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Thanks for understanding.


You're welcome. Now go take a break and do something you enjoy.


----------



## Cookiegal (Aug 27, 2003)

There's nothing too "bad" but I see some "iffy" games. Did you reinstall all of those games or did they get installed through backups?

What was the exact date that you performed the factory reset?

Please download the Event Viewer Tool by Vino Rosso *VEW* and save it to your Desktop:


For XP operating sysetms double-click *VEW.exe* For later operating systems right-click VEW.exe and select "Run As Administrator"

Under "Select log to query", select:

*Application*
*System*

Under "Select type to list", select:

*Error*
*Information*

Click the radio button for "Number of events"
Type *10* in the 1 to 20 box 
Then click the *Run* button.

Notepad will open with the output log. Please copy and paste the contents here.


----------



## ldarlene (Sep 6, 2008)

The backup was started on Oct 10 and did not finish till the 11th. So the factory reset must have been on 
Oct 11.

Not on computer till later this evening so there is no rush with this. Not sure about the games.. they were probably on the backup. Do they get stored in documents? With the exception of whatever was on the first disk which was totally restored I only restored documents and pictures.

hereis the scan.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 18/10/2013 12:31:33 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/10/2013 12:21:13 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: PMMUpdate.exe, version: 1.1.41.0, time stamp: 0x4d907542 Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c92c Exception code: 0xc0000005 Fault offset: 0x000000000000d89e Faulting process id: 0xf70 Faulting application start time: 0x01cecb79b505d592 Faulting application path: C:\Program Files\EgisTec IPS\PMMUpdate.exe Faulting module path: C:\Windows\system32\ole32.dll Report Id: c6ed246f-37ef-11e3-b64c-047d7b1dd2cd
Log: 'Application' Date/Time: 17/10/2013 10:48:29 PM
Type: Error Category: 0
Event: 5022 Source: McLogEvent
MCSCAN32 Engine Initialisation failed. Engine returned error : 1
Log: 'Application' Date/Time: 17/10/2013 8:34:43 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 17/10/2013 8:34:22 PM
Type: Error Category: 0
Event: 5022 Source: McLogEvent
MCSCAN32 Engine Initialisation failed. Engine returned error : 1
Log: 'Application' Date/Time: 17/10/2013 2:33:29 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 17/10/2013 2:32:08 PM
Type: Error Category: 0
Event: 5022 Source: McLogEvent
MCSCAN32 Engine Initialisation failed. Engine returned error : 1
Log: 'Application' Date/Time: 17/10/2013 2:25:19 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: PMMUpdate.exe, version: 1.1.41.0, time stamp: 0x4d907542 Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c92c Exception code: 0xc0000005 Fault offset: 0x000000000000d89e Faulting process id: 0xb28 Faulting application start time: 0x01ceca7255fe4016 Faulting application path: C:\Program Files\EgisTec IPS\PMMUpdate.exe Faulting module path: C:\Windows\system32\ole32.dll Report Id: f280b4ef-3737-11e3-8b67-047d7b1dd2cd
Log: 'Application' Date/Time: 16/10/2013 1:09:27 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 16/10/2013 1:09:00 PM
Type: Error Category: 0
Event: 5022 Source: McLogEvent
MCSCAN32 Engine Initialisation failed. Engine returned error : 1
Log: 'Application' Date/Time: 16/10/2013 12:44:54 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/10/2013 4:31:08 PM
Type: Information Category: 1
Event: 5008 Source: AVLogEvent
Content successfully updated. Major Version: 1682 Minor Version: 0
Log: 'Application' Date/Time: 18/10/2013 1:43:08 PM
Type: Information Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 18/10/2013 1:42:49 PM
Type: Information Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 18/10/2013 1:42:49 PM
Type: Information Category: 0
Event: 9009 Source: Desktop Window Manager
The Desktop Window Manager has exited with code (0x40010004)
Log: 'Application' Date/Time: 18/10/2013 1:19:23 PM
Type: Information Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 18/10/2013 1:19:23 PM
Type: Information Category: 0
Event: 4101 Source: Microsoft-Windows-Winlogon
Windows license validated.
Log: 'Application' Date/Time: 18/10/2013 1:19:10 PM
Type: Information Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 18/10/2013 1:01:31 PM
Type: Information Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 18/10/2013 12:54:58 PM
Type: Information Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 18/10/2013 12:54:58 PM
Type: Information Category: 0
Event: 9009 Source: Desktop Window Manager
The Desktop Window Manager has exited with code (0x40010004)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/10/2013 2:31:42 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/10/2013 10:48:42 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The McAfee Anti-Spam Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 17/10/2013 10:48:42 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the McAfee Anti-Spam Service service to connect.
Log: 'System' Date/Time: 17/10/2013 10:48:41 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The McAfee Proxy Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 17/10/2013 10:48:41 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the McAfee Proxy Service service to connect.
Log: 'System' Date/Time: 17/10/2013 10:48:41 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The McAfee Personal Firewall Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 17/10/2013 10:48:41 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the McAfee Personal Firewall Service service to connect.
Log: 'System' Date/Time: 17/10/2013 10:48:41 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The McAfee Home Network service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 17/10/2013 10:48:41 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the McAfee Home Network service to connect.
Log: 'System' Date/Time: 17/10/2013 10:48:01 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The McAfee Proxy Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 17/10/2013 10:48:01 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the McAfee Proxy Service service to connect.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/10/2013 4:31:17 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The McAfee SiteAdvisor Service service entered the running state.
Log: 'System' Date/Time: 18/10/2013 4:31:17 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The McAfee Home Network service entered the running state.
Log: 'System' Date/Time: 18/10/2013 4:31:17 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The McAfee Anti-Spam Service service entered the running state.
Log: 'System' Date/Time: 18/10/2013 4:31:17 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The McAfee Proxy Service service entered the running state.
Log: 'System' Date/Time: 18/10/2013 4:31:17 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The McAfee Personal Firewall Service service entered the running state.
Log: 'System' Date/Time: 18/10/2013 4:31:17 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The McAfee VirusScan Announcer service entered the running state.
Log: 'System' Date/Time: 18/10/2013 4:31:16 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The McAfee Scanner service entered the stopped state.
Log: 'System' Date/Time: 18/10/2013 4:31:16 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The McAfee Scanner service entered the running state.
Log: 'System' Date/Time: 18/10/2013 4:31:09 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The McAfee Platform Services service entered the running state.
Log: 'System' Date/Time: 18/10/2013 4:30:50 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The McAfee Platform Services service entered the stopped state.


----------



## Cookiegal (Aug 27, 2003)

McAfee seems to be showing up twice.

Is this still a trial version? If so, did you ever purchase it?

I made a mistake with the last instructions so can you do this again please?

Please download the Event Viewer Tool by Vino Rosso *VEW* and save it to your Desktop:


For XP operating sysetms double-click *VEW.exe* For later operating systems right-click VEW.exe and select "Run As Administrator"

Under "Select log to query", select:

*Application*
*System*

Under "Select type to list", select:

*Error*
*Warning*

Click the radio button for "Number of events"
Type *10* in the 1 to 20 box 
Then click the *Run* button.

Notepad will open with the output log. Please copy and paste the contents here.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> McAfee seems to be showing up twice.
> 
> Is this still a trial version? If so, did you ever purchase it?
> 
> ...


----------



## Cookiegal (Aug 27, 2003)

Let's start by uninstalling McAfee as it seems to be causing problems. After uninstalling it via Programs and Features reboot the machine then run the removal tool:

http://service.mcafee.com/FAQDocument.aspx?id=TS101331

After running the removal tool reboot again.

Then run the computer for 24 hours and tomorrow run VEW again and post the new log so I can see what errors have been eliminated and which ones keep repeating.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Let's start by uninstalling McAfee as it seems to be causing problems. After uninstalling it via Programs and Features reboot the machine then run the removal tool:
> 
> http://service.mcafee.com/FAQDocument.aspx?id=TS101331
> 
> ...


Just re-read this post. Did you mean for me to leave the computer on overnight? I turned if off before bed (around midnight) and it did not go back on till early this afternoon. If you need the computer to be on for at least 24 hours than I can do the scan tomorrow evening. let me know what will give you the info you need.


----------



## Cookiegal (Aug 27, 2003)

No, it doesn't have to be on for 24 hours but use it quite a bit during the day time so I can see which errors get eliminated by uninstalling McAfee.

But don't forget to install something else as you can't be without an anti-virus program. I suggest installing Microsoft Security Essentials for now.


----------



## ldarlene (Sep 6, 2008)

Here is the log

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/10/2013 9:15:05 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/10/2013 1:38:02 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 20/10/2013 8:12:00 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 20/10/2013 4:55:42 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 19/10/2013 7:18:47 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 19/10/2013 7:09:54 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 19/10/2013 7:09:25 PM
Type: Error Category: 0
Event: 5022 Source: McLogEvent
The event description cannot be found.
Log: 'Application' Date/Time: 19/10/2013 7:08:16 PM
Type: Error Category: 0
Event: 5022 Source: McLogEvent
The event description cannot be found.
Log: 'Application' Date/Time: 19/10/2013 7:08:01 PM
Type: Error Category: 0
Event: 5022 Source: McLogEvent
The event description cannot be found.
Log: 'Application' Date/Time: 19/10/2013 1:29:15 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 19/10/2013 1:28:33 PM
Type: Error Category: 0
Event: 5022 Source: McLogEvent
The event description cannot be found.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/10/2013 1:42:49 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 3 user registry handles leaked from \Registry\User\S-1-5-21-2745384371-1503068797-1549416104-1001:
Process 3724 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2745384371-1503068797-1549416104-1001\Software\Microsoft\SystemCertificates\Root
Process 3724 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2745384371-1503068797-1549416104-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3724 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2745384371-1503068797-1549416104-1001\Software\Microsoft\SystemCertificates\trust

Log: 'Application' Date/Time: 18/10/2013 4:15:29 AM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: Microsoft.MediaCenter.Mheg
Log: 'Application' Date/Time: 18/10/2013 4:15:24 AM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: Microsoft.MediaCenter.Bml
Log: 'Application' Date/Time: 18/10/2013 4:15:01 AM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: mcupdate
Log: 'Application' Date/Time: 18/10/2013 4:14:59 AM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: mcplayerinterop
Log: 'Application' Date/Time: 18/10/2013 4:14:56 AM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: mcGlidHostObj
Log: 'Application' Date/Time: 18/10/2013 4:14:55 AM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: MCESidebarCtrl
Log: 'Application' Date/Time: 18/10/2013 4:14:53 AM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: LoadMxf
Log: 'Application' Date/Time: 18/10/2013 4:14:41 AM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: Microsoft.MediaCenter.iTv
Log: 'Application' Date/Time: 18/10/2013 4:14:40 AM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: Mcx2Dvcs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/10/2013 1:28:15 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 17/10/2013 2:31:42 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/10/2013 7:06:46 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 19/10/2013 12:43:00 PM
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The McAfee McShield service did not shut down properly after receiving a preshutdown control.
Log: 'System' Date/Time: 19/10/2013 12:42:30 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mfecore service.
Log: 'System' Date/Time: 19/10/2013 12:37:41 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 19/10/2013 2:14:46 AM
Type: Error Category: 0
Event: 7 Source: cdrom
The device, \Device\CdRom0, has a bad block.
Log: 'System' Date/Time: 19/10/2013 2:14:39 AM
Type: Error Category: 0
Event: 7 Source: cdrom
The device, \Device\CdRom0, has a bad block.
Log: 'System' Date/Time: 19/10/2013 2:14:32 AM
Type: Error Category: 0
Event: 7 Source: cdrom
The device, \Device\CdRom0, has a bad block.
Log: 'System' Date/Time: 19/10/2013 2:14:25 AM
Type: Error Category: 0
Event: 7 Source: cdrom
The device, \Device\CdRom0, has a bad block.
Log: 'System' Date/Time: 17/10/2013 10:48:42 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The McAfee Anti-Spam Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 17/10/2013 10:48:42 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the McAfee Anti-Spam Service service to connect.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/10/2013 12:06:12 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 22/10/2013 12:06:11 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 22/10/2013 12:05:59 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 21/10/2013 10:04:37 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 21/10/2013 9:39:40 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 21/10/2013 9:39:29 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 21/10/2013 9:39:26 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 21/10/2013 9:39:22 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 21/10/2013 1:37:59 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 21/10/2013 2:39:26 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.home timed out after none of the configured DNS servers responded.


----------



## Cookiegal (Aug 27, 2003)

Please go to the following link and scroll down to the Resolution section and click on the Fix It button to run a fix that should eliminate one of the Application errors that's occurring.

http://support.microsoft.com/default.aspx?scid=kb;en-US;2545227

Then reboot the machine.

What is the make a model of your modem/router?


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Please go to the following link and scroll down to the Resolution section and click on the Fix It button to run a fix that should eliminate one of the Application errors that's occurring.
> 
> http://support.microsoft.com/default.aspx?scid=kb;en-US;2545227
> 
> ...


the router is a Bell one. S/N NQ 1232101256471


----------



## Cookiegal (Aug 27, 2003)

OK, thanks.

I'm going to ask you again to use the machine and then post back in 24 hours with a new VEW log so I can see if those errors were eliminated by the Microsoft Fix it.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> OK, thanks.
> 
> I'm going to ask you again to use the machine and then post back in 24 hours with a new VEW log so I can see if those errors were eliminated by the Microsoft Fix it.


OK.. This is GREAT!!! When my hubby wants to know when I am going to get off my butt and do something I can tell him I am "working on getting the computer fixed"


----------



## ldarlene (Sep 6, 2008)

Here is the VEW log

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 23/10/2013 6:32:59 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 23/10/2013 1:09:00 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: PMMUpdate.exe, version: 1.1.41.0, time stamp: 0x4d907542 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24 Exception code: 0xc0000005 Fault offset: 0x0000000000029c42 Faulting process id: 0x2c0 Faulting application start time: 0x01cecf75a29402bb Faulting application path: C:\Program Files\EgisTec IPS\PMMUpdate.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: b28309a1-3b7f-11e3-81b4-047d7b1dd2cd
Log: 'Application' Date/Time: 23/10/2013 1:09:00 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: PMMUpdate.exe, version: 1.1.41.0, time stamp: 0x4d907542 Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c92c Exception code: 0xc0000005 Fault offset: 0x0000000000172742 Faulting process id: 0x1434 Faulting application start time: 0x01cecf7ae19e4e19 Faulting application path: C:\Program Files\EgisTec IPS\PMMUpdate.exe Faulting module path: C:\Windows\system32\ole32.dll Report Id: b27e75c0-3b7f-11e3-81b4-047d7b1dd2cd
Log: 'Application' Date/Time: 22/10/2013 2:52:45 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 21/10/2013 1:38:02 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 20/10/2013 8:12:00 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 20/10/2013 4:55:42 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 19/10/2013 7:18:47 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 19/10/2013 7:09:54 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 19/10/2013 7:09:25 PM
Type: Error Category: 0
Event: 5022 Source: McLogEvent
The event description cannot be found.
Log: 'Application' Date/Time: 19/10/2013 7:08:16 PM
Type: Error Category: 0
Event: 5022 Source: McLogEvent
The event description cannot be found.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/10/2013 1:42:49 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 3 user registry handles leaked from \Registry\User\S-1-5-21-2745384371-1503068797-1549416104-1001:
Process 3724 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2745384371-1503068797-1549416104-1001\Software\Microsoft\SystemCertificates\Root
Process 3724 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2745384371-1503068797-1549416104-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3724 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2745384371-1503068797-1549416104-1001\Software\Microsoft\SystemCertificates\trust

Log: 'Application' Date/Time: 18/10/2013 4:15:29 AM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: Microsoft.MediaCenter.Mheg
Log: 'Application' Date/Time: 18/10/2013 4:15:24 AM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: Microsoft.MediaCenter.Bml
Log: 'Application' Date/Time: 18/10/2013 4:15:01 AM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: mcupdate
Log: 'Application' Date/Time: 18/10/2013 4:14:59 AM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: mcplayerinterop
Log: 'Application' Date/Time: 18/10/2013 4:14:56 AM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: mcGlidHostObj
Log: 'Application' Date/Time: 18/10/2013 4:14:55 AM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: MCESidebarCtrl
Log: 'Application' Date/Time: 18/10/2013 4:14:53 AM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: LoadMxf
Log: 'Application' Date/Time: 18/10/2013 4:14:41 AM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: Microsoft.MediaCenter.iTv
Log: 'Application' Date/Time: 18/10/2013 4:14:40 AM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: Mcx2Dvcs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/10/2013 1:28:15 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 17/10/2013 2:31:42 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/10/2013 5:21:12 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 19/10/2013 7:06:46 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 19/10/2013 12:43:00 PM
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The McAfee McShield service did not shut down properly after receiving a preshutdown control.
Log: 'System' Date/Time: 19/10/2013 12:42:30 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mfecore service.
Log: 'System' Date/Time: 19/10/2013 12:37:41 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 19/10/2013 2:14:46 AM
Type: Error Category: 0
Event: 7 Source: cdrom
The device, \Device\CdRom0, has a bad block.
Log: 'System' Date/Time: 19/10/2013 2:14:39 AM
Type: Error Category: 0
Event: 7 Source: cdrom
The device, \Device\CdRom0, has a bad block.
Log: 'System' Date/Time: 19/10/2013 2:14:32 AM
Type: Error Category: 0
Event: 7 Source: cdrom
The device, \Device\CdRom0, has a bad block.
Log: 'System' Date/Time: 19/10/2013 2:14:25 AM
Type: Error Category: 0
Event: 7 Source: cdrom
The device, \Device\CdRom0, has a bad block.
Log: 'System' Date/Time: 17/10/2013 10:48:42 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The McAfee Anti-Spam Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/10/2013 10:12:07 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 23/10/2013 9:57:38 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 23/10/2013 8:53:05 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 23/10/2013 8:53:02 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 23/10/2013 6:45:09 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 23/10/2013 5:21:30 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 23/10/2013 5:21:14 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 23/10/2013 5:21:11 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 23/10/2013 3:06:55 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 23/10/2013 3:05:45 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.home timed out after none of the configured DNS servers responded.


----------



## Cookiegal (Aug 27, 2003)

That took care of one of the errors.

There seems to be a problem with the EgisTec fingerprint authentication software. Do you use that?


----------



## ldarlene (Sep 6, 2008)

I have no idea what the EgisTec fingerprint authentication software is used for.


----------



## ldarlene (Sep 6, 2008)

just googled it and found this.

EgisTec fingerprint solutions offer great security and convenience by enabling end-users to launch programs and documents with a simple swipe of the finger, thus relieving them from memorizing multiple password accounts.

assuming it does other stuff too, not sure. Anyways, I do not have a touch screen. I use RoboForm to manage passwords. So, maybe I do not need it?


----------



## ldarlene (Sep 6, 2008)

Just had an 'ah ha' moment. 
Looked at programs, then EgisTec.
Two things in the folder. One a shredder.
Checked properties. I just installed this on Oct 11 because I liked the idea of being able to shred things instead of just deleting.
If it is causing problems I will uninstall it.


----------



## Cookiegal (Aug 27, 2003)

It's causing problems because it's not working properly as shown by the errors in the Event Viewer. If you don't use it then I would uninstall it.

I don't think it was a good idea using Windows to back things up as too much got backed up. It would have been better to back up things you wanted like documents and photos to an external drive or CDs.

But what's done is done. 

Are you having any problems with your Internet connection?


----------



## ldarlene (Sep 6, 2008)

I did use Windows to back up to CD's. At the time I did not realize I had chosen to back up EVERYTHING.
However, when I reinstalled, only the stuff on the first disc was reinstalled. REALLY GLAD that the rest of the 10 discs refused to reinstall. I will NOT let windows decide what to backup again!

I will uninstall EgisTec 

and yes... my internet connection sometimes just disconnects. It is a wireless connection. I will be doing email or a google search and suddenly a page will not load. I look at the icon on taskbar and see the connection is gone.


----------



## Cookiegal (Aug 27, 2003)

ldarlene said:


> *I did use Windows to back up *to CD's. At the time I did not realize I had chosen to back up EVERYTHING.
> However, when I reinstalled, only the stuff on the first disc was reinstalled. REALLY GLAD that the rest of the 10 discs refused to reinstall. I will NOT let windows decide what to backup again!
> 
> I will uninstall EgisTec
> ...


I know and that's what I'm saying wasn't the best thing to do. There may be things on the other CDs tha are needed and some stuff that's not necessary got restored.

Please download MiniToolBox, save it to your desktop and run it.

Put a checkmark to select the following options:

Flush DNS
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices
List Users, Partitions and Memory size.
List Minidump Files
Click *Go* and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> I know and that's what I'm saying wasn't the best thing to do. There may be things on the other CDs tha are needed and some stuff that's not necessary got restored.
> 
> I did a factory reset after I did the backup. I assumed that everything that was necessary would have been put back on C drive from where ever the factory backup was stored.
> 
> ...


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> I know and that's what I'm saying wasn't the best thing to do. There may be things on the other CDs tha are needed and some stuff that's not necessary got restored.
> 
> Maybe I should start over.
> Do a backup of ONLY my documents and pictures.
> ...


----------



## Cookiegal (Aug 27, 2003)

ldarlene said:


> Maybe I should start over.
> Do a backup of ONLY my documents and pictures.
> 
> I could do another factory reset and the necessary updates. Then we could check for any errors before I reload my documents. It looks like we could be fighting this forever if I don't start over.


Yes, I think that would be best. I don't know if you want to back up emails but that's something to consider as well.


----------



## ldarlene (Sep 6, 2008)

thanks Cookiegal. My emails get saved on line so it would probably be great to get rid of the old stuff on computer.

I have been going through all the stuff in documents and clearing out unused stuff. Finding some stuff I am not sure of but I do not think I want or need it.
Am I right in assuming:

1. when I do a factory reset I will have the computer back the way I bought it, with no necessary things missing (I know that I will be missing any programs that I installed)

2. There is nothing I can delete in documents that is important for the running of the computer the way it was when I got it.


----------



## Cookiegal (Aug 27, 2003)

ldarlene said:


> Am I right in assuming:
> 
> 1. when I do a factory reset I will have the computer back the way I bought it, with no necessary things missing (I know that I will be missing any programs that I installed)


It will be like it was the day you bought it and brought it home. Any documents, photos, music, etc. that you saved or programs that you installed will be gone. It's best to reinstall programs using their original installation media.


> 2. There is nothing I can delete in documents that is important for the running of the computer the way it was when I got it.


I don't have a Windows 7 machine and the Documents folder is a bit different from the My Documents folder in XP. For instance, pictures and music folders are not in that folder. But you really don't need to delete anything. Just be sure you have copies for back up purposes on an external drive and then do the factory reset.


----------



## ldarlene (Sep 6, 2008)

I have a documents folder, videos, pictures and music.
I have no intention of backing up everything in those folders. So I was going through them and deleting documents I no longer use. However, there were files in the 'documents' folders that *do not* look like anything I created so I am deleting them too....(they are still in the recycle bin.. just in case). That was because I was assuming that *IF* there is something that is *critical* that somehow managed to find its way into my documents folder it would be reloaded when I do the factory reset.

So, that is why I am deleting stuff...old files I know I do not need.... and in the process found stuff that is not a document at all.

So I do not have to worry if these unknown to me files are critical?


----------



## Cookiegal (Aug 27, 2003)

I can't know what these unknown files are. Can you give me some examples?


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> I can't know what these unknown files are. Can you give me some examples?


1. registration entries... but when clicked on it asks if I want registry editor to make changes. (I assume when I do a factory reset there will be a registry editor)

2. NTILiveUpdatev9.dll

3 NTIMMV9REGET.dll

4 clearfi_tutorial


----------



## Cookiegal (Aug 27, 2003)

Again, there is no need to delete any files. The factory reset will take care of it.


----------



## ldarlene (Sep 6, 2008)

Cookiegal said:


> Again, there is no need to delete any files. The factory reset will take care of it.


Normally I would agree. However, these files somehow made it into my documents folder. If I copied my documents folder onto an external drive I would then have these files back again.

Going through documents, pictures, music and video folders to be ABSOLUTELY SURE there is NOTHING in those folders that are not MY STUFF.

Hence the need to delete files. I am determined to NOT bring back anything potentially bad when I reinstall my stuff.


----------



## ldarlene (Sep 6, 2008)

OK. doing the factory reset. Everything I need saved to a USB memory stick.
Not sure when I will be back, babysitting the grandkids today.


----------



## Cookiegal (Aug 27, 2003)

I did research and there is some doubt about these files being malware:

2. NTILiveUpdatev9.dll

3 NTIMMV9REGET.dll

But I was unable to confirm it and it seems like they belong to an Acer machine, which yours is. If the files still exist after the reset we can verify them.


----------



## Cookiegal (Aug 27, 2003)

USB stick is not the best choice for backup. An external driver would be much better. USB sticks can be unreliable.

Did you check that you can open the documents saved on it?


----------



## ldarlene (Sep 6, 2008)

Yes, I did check some of the files. I have always backed up photos and some word and spreadsheet documents on it. So far, so good. When I havve some extra money I will get an external drive to be safe.
Had some problems with the reset... did not have my powercord with me and ran out of battery part way through. Went out and bought another charger.
I have run windows update and installed updates
Internet explorer opens but does not give me a search window.
I used another computer to download google chrome onto the memory stick and then loaded it onto laptop, It works.
I have downloaded and installed MSE, Malwarebytes and my Roboform data.
Have not tried to restore any of my documents yet.

Do you want to do any scans before I do any more installing?


----------



## Cookiegal (Aug 27, 2003)

Why did you install Chrome that way rather than directly downloading it?

What version of Internet Explorer do you have?

Yes, before you install anything else, please run VEW again so we can see if there are any errors being generated.


----------



## ldarlene (Sep 6, 2008)

I click on internet explorer
http://ca.msn.com comes up in the tab. there is NO search window.
Click on tools, file and saftey are the only tabs highlightedso I can't get the version.

so, I can't seem to get anywhere on the internet....that is why I had to get Google chrome the way I did.
I will run VEW again


----------



## ldarlene (Sep 6, 2008)

Was not given the option to save to desktop. Hope I remembered the right things to scan.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 26/10/2013 7:30:30 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/10/2013 11:00:01 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 26/10/2013 10:49:29 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x8007043c).

Log: 'Application' Date/Time: 26/10/2013 10:49:07 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8007043c).

Log: 'Application' Date/Time: 26/10/2013 10:15:32 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8007043c).

Log: 'Application' Date/Time: 26/10/2013 9:49:59 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 26/10/2013 8:56:47 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x8007043c).

Log: 'Application' Date/Time: 26/10/2013 8:56:46 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x8007043c).

Log: 'Application' Date/Time: 26/10/2013 8:56:45 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x8007043c).

Log: 'Application' Date/Time: 26/10/2013 8:56:45 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8007043c).

Log: 'Application' Date/Time: 26/10/2013 8:45:04 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x8007043c).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/10/2013 11:00:14 PM
Type: Warning Category: 0
Event: 1 Source: Microsoft-Windows-ApplicationExperienceInfrastructure
The application (Acer Updater, from vendor Acer Incorporated) has the following problem: Acer Updater has a known compatibility issue with this version of Windows. For an update that is compatible with this version of Windows, contact Acer Incorporated.

Log: 'Application' Date/Time: 26/10/2013 10:57:27 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2003188594-1971657549-1642133547-1002:
Process 5096 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002


Log: 'Application' Date/Time: 26/10/2013 10:30:05 PM
Type: Warning Category: 0
Event: 1 Source: Microsoft-Windows-ApplicationExperienceInfrastructure
The application (Acer Updater, from vendor Acer Incorporated) has the following problem: Acer Updater has a known compatibility issue with this version of Windows. For an update that is compatible with this version of Windows, contact Acer Incorporated.

Log: 'Application' Date/Time: 26/10/2013 10:08:56 PM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: ehRecObj

Log: 'Application' Date/Time: 26/10/2013 10:08:53 PM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: Microsoft.MediaCenter.UI

Log: 'Application' Date/Time: 26/10/2013 10:08:52 PM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: Microsoft.MediaCenter

Log: 'Application' Date/Time: 26/10/2013 10:08:52 PM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: ehExtHost32

Log: 'Application' Date/Time: 26/10/2013 10:00:37 PM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: Microsoft.MediaCenter.Mheg

Log: 'Application' Date/Time: 26/10/2013 10:00:35 PM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: Microsoft.MediaCenter.Bml

Log: 'Application' Date/Time: 26/10/2013 10:00:21 PM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: mcupdate

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/10/2013 8:42:44 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/10/2013 11:03:01 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 26/10/2013 11:01:47 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 26/10/2013 10:32:36 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 26/10/2013 10:31:12 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 26/10/2013 9:53:24 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 26/10/2013 9:53:16 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2879017).

Log: 'System' Date/Time: 26/10/2013 9:52:19 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 26/10/2013 9:50:05 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The event description cannot be found.

Log: 'System' Date/Time: 26/10/2013 9:02:47 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 26/10/2013 8:46:15 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2} did not register with DCOM within the required timeout.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/10/2013 10:57:44 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 

Log: 'System' Date/Time: 26/10/2013 10:16:22 PM
Type: Warning Category: 0
Event: 1002 Source: Microsoft Antimalware
Microsoft Antimalware scan has been stopped before completion. Scan ID: {0030DF38-918C-407E-B842-16B8EF577149} Scan Type: Antimalware Scan Parameters: Quick Scan User: WIN-P59S28R7H2B\Terry

Log: 'System' Date/Time: 26/10/2013 9:02:59 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 3 seconds since the last report.

Log: 'System' Date/Time: 26/10/2013 9:02:59 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 3 seconds since the last report.

Log: 'System' Date/Time: 26/10/2013 9:02:59 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 3 seconds since the last report.

Log: 'System' Date/Time: 26/10/2013 9:02:59 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 3 seconds since the last report.


----------



## Cookiegal (Aug 27, 2003)

For the version of Internet Explorer click on Help, not Tools.

You always have the option of directing downloads where you want them.


----------



## ldarlene (Sep 6, 2008)

wish I could better explain
I click on ie icon
a white screen opens up
two tabs on top
1st one http://ca.msn.com
second tab ca.msn.com

far side has the home fav and tools icons
there are not other options
if I put the cursor on the white part of the page it just goes round and round.
If I check task manager it says ie is running.. but no pages are loading.

Directing downloads... I had that option before. This time I clicked on VEW and immediately it showed up as
VEW.exe on bottom of screen. I clicked on the arrow on right side and got no option to save on desktop...only open options


----------



## ldarlene (Sep 6, 2008)

I was finally able to find an IE without add-ons icon to click on. It worked so I was able to get a search page.
There is no 'help' button. However, in the tools tab there is an 'about internet explorer ' button.
I am running ie10
version 10.0.9200.16721
Update Versions: 10.0.10 (KB2879017)
Product ID 00150-20000-0003-AA459


----------



## ldarlene (Sep 6, 2008)

I did a google search to find out how to save to desktop using google chrome. When I installed it the default settings were to save downloads in downloads file. It did not tell me that. I had to go into advanced settings and check off a box so that it will ask where I want to save to. 
Thought I was going crazy again because I was no longer having trouble when I used IE.


----------



## Cookiegal (Aug 27, 2003)

Right-click in the blue area and you should get a right-click menu where you can select the "menu bar" and then you should have those options across the top.

I don't know what you mean by saying there's no search. I believe by default Microsoft sets bing or in this case probably msn.com as your home page. If you want Google or another search engine then you can change the home page. Is that what you're referring to?


----------



## Cookiegal (Aug 27, 2003)

ldarlene said:


> I did a google search to find out how to save to desktop using google chrome. When I installed it the default settings were to save downloads in downloads file. It did not tell me that. I had to go into advanced settings and check off a box so that it will ask where I want to save to.
> Thought I was going crazy again because I was no longer having trouble when I used IE.


Yes, most browsers will download to a downloads folder but you can always change that to a location of your choice.


----------



## ldarlene (Sep 6, 2008)

When I click on IE icon I was getting the blue bar and an empty white page. Nothing was loading except for the default address in the address bar. Put the cursor in the white area and a circle goes round and round... like a page is trying to load but it would not load. So there was never any place to type in a search.

However, when I just now tried to open IE it loaded immediately, no problem. No idea what was wrong, I tried many times last evening and the page refused to load.


----------



## ldarlene (Sep 6, 2008)

Thanks. I did not realize that I had to change the settings in Google Chrome.
IE must come with setting already set to be able to choose 'save as'


----------



## ldarlene (Sep 6, 2008)

Have you been able to check the scan?
Can you tell if it was done from the desktopor not? I am not sure.


----------



## Cookiegal (Aug 27, 2003)

I really wish you would stop using the quote button when replying. You are still leaving parts of my posts and it's hard to see where mine ends and yours begins.

You mentioned when you did the factory reset your battery ran out. Did you start over or just pick up where it left off?

There are many errors that I wouldn't expect to see after a factory reset.

Can you run VEW again so I can see if those same errors have repeated since yesterday please?


----------



## ldarlene (Sep 6, 2008)

Sorry about the quotes. I always hit the reply button. Up until I did the reset yesterday the quotes always come up even though I am NOT choosing them. Usually take the time to delete them before I start my post.
I did not know if the reset had finished or not. When I turned the computer back on it started up normally. However it would not let me log in until I started windows in safe mode. I had computer on and off several times. Then when I turned it on a screen came up showing it was loading 40 of 42. It was the same screen that had been on when it was resetting so I assumed it had not finished. No idea why it did not try to finish when I first turned computer back on.
I figured I should start it again but when I tried to get into advanced recovery I got a pop up that said it could not find required files and i needed to insert the Windows installation disc. I do not have one.
Here is the scan.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 27/10/2013 12:36:42 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/10/2013 2:45:03 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 27/10/2013 2:18:54 PM
Type: Error Category: 0
Event: 5022 Source: McLogEvent
The event description cannot be found.

Log: 'Application' Date/Time: 27/10/2013 2:18:54 PM
Type: Error Category: 0
Event: 5004 Source: McLogEvent
The event description cannot be found.

Log: 'Application' Date/Time: 27/10/2013 2:18:54 PM
Type: Error Category: 0
Event: 5022 Source: McLogEvent
The event description cannot be found.

Log: 'Application' Date/Time: 27/10/2013 2:18:54 PM
Type: Error Category: 0
Event: 5004 Source: McLogEvent
The event description cannot be found.

Log: 'Application' Date/Time: 27/10/2013 12:46:37 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 27/10/2013 4:03:16 AM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8007043c).

Log: 'Application' Date/Time: 27/10/2013 2:24:19 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program IEXPLORE.EXE version 10.0.9200.16720 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 508 Start Time: 01ced2ba90902a0b Termination Time: 61 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id:

Log: 'Application' Date/Time: 26/10/2013 11:00:01 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 26/10/2013 10:49:29 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x8007043c).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/10/2013 4:23:19 PM
Type: Information Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 27/10/2013 4:23:19 PM
Type: Information Category: 0
Event: 4101 Source: Microsoft-Windows-Winlogon
Windows license validated.

Log: 'Application' Date/Time: 27/10/2013 4:22:35 PM
Type: Information Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 27/10/2013 4:22:35 PM
Type: Information Category: 0
Event: 9009 Source: Desktop Window Manager
The Desktop Window Manager has exited with code (0x40010004)

Log: 'Application' Date/Time: 27/10/2013 3:37:29 PM
Type: Information Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 27/10/2013 3:37:29 PM
Type: Information Category: 0
Event: 4101 Source: Microsoft-Windows-Winlogon
Windows license validated.

Log: 'Application' Date/Time: 27/10/2013 3:37:20 PM
Type: Information Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 27/10/2013 3:37:20 PM
Type: Information Category: 0
Event: 9009 Source: Desktop Window Manager
The Desktop Window Manager has exited with code (0x40010004)

Log: 'Application' Date/Time: 27/10/2013 3:25:39 PM
Type: Information Category: 0
Event: 0 Source: SignInAssistant
The event description cannot be found.

Log: 'Application' Date/Time: 27/10/2013 3:25:39 PM
Type: Information Category: 0
Event: 0 Source: SignInAssistant
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/10/2013 2:43:37 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-2003188594-1971657549-1642133547-1002:
Process 5080 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002
Process 5080 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002
Process 5080 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002
Process 5080 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002
Process 5080 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Microsoft\SystemCertificates\Root
Process 5080 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Microsoft\SystemCertificates\TrustedPeople
Process 5080 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Microsoft\SystemCertificates\trust
Process 5080 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Microsoft\SystemCertificates\My
Process 5080 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Microsoft\SystemCertificates\CA
Process 5080 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Policies\Microsoft\SystemCertificates
Process 5080 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Policies\Microsoft\SystemCertificates
Process 5080 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Policies\Microsoft\SystemCertificates
Process 5080 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Policies\Microsoft\SystemCertificates
Process 5080 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Microsoft\SystemCertificates\Disallowed
Process 5080 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Microsoft\SystemCertificates\SmartCardRoot

Log: 'Application' Date/Time: 27/10/2013 4:03:09 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 12 user registry handles leaked from \Registry\User\S-1-5-21-2003188594-1971657549-1642133547-1002:
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Microsoft\SystemCertificates\Root
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Microsoft\SystemCertificates\trust
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Microsoft\SystemCertificates\My
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Microsoft\SystemCertificates\CA
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Policies\Microsoft\SystemCertificates
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Policies\Microsoft\SystemCertificates
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Policies\Microsoft\SystemCertificates
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Microsoft\SystemCertificates\Disallowed
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Microsoft\SystemCertificates\SmartCardRoot

Log: 'Application' Date/Time: 27/10/2013 3:51:07 AM
Type: Warning Category: 0
Event: 1 Source: Microsoft-Windows-ApplicationExperienceInfrastructure
The application (Acer Updater, from vendor Acer Incorporated) has the following problem: Acer Updater has a known compatibility issue with this version of Windows. For an update that is compatible with this version of Windows, contact Acer Incorporated.

Log: 'Application' Date/Time: 27/10/2013 3:50:52 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2003188594-1971657549-1642133547-1002:
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Microsoft\SystemCertificates\Root

Log: 'Application' Date/Time: 27/10/2013 12:08:36 AM
Type: Warning Category: 0
Event: 1 Source: Microsoft-Windows-ApplicationExperienceInfrastructure
The application (Acer Updater, from vendor Acer Incorporated) has the following problem: Acer Updater has a known compatibility issue with this version of Windows. For an update that is compatible with this version of Windows, contact Acer Incorporated.

Log: 'Application' Date/Time: 27/10/2013 12:08:16 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-2003188594-1971657549-1642133547-1002:
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Microsoft\SystemCertificates\Root
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Microsoft\SystemCertificates\trust
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Microsoft\SystemCertificates\My
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Microsoft\SystemCertificates\CA
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Policies\Microsoft\SystemCertificates
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Policies\Microsoft\SystemCertificates
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Policies\Microsoft\SystemCertificates
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Policies\Microsoft\SystemCertificates
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Microsoft\SystemCertificates\Disallowed
Process 3792 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2003188594-1971657549-1642133547-1002\Software\Microsoft\SystemCertificates\SmartCardRoot

Log: 'Application' Date/Time: 26/10/2013 11:39:52 PM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: mcstoredb

Log: 'Application' Date/Time: 26/10/2013 11:39:49 PM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: mcstore

Log: 'Application' Date/Time: 26/10/2013 11:39:44 PM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: mcepg

Log: 'Application' Date/Time: 26/10/2013 11:00:14 PM
Type: Warning Category: 0
Event: 1 Source: Microsoft-Windows-ApplicationExperienceInfrastructure
The application (Acer Updater, from vendor Acer Incorporated) has the following problem: Acer Updater has a known compatibility issue with this version of Windows. For an update that is compatible with this version of Windows, contact Acer Incorporated.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/10/2013 8:42:44 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/10/2013 2:07:17 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 27/10/2013 3:56:40 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 27/10/2013 3:53:38 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 27/10/2013 3:32:44 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user WIN-P59S28R7H2B\Darlene SID (S-1-5-21-2003188594-1971657549-1642133547-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 27/10/2013 3:08:26 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user WIN-P59S28R7H2B\Darlene SID (S-1-5-21-2003188594-1971657549-1642133547-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 27/10/2013 3:04:51 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user WIN-P59S28R7H2B\Darlene SID (S-1-5-21-2003188594-1971657549-1642133547-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 27/10/2013 3:03:04 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user WIN-P59S28R7H2B\Darlene SID (S-1-5-21-2003188594-1971657549-1642133547-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 27/10/2013 3:03:01 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user WIN-P59S28R7H2B\Darlene SID (S-1-5-21-2003188594-1971657549-1642133547-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 27/10/2013 3:03:01 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user WIN-P59S28R7H2B\Darlene SID (S-1-5-21-2003188594-1971657549-1642133547-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 27/10/2013 3:02:26 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user WIN-P59S28R7H2B\Darlene SID (S-1-5-21-2003188594-1971657549-1642133547-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/10/2013 4:36:26 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Multimedia Class Scheduler service entered the running state.

Log: 'System' Date/Time: 27/10/2013 4:35:52 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Multimedia Class Scheduler service entered the stopped state.

Log: 'System' Date/Time: 27/10/2013 4:32:02 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Windows Modules Installer service entered the stopped state.

Log: 'System' Date/Time: 27/10/2013 4:32:02 PM
Type: Information Category: 0
Event: 7040 Source: Service Control Manager
The start type of the Windows Modules Installer service was changed from auto start to demand start.

Log: 'System' Date/Time: 27/10/2013 4:32:02 PM
Type: Information Category: 0
Event: 7040 Source: Service Control Manager
The start type of the Windows Modules Installer service was changed from demand start to auto start.

Log: 'System' Date/Time: 27/10/2013 4:25:56 PM
Type: Information Category: 2
Event: 18 Source: Microsoft-Windows-WindowsUpdateClient
Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on ?October-?28-?13 at 3:00 AM: 
- Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
- Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2533523)
- Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2836939)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2835393)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2858302)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2604121)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2729449)
- Security Update for Micr

Log: 'System' Date/Time: 27/10/2013 4:25:37 PM
Type: Information Category: 2
Event: 18 Source: Microsoft-Windows-WindowsUpdateClient
Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on ?October-?28-?13 at 3:00 AM: 
- Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
- Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2533523)
- Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2836939)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2835393)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2858302)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2604121)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2729449)
- Security Update for Micr

Log: 'System' Date/Time: 27/10/2013 4:25:11 PM
Type: Information Category: 2
Event: 18 Source: Microsoft-Windows-WindowsUpdateClient
Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on ?October-?28-?13 at 3:00 AM: 
- Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
- Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2836939)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2835393)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2858302)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2604121)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2729449)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2840628)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vi

Log: 'System' Date/Time: 27/10/2013 4:24:48 PM
Type: Information Category: 2
Event: 18 Source: Microsoft-Windows-WindowsUpdateClient
Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on ?October-?28-?13 at 3:00 AM: 
- Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2836939)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2835393)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2858302)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2604121)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2729449)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2840628)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2789642)
- Security Update for Microsoft .NET Framework 4 on XP, Server

Log: 'System' Date/Time: 27/10/2013 4:24:39 PM
Type: Information Category: 2
Event: 18 Source: Microsoft-Windows-WindowsUpdateClient
Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on ?October-?28-?13 at 3:00 AM: 
- Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2836939)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2835393)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2858302)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2604121)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2729449)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2840628)
- Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2789642)
- Security Update for Microsoft .NET Framework 4 on XP, Server

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/10/2013 2:43:39 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 27/10/2013 4:06:02 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 27/10/2013 3:28:22 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name forums.techguy.org timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 27/10/2013 3:24:35 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 26/10/2013 10:57:44 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 26/10/2013 10:16:22 PM
Type: Warning Category: 0
Event: 1002 Source: Microsoft Antimalware
Microsoft Antimalware scan has been stopped before completion. Scan ID: {0030DF38-918C-407E-B842-16B8EF577149} Scan Type: Antimalware Scan Parameters: Quick Scan User: WIN-P59S28R7H2B\Terry

Log: 'System' Date/Time: 26/10/2013 9:02:59 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 3 seconds since the last report.

Log: 'System' Date/Time: 26/10/2013 9:02:59 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 3 seconds since the last report.

Log: 'System' Date/Time: 26/10/2013 9:02:59 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 3 seconds since the last report.

Log: 'System' Date/Time: 26/10/2013 9:02:59 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 3 seconds since the last report.


----------



## ldarlene (Sep 6, 2008)

I have Windows 7 on my computer at home. Would it be possible to make a windows disc from that computer and use it to try AGAIN to restore this one?


----------



## Cookiegal (Aug 27, 2003)

Clicking on the Reply button doesn't carry forward any quotes from previous posters. 

I think you'll have to start a new thread for assistance in the Windows 7 forum as there are mutliple errors that I'm not able to troubleshoot for you unfortunately.


----------



## ldarlene (Sep 6, 2008)

ok. thanks for all the help.

I have no idea what was happening before the reset yesterday but I have ALWAYS hit just the reply button and a page with your quote ALWAYS came up.


----------



## Cookiegal (Aug 27, 2003)

Are you clicking on this Reply button?


----------



## ldarlene (Sep 6, 2008)

Another ah ha moment.

I have been clicking on the red reply button

But the really funny thing....today when I have been using the red reply button I HAVE NOT been quoting you.

I posted on Windows 7 forum.
Since then I did some google searching... Discovered alt + F11 (I think)
That brought me to the acer recovery page.
I have just finished ANOTHER factory reset. This time was very different. Gave me forms for entering my name, password etc.
So I think it may have fixed things this time.
Could you give me the link to VEW again and check it one last time. I might not need the help from Windows 7 forum.
If there are still unexpected errors I can then leave you in peace....
... and let someone from the other forum deal with my headaches.....
Thanks again for all the time you have invested in me and my problem computer.


----------



## Cookiegal (Aug 27, 2003)

Please download the Event Viewer Tool by Vino Rosso *VEW* and save it to your Desktop:


For XP operating sysetms double-click *VEW.exe* For later operating systems right-click VEW.exe and select "Run As Administrator"

Under "Select log to query", select:

*Application*
*System*

Under "Select type to list", select:

*Error*
*Warning*

Click the radio button for "Number of events"
Type *10* in the 1 to 20 box 
Then click the *Run* button.

Notepad will open with the output log. Please copy and paste the contents here.


----------



## ldarlene (Sep 6, 2008)

Thanks Cookiegal. Looks like I am still getting errors.
I did follow the link to fix the acer updater problem.

Don't know if these are errors you can address or not. I can put this scan into my post in Windows 7 if you think that is the better option.
windows did successfully install about 107 updates. After shutting down it tells me I have two more to install. Will do that next.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/10/2013 10:33:34 PM
Type: Warning Category: 0
Event: 1 Source: Microsoft-Windows-ApplicationExperienceInfrastructure
The application (Acer Updater, from vendor Acer Incorporated) has the following problem: Acer Updater has a known compatibility issue with this version of Windows. For an update that is compatible with this version of Windows, contact Acer Incorporated.
Log: 'Application' Date/Time: 27/10/2013 10:12:31 PM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: Microsoft.MediaCenter.Mheg
Log: 'Application' Date/Time: 27/10/2013 10:12:28 PM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: Microsoft.MediaCenter.Bml
Log: 'Application' Date/Time: 27/10/2013 10:12:15 PM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: mcupdate
Log: 'Application' Date/Time: 27/10/2013 10:12:14 PM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: mcplayerinterop
Log: 'Application' Date/Time: 27/10/2013 10:12:12 PM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: mcGlidHostObj
Log: 'Application' Date/Time: 27/10/2013 10:12:12 PM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: MCESidebarCtrl
Log: 'Application' Date/Time: 27/10/2013 10:12:11 PM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: LoadMxf
Log: 'Application' Date/Time: 27/10/2013 10:12:03 PM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: Microsoft.MediaCenter.iTv
Log: 'Application' Date/Time: 27/10/2013 10:12:03 PM
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5472) - Version or flavor did not match with repository: Mcx2Dvcs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/10/2013 10:06:25 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2879017).
Log: 'System' Date/Time: 27/10/2013 10:03:58 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The event description cannot be found.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/10/2013 10:01:31 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
Log: 'System' Date/Time: 27/10/2013 7:57:39 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 1 seconds since the last report.
Log: 'System' Date/Time: 27/10/2013 7:57:38 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 1 seconds since the last report.
Log: 'System' Date/Time: 27/10/2013 7:57:38 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 1 seconds since the last report.
Log: 'System' Date/Time: 27/10/2013 7:57:38 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 1 seconds since the last report.
Log: 'System' Date/Time: 27/10/2013 7:31:34 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.


----------



## Cookiegal (Aug 27, 2003)

It may be normal to have some errors and warnings while everything is trying to set up.

It might be best to wait until tomorrow and run VEW again and we'll see what keeps repeating.


----------



## ldarlene (Sep 6, 2008)

Thanks. I certainly does look better than it did.
And I have a WORKING Windows Updater!!!! YAHHH 

We have a funeral to go to tomorrow, I will run the scan again tomorrow evening.


----------



## Cookiegal (Aug 27, 2003)

I'm very sorry for your loss.

I know Macboatmaster has joined in on your other thread so we'll all see how things look tomorrow evening.


----------



## ldarlene (Sep 6, 2008)

Thanks Cookiegal. The lady who passed away was a fellow season siter at the camp we spend the summer at. We were not close friends but we have known her for many years. She lost her husband this summer due to cancer. 
It will be more of a Life Celebration than a funeral.


----------



## Cookiegal (Aug 27, 2003)

We make many acquaintances in our journey of life and although they may not be considered "friends" we've known these people for so long that they become a part of our existence and it's very sad to lose them. As we get older and people pass on it reminds us of our own mortality and that of our dear loved ones.


----------



## ldarlene (Sep 6, 2008)

Right on Cookiegal! 
Over the last few years younger and younger families are becoming season siters. When we first starting going to this camp for just a few weeks each summer 'season siters' were mostly retired couples. Now most of those people are elderly, some are still coming. It is sad to be losing so many of them these past few years, however we know they are in a far better place.
I just do not remember my own parents going to so many funerals...... then I realize there was a reason for that.... They were only in their 40's when we were 'grown up and on our own'. We are in our 60's...... guess that puts us in the right age bracket to be attending more funerals.... Never thought of myself as 'old enough' before.


----------



## ldarlene (Sep 6, 2008)

Should we be marking this one 'solved' since update is now working well?


----------



## Cookiegal (Aug 27, 2003)

I'll mark it solved and close it since we will continue in the other thread.


----------

