Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

DDS and Other Reports for Win 7 Laptop

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
elizabeth
Junior Member


Joined: 12 Mar 2012
Last Visit: 15 May 2012
Posts: 14

PostPosted: Mon Mar 12, 2012 1:46 pm    Post subject: DDS and Other Reports for Win 7 Laptop Reply with quote

Hi,
I have multiple antivirus programs running on my Windows 7 laptop and I cannot remove them even with Revo.

The only paid anti program I have is Malware Bites, but it does not show up in the Action Center. I had Avast! at one point, but it stopped working and was giving me strange "memory virus" reports, but it won't be removed.

Now I'm running MS security essentials and Malware Bytes with the OS default firewall running. Or, please tell me which and what to run please, so I know I have the spy, the virus, and the mal all covered.

I'd like to have the Action Center recognize what I am running and be able to rid my machine of stuff that shouldn't be there (AVG2012, Norton, Avast!-I never put two of these on my machine). Sometimes my machine is very slow and crashes for no reason. Somehow I got that "conduit" thing in FF, so I used windows backup to replace my system, then I created a new FF profile and deleted that weird one. Just wondering what trained eyes might say about what I have going on here, please.
DDS Logs run today:
DDS.txt copy/paste:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by ecb at 17:28:38 on 2012-03-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4009.1643 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\svchost.exe -k SDRSVC
C:\Users\ecb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ecb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ecb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ecb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ecb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ecb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ecb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ecb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ecb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ecb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ecb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ecb\Downloads\HijackThis.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://solutions.us.fujitsu.com/
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
TB: {F0381DBD-E018-4E07-AE40-D96AB15083F0} - No File
uRun: [Google Update] "C:\Users\ecb\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IndicatorUtility] "C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe"
mRun: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
mRun: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
mRun: [snp2uvc] C:\windows\vsnp2uvc.exe
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} - hxxps://browsercheck.qualys.com/qbc_ax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
TCP: Interfaces\{C8A8BBF8-1AC9-4B35-A9E3-8E531D550421} : DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
TCP: Interfaces\{C8A8BBF8-1AC9-4B35-A9E3-8E531D550421}\24573796E656373702C4F657E67656 : DhcpNameServer = 74.174.50.5 74.174.50.6
TCP: Interfaces\{C8A8BBF8-1AC9-4B35-A9E3-8E531D550421}\3686562727976616962797 : DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
TCP: Interfaces\{C8A8BBF8-1AC9-4B35-A9E3-8E531D550421}\4456E6E69737F575962756C6563737 : DhcpNameServer = 70.148.95.201 205.152.128.23
TCP: Interfaces\{C8A8BBF8-1AC9-4B35-A9E3-8E531D550421}\47271696E61323 : DhcpNameServer = 74.174.50.5 74.174.50.6
TCP: Interfaces\{C8A8BBF8-1AC9-4B35-A9E3-8E531D550421}\7475343475946494 : DhcpNameServer = 74.174.50.5
TCP: Interfaces\{C8A8BBF8-1AC9-4B35-A9E3-8E531D550421}\B462A4 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C8A8BBF8-1AC9-4B35-A9E3-8E531D550421}\E4544574541425 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {F0381DBD-E018-4E07-AE40-D96AB15083F0} - No File
mRun-x64: [IndicatorUtility] "C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe"
mRun-x64: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun-x64: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
mRun-x64: [snp2uvc] C:\windows\vsnp2uvc.exe
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ecb\AppData\Roaming\Mozilla\Firefox\Profiles\yjeuv1af.No Conduit March 8 2012\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\ecb\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\ecb\AppData\Roaming\Mozilla\Firefox\Profiles\yjeuv1af.No Conduit March 8 2012\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}\plugins\npqbc.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 FBIOSDRV;Fujitsu BIOS Driver;C:\windows\system32\Drivers\FBIOSDRV.sys --> C:\windows\system32\Drivers\FBIOSDRV.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-3 897088]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-13 652872]
R2 PowerSavingUtilityService;PowerSavingUtilityService;C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2011-4-7 63336]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-7 2656280]
R2 UpdateNaviInstallService;UpdateNaviInstallService;C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe [2009-9-30 14336]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\windows\system32\DRIVERS\BrSerIb.sys --> C:\windows\system32\DRIVERS\BrSerIb.sys [?]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\windows\system32\DRIVERS\BrUsbSIb.sys --> C:\windows\system32\DRIVERS\BrUsbSIb.sys [?]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\system32\DRIVERS\btmaux.sys --> C:\windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\windows\system32\DRIVERS\btmhsf.sys --> C:\windows\system32\DRIVERS\btmhsf.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\windows\system32\drivers\FUJ02E3.sys --> C:\windows\system32\drivers\FUJ02E3.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\windows\system32\DRIVERS\iBtFltCoex.sys --> C:\windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\windows\system32\DRIVERS\iwdbus.sys --> C:\windows\system32\DRIVERS\iwdbus.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\drivers\HECIx64.sys --> C:\windows\system32\drivers\HECIx64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PSI;PSI;C:\windows\system32\DRIVERS\psi_mf.sys --> C:\windows\system32\DRIVERS\psi_mf.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-5 44768]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-26 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-26 136176]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\system32\drivers\intelaud.sys --> C:\windows\system32\drivers\intelaud.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-12 21:19:33 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A2E018CB-2462-459C-89AD-C7C2E62DE8AA}\offreg.dll
2012-03-12 21:12:17 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A2E018CB-2462-459C-89AD-C7C2E62DE8AA}\mpengine.dll
2012-03-06 01:01:12 -------- d-----w- C:\Users\ecb\OLIT Papers
2012-02-28 11:23:17 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-27 13:21:10 162664 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-27 05:08:01 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50C0DC84-2785-42A2-B700-4D464A1F434B}\gapaengine.dll
2012-02-27 05:07:02 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-02-27 05:06:54 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-02-27 04:27:23 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-02-27 04:21:54 -------- d-----r- C:\Program Files (x86)\Skype
2012-02-27 04:15:32 -------- d-----w- C:\Users\ecb\AppData\Local\Secunia PSI
2012-02-27 04:15:23 -------- d-----w- C:\Program Files (x86)\Secunia
2012-02-27 03:10:51 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{627AD6B4-A455-4CAC-B8A1-85DBE24FB8E9}\offreg.dll
2012-02-27 02:55:34 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{627AD6B4-A455-4CAC-B8A1-85DBE24FB8E9}\mpengine.dll
2012-02-24 03:34:34 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-02-23 15:33:34 -------- d-----w- C:\MATS
2012-02-21 00:41:27 -------- d-----w- C:\Users\ecb\.elan_data
2012-02-19 14:26:21 -------- d-----w- C:\Users\ecb\AppData\Roaming\Abine
2012-02-15 03:37:52 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-02-15 03:31:44 -------- d-----w- C:\Users\ecb\AppData\Roaming\AVG2012
2012-02-15 03:13:29 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-02-14 18:26:44 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-02-14 18:26:44 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
2012-02-14 18:23:29 498688 ----a-w- C:\windows\System32\drivers\afd.sys
2012-02-14 18:20:03 515584 ----a-w- C:\windows\System32\timedate.cpl
2012-02-14 18:20:03 478720 ----a-w- C:\windows\SysWow64\timedate.cpl
2012-02-14 18:20:01 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-02-14 18:19:39 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll
2012-02-14 18:19:39 634880 ----a-w- C:\windows\System32\msvcrt.dll
.
==================== Find3M ====================
.
2012-03-09 17:29:40 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-27 02:54:05 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-02-15 03:37:18 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2012-02-15 03:37:18 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2012-01-31 12:44:20 279656 ------w- C:\windows\System32\MpSigStub.exe
2011-12-28 23:57:26 37888 ----a-w- C:\windows\System32\drivers\taphss.sys
2011-12-14 07:11:03 2308096 ----a-w- C:\windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
.
============= FINISH: 17:29:52.56 ===============

Attach.text log copy/paste:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/26/2011 9:57:50 PM
System Uptime: 3/12/2012 9:39:46 AM (8 hours ago)
.
Motherboard: FUJITSU | | FJNBB0F
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | Onboard | 2100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 225 GiB total, 155.927 GiB free.
D: is FIXED (NTFS) - 225 GiB total, 224.685 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP115: 2/26/2012 9:53:09 PM - Installed Java(TM) 6 Update 31
RP116: 2/26/2012 9:54:33 PM - Windows Update
RP117: 2/26/2012 11:35:00 PM - Revo Uninstaller's restore point - avast! Free Antivirus
RP118: 3/2/2012 4:00:23 AM - Windows Update
RP119: 3/5/2012 8:03:46 AM - Windows Update
RP120: 3/9/2012 11:46:51 AM - Windows Update
RP121: 3/9/2012 2:15:19 PM - Windows Backup
RP122: 3/12/2012 12:22:37 PM - Installed 7-Zip 9.20 (x64 edition)
RP123: 3/12/2012 5:11:55 PM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
Amazon Kindle
Anytime USB Charge Utility
Brother MFL-Pro Suite MFC-7340
CyberLink MakeDisc
CyberLink PowerDirector
CyberLink PowerDVD 9
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ELAN 4.1.2
FJ Camera
Fujitsu Display Manager
Fujitsu Hotkey Utility
Fujitsu MobilityCenter Extension Utility
Fujitsu System Extension Utility
Galerie de photos Windows Live
Garmin Lifetime Updater
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) WiDi
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
LifeBook Application Panel
Malwarebytes Anti-Malware version 1.60.0.1800
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Publisher 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 10.0.2 (x86 en-GB)
Mozilla Thunderbird 10.0.2 (x86 en-GB)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Power Saving Utility
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Roxio Creator LJ
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Skype™ 5.8
Sptnavi
swMSM
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Visual Studio 2008 x64 Redistributables
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
3/9/2012 12:32:09 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {E60687F7-01A1-40AA-86AC-DB1CBF673334} and APPID {653C5148-4DCE-4905-9CFD-1B23662D3D9E} to the user ecb-PC\ecb SID (S-1-5-21-3249648881-3253301769-3927457880-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/8/2012 9:46:42 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/8/2012 2:42:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/8/2012 1:14:22 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/7/2012 10:03:03 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/6/2012 8:31:33 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/6/2012 3:25:52 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/6/2012 2:56:57 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/5/2012 10:33:14 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/12/2012 9:14:31 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/12/2012 9:14:18 AM, Error: Service Control Manager [7024] - The AVG WatchDog service terminated with service-specific error %%-536805315.
3/12/2012 3:06:26 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
3/12/2012 2:31:23 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
3/11/2012 9:40:03 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/11/2012 12:51:08 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/10/2012 12:50:44 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/10/2012 12:27:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
.
==== End Of File ===========================

You didn't ask for this but it was suggested that I share my Hijack this report on this forum as well, so here it is:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:57:06 PM, on 3/12/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\vsnp2uvc.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Users\ecb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ecb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ecb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ecb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ecb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ecb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ecb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ecb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ecb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ecb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ecb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ecb\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://solutions.us.fujitsu.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IndicatorUtility] "C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [snp2uvc] C:\windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\ecb\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} (Qualys BrowserCheck) - https://browsercheck.qualys.com/qbc_ax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - C:\Program Files\Fujitsu\PSUtility\PSUService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13191 bytes

Thank you very much for your assistance and advice.
Sincerely,
Elizabeth
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Tue Mar 13, 2012 8:41 am    Post subject: Reply with quote

Looking over your logs, back soon.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Tue Mar 13, 2012 9:00 am    Post subject: Reply with quote

Please download and run the following AV removal programs ....

http://download.avg.com/filedir/util/support/avg_remover_stf_x64_2011_1322.exe
http://files.avast.com/files/eng/aswclear6.exe
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

Reboot your computer after running each of the tools.

Next

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.


  • Double click OTL.exe to launch the programme.
  • Check the following.

    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.

  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.

    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)

  • Please post me both logs.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
elizabeth
Junior Member


Joined: 12 Mar 2012
Last Visit: 15 May 2012
Posts: 14

PostPosted: Wed Mar 14, 2012 9:45 am    Post subject: OTL Log Report #1 Reply with quote

Hi Gary,
Thank you for the clear instructions and prompt reply.

Here is log #1: OTL.txt
OTL logfile created on: 3/14/2012 7:54:17 AM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\ecb\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 63.03% Memory free
7.83 Gb Paging File | 6.30 Gb Available in Paging File | 80.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224.78 Gb Total Space | 157.65 Gb Free Space | 70.13% Space Free | Partition Type: NTFS
Drive D: | 224.78 Gb Total Space | 224.69 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: ECB-PC | User Name: ecb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/14 07:52:00 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\ecb\Desktop\OTL.exe
PRC - [2012/02/14 23:37:20 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 18:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/15 11:40:54 | 001,446,248 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011/03/05 02:49:24 | 000,228,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
PRC - [2011/03/05 02:49:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/12/20 05:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 05:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/03 11:53:28 | 000,897,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2010/09/29 21:05:32 | 000,048,752 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2009/08/13 09:06:00 | 000,662,016 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exe
PRC - [2009/07/06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/03/30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/15 01:36:46 | 001,782,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
MOD - [2012/02/15 01:36:46 | 000,393,216 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\295b3156b838ca161a64a5456522438b\System.Xml.Linq.ni.dll
MOD - [2012/02/14 22:57:27 | 018,000,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e48a8a41e50ee180c6ca9c50e4575f42\PresentationFramework.ni.dll
MOD - [2012/02/14 22:57:13 | 011,450,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9dee5fd0cf53fc233a7fc20edf8e66ed\PresentationCore.ni.dll
MOD - [2012/02/14 22:57:13 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8b8a5c194aacfb2102d4e26b75a84e03\PresentationFramework.Aero.ni.dll
MOD - [2012/02/14 22:57:08 | 000,736,768 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\c1127f26363bea39c40707b9ddb6bbb9\System.Security.ni.dll
MOD - [2012/02/14 22:57:06 | 013,138,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7390d789557549200e474b9bbeca3d1a\System.Windows.Forms.ni.dll
MOD - [2012/02/14 22:57:04 | 007,069,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
MOD - [2012/02/14 22:57:00 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
MOD - [2012/02/14 22:56:56 | 003,858,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef8c44c3c8766f219f576faab54c8dc7\WindowsBase.ni.dll
MOD - [2012/02/14 22:56:53 | 001,653,248 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\aa90407cafb9b4a0dc5e3fdff170fee9\System.Drawing.ni.dll
MOD - [2012/02/14 22:56:51 | 009,091,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
MOD - [2012/02/14 22:56:45 | 014,413,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 18:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 18:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/01/05 13:41:38 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2011/01/05 13:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/01/05 13:26:56 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/17 18:47:12 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV:64bit: - [2009/09/30 02:23:00 | 000,014,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe -- (UpdateNaviInstallService)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/02/15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/12/20 05:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/20 05:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/03 11:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/28 19:57:26 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/12/10 16:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/12/09 20:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/11/15 02:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/04/27 16:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/14 22:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/24 06:47:02 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/03/24 06:47:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/05 02:49:52 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/01/12 04:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/03 22:29:46 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/12/28 14:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/04 05:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010/10/19 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/14 11:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/10/09 08:35:38 | 001,801,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2010/05/06 22:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/11/19 08:45:08 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV:64bit: - [2009/06/24 01:31:30 | 000,021,104 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FBIOSDRV.sys -- (FBIOSDRV)
DRV:64bit: - [2009/06/10 16:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2006/11/01 06:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3)
DRV:64bit: - [2006/11/01 06:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://solutions.us.fujitsu.com/
IE - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 1A AD A6 19 FE CC 01 [binary data]
IE - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\..\URLSearchHook: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - No CLSID value found
IE - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\..\SearchScopes\{1AB6B964-EB23-4C1E-BE5A-C2680A085BCD}: "URL" = https://ixquick.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=english
IE - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\..\SearchScopes\{549C170E-E118-48D8-BAC5-CAE58DFEE6FD}: "URL" = http://duckduckgo.com/?q={searchTerms}
IE - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJN_enUS452
IE - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ecb\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ecb\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/26 22:50:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/26 22:50:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/27 00:27:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/27 00:22:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/10/15 15:11:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ecb\AppData\Roaming\Mozilla\Extensions
[2012/02/26 16:24:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ecb\AppData\Roaming\Mozilla\Firefox\Profiles\kgyrxu71.Default User\extensions
[2012/02/26 22:49:59 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\ecb\AppData\Roaming\Mozilla\Firefox\Profiles\kgyrxu71.Default User\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2012/02/26 22:49:59 | 000,000,000 | ---D | M] (Qualys BrowserCheck) -- C:\Users\ecb\AppData\Roaming\Mozilla\Firefox\Profiles\kgyrxu71.Default User\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
[2012/02/26 22:50:00 | 000,000,000 | ---D | M] (TACO with Abine) -- C:\Users\ecb\AppData\Roaming\Mozilla\Firefox\Profiles\kgyrxu71.Default User\extensions\optout@dubfire.net
[2012/03/12 00:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ecb\AppData\Roaming\Mozilla\Firefox\Profiles\yjeuv1af.No Conduit March 8 2012\extensions
[2012/03/08 11:22:42 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\ecb\AppData\Roaming\Mozilla\Firefox\Profiles\yjeuv1af.No Conduit March 8 2012\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2012/03/08 11:36:48 | 000,000,000 | ---D | M] (Qualys BrowserCheck) -- C:\Users\ecb\AppData\Roaming\Mozilla\Firefox\Profiles\yjeuv1af.No Conduit March 8 2012\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
[2012/03/08 11:13:41 | 000,000,000 | ---D | M] (TACO with Abine) -- C:\Users\ecb\AppData\Roaming\Mozilla\Firefox\Profiles\yjeuv1af.No Conduit March 8 2012\extensions\optout@dubfire.net
[2012/02/27 00:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\ECB\APPDATA\ROAMING\THUNDERBIRD\PROFILES\3T6VXR8Q.DEFAULT\EXTENSIONS\{B65D0BE3-CC20-44E1-BBAA-EA394DBFFA34}.XPI
[2012/03/05 23:42:43 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\USERS\ECB\APPDATA\ROAMING\THUNDERBIRD\PROFILES\3T6VXR8Q.DEFAULT\EXTENSIONS\EN-US@DICTIONARIES.ADDONS.MOZILLA.ORG
() (No name found) -- C:\USERS\ECB\APPDATA\ROAMING\THUNDERBIRD\PROFILES\3T6VXR8Q.DEFAULT\EXTENSIONS\LOOKOUT@ARON.RUBIN.XPI
() (No name found) -- C:\USERS\ECB\APPDATA\ROAMING\THUNDERBIRD\PROFILES\3T6VXR8Q.DEFAULT\EXTENSIONS\MAILSLEUTH@MAILSLEUTHONLINE.COM.XPI
() (No name found) -- C:\USERS\ECB\APPDATA\ROAMING\THUNDERBIRD\PROFILES\3T6VXR8Q.DEFAULT\EXTENSIONS\SILVERMELXT@PARDAL.DE.XPI
[2012/02/16 10:55:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 07:08:43 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/18 21:28:02 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/16 06:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 07:08:43 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/16 07:08:43 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/16 07:08:43 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\ecb\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ecb\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ecb\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ecb\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Qualys BrowserCheck Plugin (Enabled) = C:\Users\ecb\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekpjhkjhpbabigpoojijebfpficekjp\1.3.41.1_0\npqbc.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: HTTPS Enforcer = C:\Users\ecb\AppData\Local\Google\Chrome\User Data\Default\Extensions\beaholcfmnpbabojbldnhlikfmnjmoma\2.0_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\ecb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0\
CHR - Extension: ChromeIn Plus for LinkedIn\u2122 = C:\Users\ecb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcaoihcfefgcohpneahnnpfejcaodjfo\1.0.22.4_0\
CHR - Extension: KB SSL Enforcer = C:\Users\ecb\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\1.0.20_0\
CHR - Extension: LinkedIn 1st Degree's Connection Search = C:\Users\ecb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gibgcajibnpkilfpbolpnifjcponkekn\1.4.3_0\
CHR - Extension: AdBlock = C:\Users\ecb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.20_0\
CHR - Extension: avast! WebRep = C:\Users\ecb\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\
CHR - Extension: Qualys BrowserCheck = C:\Users\ecb\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekpjhkjhpbabigpoojijebfpficekjp\1.3.41.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\ecb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Search on Linkedin = C:\Users\ecb\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldijfbphampndgemooecbdgfdnmhhjl\0.1_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} https://browsercheck.qualys.com/qbc_ax.cab (Qualys BrowserCheck)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8A8BBF8-1AC9-4B35-A9E3-8E531D550421}: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/14 07:51:57 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\ecb\Desktop\OTL.exe
[2012/03/14 06:28:26 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/03/14 06:28:26 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/03/14 06:28:25 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/03/13 23:13:35 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012/03/13 23:13:01 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2012/03/13 23:13:01 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll
[2012/03/13 23:13:01 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe
[2012/03/13 23:12:59 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll
[2012/03/13 23:12:59 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll
[2012/03/12 12:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/03/12 12:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/03/05 21:01:12 | 000,000,000 | ---D | C] -- C:\Users\ecb\OLIT Papers
[2012/02/27 01:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/02/27 01:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/02/27 00:21:54 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/02/27 00:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/02/27 00:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/02/27 00:15:32 | 000,000,000 | ---D | C] -- C:\Users\ecb\AppData\Local\Secunia PSI
[2012/02/27 00:15:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012/02/26 22:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/02/26 22:54:15 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2012/02/26 22:54:15 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2012/02/26 22:54:15 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2012/02/26 22:54:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/02/23 23:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/02/23 23:34:36 | 000,000,000 | ---D | C] -- C:\Users\ecb\AppData\Roaming\Yahoo!
[2012/02/23 23:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/02/23 11:33:34 | 000,000,000 | ---D | C] -- C:\MATS
[2012/02/20 20:41:27 | 000,000,000 | ---D | C] -- C:\Users\ecb\.elan_data
[2012/02/19 10:26:21 | 000,000,000 | ---D | C] -- C:\Users\ecb\AppData\Roaming\Abine
[2012/02/14 23:37:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/02/14 23:31:44 | 000,000,000 | ---D | C] -- C:\Users\ecb\AppData\Roaming\AVG2012
[2012/02/14 23:13:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/02/14 20:07:11 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/02/14 20:07:11 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/02/14 20:07:09 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/02/14 20:07:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/02/14 20:07:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/02/14 20:07:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/02/14 20:07:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/02/14 20:07:07 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/02/14 20:07:06 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/02/14 20:07:04 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/02/14 20:07:04 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/02/14 14:26:44 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntshrui.dll
[2012/02/14 14:20:03 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\timedate.cpl
[2012/02/14 14:20:03 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\timedate.cpl
[2012/02/14 14:19:39 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msvcrt.dll
[1 C:\Users\ecb\Documents\*.tmp files -> C:\Users\ecb\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/14 07:56:37 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 07:56:37 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 07:53:50 | 000,729,688 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/03/14 07:53:50 | 000,626,278 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/03/14 07:53:50 | 000,107,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/03/14 07:52:00 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\ecb\Desktop\OTL.exe
[2012/03/14 07:49:26 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/14 07:49:07 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/14 07:48:59 | 3152,506,880 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/14 07:48:06 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2012/03/14 07:28:02 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/14 07:14:00 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3249648881-3253301769-3927457880-1000UA.job
[2012/03/14 06:31:10 | 000,416,504 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/03/13 20:34:42 | 000,000,848 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3249648881-3253301769-3927457880-1000Core.job
[2012/03/12 19:26:18 | 000,004,096 | -H-- | M] () -- C:\Users\ecb\AppData\Local\keyfile3.drm
[2012/03/12 15:14:56 | 000,002,389 | ---- | M] () -- C:\Users\ecb\Desktop\Google Chrome.lnk
[2012/03/12 15:10:14 | 000,000,426 | ---- | M] () -- C:\windows\BRWMARK.INI
[2012/03/09 13:29:40 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/27 01:07:09 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/02/27 01:07:03 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/02/27 00:27:27 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/27 00:22:43 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012/02/27 00:21:54 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/02/26 22:54:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
[2012/02/26 22:54:05 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2012/02/26 22:54:05 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2012/02/26 22:54:05 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2012/02/26 21:00:29 | 000,007,600 | ---- | M] () -- C:\Users\ecb\AppData\Local\resmon.resmoncfg
[2012/02/23 11:34:11 | 000,000,123 | ---- | M] () -- C:\Users\ecb\Desktop\Microsoft Fix it.url
[2012/02/17 02:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll
[2012/02/17 01:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll
[2012/02/14 23:38:08 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/02/14 23:37:40 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\rmoc3260.dll
[2012/02/14 23:37:27 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5016.dll
[2012/02/14 23:37:27 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5032.dll
[2012/02/14 23:37:24 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2012/02/14 18:12:18 | 000,002,114 | ---- | M] () -- C:\Users\ecb\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[1 C:\Users\ecb\Documents\*.tmp files -> C:\Users\ecb\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/12 19:26:18 | 000,004,096 | -H-- | C] () -- C:\Users\ecb\AppData\Local\keyfile3.drm
[2012/02/27 01:07:09 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2012/02/27 01:07:03 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/02/27 01:06:59 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/23 11:34:11 | 000,000,123 | ---- | C] () -- C:\Users\ecb\Desktop\Microsoft Fix it.url
[2012/02/14 23:38:08 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/12/08 00:54:05 | 000,007,600 | ---- | C] () -- C:\Users\ecb\AppData\Local\resmon.resmoncfg
[2011/10/17 16:58:32 | 000,000,242 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2011/10/17 16:58:32 | 000,000,094 | ---- | C] () -- C:\windows\brpcfx.ini
[2011/10/17 16:57:23 | 000,000,426 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011/10/17 16:57:23 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\BD7340.DAT
[2011/10/17 16:33:14 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\BrMuSNMP.dll
[2011/10/17 16:33:14 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini
[2011/10/17 16:33:13 | 000,000,000 | ---- | C] () -- C:\windows\brdfxspd.dat
[2011/10/17 16:33:07 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL
[2011/10/17 16:32:59 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI
[2011/09/26 20:52:00 | 000,245,760 | ---- | C] ( ) -- C:\windows\SysWow64\rsnp2uvc.dll
[2011/09/26 20:51:59 | 000,024,576 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2011/09/26 20:51:59 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2011/05/01 21:49:54 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/05/01 21:49:48 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/05/01 21:49:44 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/05/01 21:49:36 | 013,359,616 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/02/15 07:26:17 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2010/11/22 02:11:08 | 000,002,305 | ---- | C] () -- C:\windows\SysWow64\FJSaver.ini

========== LOP Check ==========

[2012/03/14 07:45:43 | 000,000,000 | ---D | M] -- C:\Users\ecb\AppData\Roaming\Abine
[2012/02/26 22:50:11 | 000,000,000 | ---D | M] -- C:\Users\ecb\AppData\Roaming\AVG2012
[2012/01/02 14:08:00 | 000,000,000 | ---D | M] -- C:\Users\ecb\AppData\Roaming\Garmin
[2011/10/19 00:50:00 | 000,000,000 | ---D | M] -- C:\Users\ecb\AppData\Roaming\qualys
[2011/10/15 15:32:09 | 000,000,000 | ---D | M] -- C:\Users\ecb\AppData\Roaming\Thunderbird
[2012/03/14 07:39:36 | 000,032,648 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
Back to top
View user's profile Send private message
elizabeth
Junior Member


Joined: 12 Mar 2012
Last Visit: 15 May 2012
Posts: 14

PostPosted: Wed Mar 14, 2012 9:46 am    Post subject: OTL Log Report #1 Reply with quote

Hi Gary,
Thank you for the clear instructions and prompt reply.

Here is log #1: OTL.txt
OTL logfile created on: 3/14/2012 7:54:17 AM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\ecb\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 63.03% Memory free
7.83 Gb Paging File | 6.30 Gb Available in Paging File | 80.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224.78 Gb Total Space | 157.65 Gb Free Space | 70.13% Space Free | Partition Type: NTFS
Drive D: | 224.78 Gb Total Space | 224.69 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: ECB-PC | User Name: ecb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/14 07:52:00 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\ecb\Desktop\OTL.exe
PRC - [2012/02/14 23:37:20 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 18:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/15 11:40:54 | 001,446,248 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011/03/05 02:49:24 | 000,228,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
PRC - [2011/03/05 02:49:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/12/20 05:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 05:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/03 11:53:28 | 000,897,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2010/09/29 21:05:32 | 000,048,752 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2009/08/13 09:06:00 | 000,662,016 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exe
PRC - [2009/07/06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/03/30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/15 01:36:46 | 001,782,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
MOD - [2012/02/15 01:36:46 | 000,393,216 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\295b3156b838ca161a64a5456522438b\System.Xml.Linq.ni.dll
MOD - [2012/02/14 22:57:27 | 018,000,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e48a8a41e50ee180c6ca9c50e4575f42\PresentationFramework.ni.dll
MOD - [2012/02/14 22:57:13 | 011,450,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9dee5fd0cf53fc233a7fc20edf8e66ed\PresentationCore.ni.dll
MOD - [2012/02/14 22:57:13 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8b8a5c194aacfb2102d4e26b75a84e03\PresentationFramework.Aero.ni.dll
MOD - [2012/02/14 22:57:08 | 000,736,768 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\c1127f26363bea39c40707b9ddb6bbb9\System.Security.ni.dll
MOD - [2012/02/14 22:57:06 | 013,138,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7390d789557549200e474b9bbeca3d1a\System.Windows.Forms.ni.dll
MOD - [2012/02/14 22:57:04 | 007,069,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
MOD - [2012/02/14 22:57:00 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
MOD - [2012/02/14 22:56:56 | 003,858,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef8c44c3c8766f219f576faab54c8dc7\WindowsBase.ni.dll
MOD - [2012/02/14 22:56:53 | 001,653,248 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\aa90407cafb9b4a0dc5e3fdff170fee9\System.Drawing.ni.dll
MOD - [2012/02/14 22:56:51 | 009,091,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
MOD - [2012/02/14 22:56:45 | 014,413,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 18:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 18:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/01/05 13:41:38 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2011/01/05 13:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/01/05 13:26:56 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/17 18:47:12 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV:64bit: - [2009/09/30 02:23:00 | 000,014,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe -- (UpdateNaviInstallService)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/02/15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/12/20 05:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/20 05:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/03 11:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/28 19:57:26 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/12/10 16:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/12/09 20:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/11/15 02:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/04/27 16:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/14 22:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/24 06:47:02 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/03/24 06:47:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/05 02:49:52 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/01/12 04:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/03 22:29:46 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/12/28 14:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/04 05:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010/10/19 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/14 11:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/10/09 08:35:38 | 001,801,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2010/05/06 22:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/11/19 08:45:08 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV:64bit: - [2009/06/24 01:31:30 | 000,021,104 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FBIOSDRV.sys -- (FBIOSDRV)
DRV:64bit: - [2009/06/10 16:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2006/11/01 06:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3)
DRV:64bit: - [2006/11/01 06:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://solutions.us.fujitsu.com/
IE - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 1A AD A6 19 FE CC 01 [binary data]
IE - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\..\URLSearchHook: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - No CLSID value found
IE - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\..\SearchScopes\{1AB6B964-EB23-4C1E-BE5A-C2680A085BCD}: "URL" = https://ixquick.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=english
IE - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\..\SearchScopes\{549C170E-E118-48D8-BAC5-CAE58DFEE6FD}: "URL" = http://duckduckgo.com/?q={searchTerms}
IE - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJN_enUS452
IE - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ecb\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ecb\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/26 22:50:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/26 22:50:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/27 00:27:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/27 00:22:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/10/15 15:11:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ecb\AppData\Roaming\Mozilla\Extensions
[2012/02/26 16:24:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ecb\AppData\Roaming\Mozilla\Firefox\Profiles\kgyrxu71.Default User\extensions
[2012/02/26 22:49:59 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\ecb\AppData\Roaming\Mozilla\Firefox\Profiles\kgyrxu71.Default User\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2012/02/26 22:49:59 | 000,000,000 | ---D | M] (Qualys BrowserCheck) -- C:\Users\ecb\AppData\Roaming\Mozilla\Firefox\Profiles\kgyrxu71.Default User\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
[2012/02/26 22:50:00 | 000,000,000 | ---D | M] (TACO with Abine) -- C:\Users\ecb\AppData\Roaming\Mozilla\Firefox\Profiles\kgyrxu71.Default User\extensions\optout@dubfire.net
[2012/03/12 00:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ecb\AppData\Roaming\Mozilla\Firefox\Profiles\yjeuv1af.No Conduit March 8 2012\extensions
[2012/03/08 11:22:42 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\ecb\AppData\Roaming\Mozilla\Firefox\Profiles\yjeuv1af.No Conduit March 8 2012\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2012/03/08 11:36:48 | 000,000,000 | ---D | M] (Qualys BrowserCheck) -- C:\Users\ecb\AppData\Roaming\Mozilla\Firefox\Profiles\yjeuv1af.No Conduit March 8 2012\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
[2012/03/08 11:13:41 | 000,000,000 | ---D | M] (TACO with Abine) -- C:\Users\ecb\AppData\Roaming\Mozilla\Firefox\Profiles\yjeuv1af.No Conduit March 8 2012\extensions\optout@dubfire.net
[2012/02/27 00:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\ECB\APPDATA\ROAMING\THUNDERBIRD\PROFILES\3T6VXR8Q.DEFAULT\EXTENSIONS\{B65D0BE3-CC20-44E1-BBAA-EA394DBFFA34}.XPI
[2012/03/05 23:42:43 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\USERS\ECB\APPDATA\ROAMING\THUNDERBIRD\PROFILES\3T6VXR8Q.DEFAULT\EXTENSIONS\EN-US@DICTIONARIES.ADDONS.MOZILLA.ORG
() (No name found) -- C:\USERS\ECB\APPDATA\ROAMING\THUNDERBIRD\PROFILES\3T6VXR8Q.DEFAULT\EXTENSIONS\LOOKOUT@ARON.RUBIN.XPI
() (No name found) -- C:\USERS\ECB\APPDATA\ROAMING\THUNDERBIRD\PROFILES\3T6VXR8Q.DEFAULT\EXTENSIONS\MAILSLEUTH@MAILSLEUTHONLINE.COM.XPI
() (No name found) -- C:\USERS\ECB\APPDATA\ROAMING\THUNDERBIRD\PROFILES\3T6VXR8Q.DEFAULT\EXTENSIONS\SILVERMELXT@PARDAL.DE.XPI
[2012/02/16 10:55:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 07:08:43 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/18 21:28:02 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/16 06:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 07:08:43 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/16 07:08:43 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/16 07:08:43 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\ecb\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ecb\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ecb\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ecb\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Qualys BrowserCheck Plugin (Enabled) = C:\Users\ecb\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekpjhkjhpbabigpoojijebfpficekjp\1.3.41.1_0\npqbc.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: HTTPS Enforcer = C:\Users\ecb\AppData\Local\Google\Chrome\User Data\Default\Extensions\beaholcfmnpbabojbldnhlikfmnjmoma\2.0_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\ecb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0\
CHR - Extension: ChromeIn Plus for LinkedIn\u2122 = C:\Users\ecb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcaoihcfefgcohpneahnnpfejcaodjfo\1.0.22.4_0\
CHR - Extension: KB SSL Enforcer = C:\Users\ecb\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\1.0.20_0\
CHR - Extension: LinkedIn 1st Degree's Connection Search = C:\Users\ecb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gibgcajibnpkilfpbolpnifjcponkekn\1.4.3_0\
CHR - Extension: AdBlock = C:\Users\ecb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.20_0\
CHR - Extension: avast! WebRep = C:\Users\ecb\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\
CHR - Extension: Qualys BrowserCheck = C:\Users\ecb\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekpjhkjhpbabigpoojijebfpficekjp\1.3.41.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\ecb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Search on Linkedin = C:\Users\ecb\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldijfbphampndgemooecbdgfdnmhhjl\0.1_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} https://browsercheck.qualys.com/qbc_ax.cab (Qualys BrowserCheck)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8A8BBF8-1AC9-4B35-A9E3-8E531D550421}: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/14 07:51:57 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\ecb\Desktop\OTL.exe
[2012/03/14 06:28:26 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/03/14 06:28:26 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/03/14 06:28:25 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/03/13 23:13:35 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012/03/13 23:13:01 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2012/03/13 23:13:01 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll
[2012/03/13 23:13:01 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe
[2012/03/13 23:12:59 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll
[2012/03/13 23:12:59 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll
[2012/03/12 12:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/03/12 12:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/03/05 21:01:12 | 000,000,000 | ---D | C] -- C:\Users\ecb\OLIT Papers
[2012/02/27 01:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/02/27 01:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/02/27 00:21:54 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/02/27 00:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/02/27 00:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/02/27 00:15:32 | 000,000,000 | ---D | C] -- C:\Users\ecb\AppData\Local\Secunia PSI
[2012/02/27 00:15:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012/02/26 22:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/02/26 22:54:15 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2012/02/26 22:54:15 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2012/02/26 22:54:15 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2012/02/26 22:54:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/02/23 23:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/02/23 23:34:36 | 000,000,000 | ---D | C] -- C:\Users\ecb\AppData\Roaming\Yahoo!
[2012/02/23 23:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/02/23 11:33:34 | 000,000,000 | ---D | C] -- C:\MATS
[2012/02/20 20:41:27 | 000,000,000 | ---D | C] -- C:\Users\ecb\.elan_data
[2012/02/19 10:26:21 | 000,000,000 | ---D | C] -- C:\Users\ecb\AppData\Roaming\Abine
[2012/02/14 23:37:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/02/14 23:31:44 | 000,000,000 | ---D | C] -- C:\Users\ecb\AppData\Roaming\AVG2012
[2012/02/14 23:13:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/02/14 20:07:11 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/02/14 20:07:11 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/02/14 20:07:09 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/02/14 20:07:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/02/14 20:07:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/02/14 20:07:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/02/14 20:07:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/02/14 20:07:07 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/02/14 20:07:06 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/02/14 20:07:04 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/02/14 20:07:04 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/02/14 14:26:44 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntshrui.dll
[2012/02/14 14:20:03 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\timedate.cpl
[2012/02/14 14:20:03 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\timedate.cpl
[2012/02/14 14:19:39 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msvcrt.dll
[1 C:\Users\ecb\Documents\*.tmp files -> C:\Users\ecb\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/14 07:56:37 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 07:56:37 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 07:53:50 | 000,729,688 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/03/14 07:53:50 | 000,626,278 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/03/14 07:53:50 | 000,107,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/03/14 07:52:00 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\ecb\Desktop\OTL.exe
[2012/03/14 07:49:26 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/14 07:49:07 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/14 07:48:59 | 3152,506,880 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/14 07:48:06 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2012/03/14 07:28:02 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/14 07:14:00 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3249648881-3253301769-3927457880-1000UA.job
[2012/03/14 06:31:10 | 000,416,504 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/03/13 20:34:42 | 000,000,848 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3249648881-3253301769-3927457880-1000Core.job
[2012/03/12 19:26:18 | 000,004,096 | -H-- | M] () -- C:\Users\ecb\AppData\Local\keyfile3.drm
[2012/03/12 15:14:56 | 000,002,389 | ---- | M] () -- C:\Users\ecb\Desktop\Google Chrome.lnk
[2012/03/12 15:10:14 | 000,000,426 | ---- | M] () -- C:\windows\BRWMARK.INI
[2012/03/09 13:29:40 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/27 01:07:09 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/02/27 01:07:03 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/02/27 00:27:27 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/27 00:22:43 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012/02/27 00:21:54 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/02/26 22:54:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
[2012/02/26 22:54:05 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2012/02/26 22:54:05 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2012/02/26 22:54:05 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2012/02/26 21:00:29 | 000,007,600 | ---- | M] () -- C:\Users\ecb\AppData\Local\resmon.resmoncfg
[2012/02/23 11:34:11 | 000,000,123 | ---- | M] () -- C:\Users\ecb\Desktop\Microsoft Fix it.url
[2012/02/17 02:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll
[2012/02/17 01:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll
[2012/02/14 23:38:08 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/02/14 23:37:40 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\rmoc3260.dll
[2012/02/14 23:37:27 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5016.dll
[2012/02/14 23:37:27 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5032.dll
[2012/02/14 23:37:24 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2012/02/14 18:12:18 | 000,002,114 | ---- | M] () -- C:\Users\ecb\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[1 C:\Users\ecb\Documents\*.tmp files -> C:\Users\ecb\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/12 19:26:18 | 000,004,096 | -H-- | C] () -- C:\Users\ecb\AppData\Local\keyfile3.drm
[2012/02/27 01:07:09 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2012/02/27 01:07:03 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/02/27 01:06:59 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/23 11:34:11 | 000,000,123 | ---- | C] () -- C:\Users\ecb\Desktop\Microsoft Fix it.url
[2012/02/14 23:38:08 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/12/08 00:54:05 | 000,007,600 | ---- | C] () -- C:\Users\ecb\AppData\Local\resmon.resmoncfg
[2011/10/17 16:58:32 | 000,000,242 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2011/10/17 16:58:32 | 000,000,094 | ---- | C] () -- C:\windows\brpcfx.ini
[2011/10/17 16:57:23 | 000,000,426 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011/10/17 16:57:23 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\BD7340.DAT
[2011/10/17 16:33:14 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\BrMuSNMP.dll
[2011/10/17 16:33:14 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini
[2011/10/17 16:33:13 | 000,000,000 | ---- | C] () -- C:\windows\brdfxspd.dat
[2011/10/17 16:33:07 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL
[2011/10/17 16:32:59 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI
[2011/09/26 20:52:00 | 000,245,760 | ---- | C] ( ) -- C:\windows\SysWow64\rsnp2uvc.dll
[2011/09/26 20:51:59 | 000,024,576 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2011/09/26 20:51:59 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2011/05/01 21:49:54 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/05/01 21:49:48 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/05/01 21:49:44 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/05/01 21:49:36 | 013,359,616 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/02/15 07:26:17 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2010/11/22 02:11:08 | 000,002,305 | ---- | C] () -- C:\windows\SysWow64\FJSaver.ini

========== LOP Check ==========

[2012/03/14 07:45:43 | 000,000,000 | ---D | M] -- C:\Users\ecb\AppData\Roaming\Abine
[2012/02/26 22:50:11 | 000,000,000 | ---D | M] -- C:\Users\ecb\AppData\Roaming\AVG2012
[2012/01/02 14:08:00 | 000,000,000 | ---D | M] -- C:\Users\ecb\AppData\Roaming\Garmin
[2011/10/19 00:50:00 | 000,000,000 | ---D | M] -- C:\Users\ecb\AppData\Roaming\qualys
[2011/10/15 15:32:09 | 000,000,000 | ---D | M] -- C:\Users\ecb\AppData\Roaming\Thunderbird
[2012/03/14 07:39:36 | 000,032,648 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
Back to top
View user's profile Send private message
elizabeth
Junior Member


Joined: 12 Mar 2012
Last Visit: 15 May 2012
Posts: 14

PostPosted: Wed Mar 14, 2012 9:55 am    Post subject: OTL Report #2 Reply with quote

Gary,
I notice when posting the first report just now that AVG2012 is still showing as "roaming", even though I ran the removal tool.

Also, the only things I have going are a paid version of Malware Bytes and Windows Defender. But, windows defender does not scan when it's supposed to, and "MS Security Essentials" says it is outdated. I'm not sure how the two of these are related, so I would be very interested in your thoughts on a good malware, antivirus, antispy and anti-adware product/s, even if the paid version/s are better options. As an aside, there is a chance I will be moving to a country for a job that is known for "hacking" and blocks sites like Skype, so in addition, I'd like to know if you can suggest a VPN and/or some kind of certificate I can use to up my access, improve my firewall, and stay as secure as possible. Thank you very much.

Here is the Extras.txt report:
OTL Extras logfile created on: 3/14/2012 7:54:17 AM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\ecb\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 63.03% Memory free
7.83 Gb Paging File | 6.30 Gb Available in Paging File | 80.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224.78 Gb Total Space | 157.65 Gb Free Space | 70.13% Space Free | Partition Type: NTFS
Drive D: | 224.78 Gb Total Space | 224.69 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: ECB-PC | User Name: ecb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel(R) PROSet/Wireless WiFi Software
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{47BC37A3-35C8-484A-8CBD-851914EB095E}" = Fujitsu Driver Update
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028BB5A9-6385-4CF6-A6FF-D512D5015DBA}" = Garmin Lifetime Updater
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25680C01-6753-4FE9-A891-7857F26457C1}" = Intel(R) WiDi
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2C12184B-F547-455E-8B36-D81ED4E17C46}" = Roxio Creator LJ
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = FJ Camera
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite MFC-7340
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{49A588CF-5FD4-4774-BFBF-0764287DE82B}" = Power Saving Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{549BF60D-FDDA-4E4C-ABE3-9E897BC09E79}" = Anytime USB Charge Utility
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC8A26-4E05-40B6-AD11-C9428A1AE150}" = Roxio Creator LJ
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}" = Roxio Creator LJ
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PUBLISHERR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2010
"{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{b145ec69-66f5-11d8-9d75-000129760d75}" = CyberLink MakeDisc
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ELAN 4.1.2" = ELAN 4.1.2
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{b145ec69-66f5-11d8-9d75-000129760d75}" = CyberLink MakeDisc
"InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Mozilla Firefox 10.0.2 (x86 en-GB)" = Mozilla Firefox 10.0.2 (x86 en-GB)
"Mozilla Thunderbird 10.0.2 (x86 en-GB)" = Mozilla Thunderbird 10.0.2 (x86 en-GB)
"Office14.PUBLISHERR" = Microsoft Publisher 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"RealPlayer 15.0" = RealPlayer
"Sptnavi" = Sptnavi
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/12/2012 10:19:23 PM | Computer Name = ecb-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/03/12 22:19:23.078]: [00003024]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 3/12/2012 10:19:24 PM | Computer Name = ecb-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/03/12 22:19:24.578]: [00003024]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 3/12/2012 10:23:40 PM | Computer Name = ecb-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/13/2012 5:14:19 AM | Computer Name = ecb-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/13/2012 7:51:11 AM | Computer Name = ecb-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 3/14/2012 6:31:13 AM | Computer Name = ecb-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/14/2012 7:32:12 AM | Computer Name = ecb-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/14/2012 7:36:21 AM | Computer Name = ecb-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/14/2012 7:39:42 AM | Computer Name = ecb-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/14/2012 7:49:19 AM | Computer Name = ecb-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 3/14/2012 7:47:26 AM | Computer Name = ecb-PC | Source = DCOM | ID = 10005
Description =

Error - 3/14/2012 7:47:26 AM | Computer Name = ecb-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/14/2012 7:47:26 AM | Computer Name = ecb-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/14/2012 7:47:26 AM | Computer Name = ecb-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/14/2012 7:47:26 AM | Computer Name = ecb-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/14/2012 7:47:26 AM | Computer Name = ecb-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/14/2012 7:47:26 AM | Computer Name = ecb-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/14/2012 7:47:26 AM | Computer Name = ecb-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/14/2012 7:47:26 AM | Computer Name = ecb-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/14/2012 7:49:23 AM | Computer Name = ecb-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842


< End of report >

Thank you very much.
-Elizabeth
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Wed Mar 14, 2012 1:15 pm    Post subject: Reply with quote

Still some orphans left.


  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

Code:
:OTL
IE - HKU\S-1-5-21-3249648881-3253301769-3927457880-1000\..\URLSearchHook: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - No CLSID value found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/26 22:50:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
[2011/12/18 21:28:02 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[1 C:\Users\ecb\Documents\*.tmp files -> C:\Users\ecb\Documents\*.tmp -> ]

:Files
C:\Users\ecb\AppData\Roaming\AVG2012
C:\Program Files (x86)\AVG
C:\Program Files\AVAST Software

:Commands
[emptytemp]
[resethosts]


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.


Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please download SystemLook from one of the links below and save it to your Desktop.

For 64 bit Systems
Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

Code:
:folderfind
avast
avg

:regfind
avast
avg


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Next

Please download Farbar Service Scanner ... by Farbar and save it to your Desktop.

  • Double click FSS.exe to run it. (Vista - W7 users: Please right click on FSS.exe and select Run As Administrator).
  • Select the following options ....

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender

  • Press the Scan button.
  • When finished, a text file named FSS.txt will be created on your desktop.
  • Copy/Paste the contents in your reply please.


Summary of the logs I need from you in your next post:

  • OTL fix log
  • SystemLook.txt
  • FSS.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.

I'll try and answer your questions when we've resolved the current issues, and/or any others that crop up during our investigations.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
elizabeth
Junior Member


Joined: 12 Mar 2012
Last Visit: 15 May 2012
Posts: 14

PostPosted: Thu Mar 15, 2012 10:21 am    Post subject: OTL Run Fix Report After Reboot Reply with quote

Hi Gary,
Thank you for your guidance. I'm following your instructions, and posting the outputs of each step as I go.

OTL.exe run with code provided. After reboot, output file as follows:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f0381dbd-e018-4e07-ae40-d96ab15083f0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0381dbd-e018-4e07-ae40-d96ab15083f0}\ not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF not found.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
C:\Program Files (x86)\AVG\AVG2012\avgssie.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Users\ecb\Documents\~WRL3385.tmp deleted successfully.
========== FILES ==========
C:\Users\ecb\AppData\Roaming\AVG2012\cfgall folder moved successfully.
C:\Users\ecb\AppData\Roaming\AVG2012 folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\Firefox4\Components folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\Firefox4 folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\Drivers\ErHr7x64 folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\Drivers folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\awacs\techbuddy\component folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\awacs\techbuddy folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\awacs\speedtest\component folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\awacs\speedtest folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\awacs\pct\component folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\awacs\pct folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\awacs\obx\component folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\awacs\obx folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\awacs\fas\component folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\awacs\fas folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\awacs\dav\component folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\awacs\dav folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\awacs folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012 folder moved successfully.
C:\Program Files (x86)\AVG folder moved successfully.
C:\Program Files\AVAST Software folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ecb
->Temp folder emptied: 365002856 bytes
->Temporary Internet Files folder emptied: 11808639 bytes
->Java cache emptied: 11542 bytes
->FireFox cache emptied: 90612289 bytes
->Google Chrome cache emptied: 48583533 bytes
->Flash cache emptied: 56984 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 266867764 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 74920720 bytes

Total Files Cleaned = 818.00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.37.0 log created on 03152012_140529

Files\Folders moved on Reboot...
C:\Users\ecb\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Back to top
View user's profile Send private message
elizabeth
Junior Member


Joined: 12 Mar 2012
Last Visit: 15 May 2012
Posts: 14

PostPosted: Thu Mar 15, 2012 10:29 am    Post subject: SystemLook.txt Scan Results Reply with quote

Hi Gary,
I copy/pasted the contents provided, ran the scan from the desktop, and the results are below:

SystemLook 30.07.11 by jpshortstuff
Log created at 14:25 on 15/03/2012 by ecb
Administrator - Elevation successful

No Context: Code:

========== folderfind ==========

Searching for "avast "
C:\ProgramData\AVAST Software\Avast d------ [05:26 28/10/2011]
C:\Users\All Users\AVAST Software\Avast d------ [05:26 28/10/2011]

Searching for "avg "
C:\_OTL\MovedFiles\03152012_140529\C_Program Files (x86)\AVG d------ [03:07 27/09/2011]

========== regfind ==========

Searching for "avast "
[HKEY_CURRENT_USER\Software\AVAST Software]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Avast Software]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f199bd9b_0]
@="{0.0.0.00000000}.{c7eac0a8-328b-4dc0-8ed1-16696cddf7b4}|\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastUI.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\AVAST Software\Avast\VisthAux.exe"="avast! Virus scanner"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\ecb\Downloads\avast_free_antivirus_setup.exe"="AVAST Software Setup Engine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}\1.0\0\win64]
@="C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}\1.0\HELPDIR]
@="C:\Program Files\AVAST Software\Avast"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}\1.0\0\win64]
@="C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}\1.0\HELPDIR]
@="C:\Program Files\AVAST Software\Avast"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AVAST Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda]
"Path"="C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Exchange\Client\Extensions]
"avast!"="4.0;C:\Program Files\AVAST Software\Avast\ashOutXt.dll;1;10000111111000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}\1.0\0\win64]
@="C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}\1.0\HELPDIR]
@="C:\Program Files\AVAST Software\Avast"
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\AVAST Software]
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Avast Software]
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f199bd9b_0]
@="{0.0.0.00000000}.{c7eac0a8-328b-4dc0-8ed1-16696cddf7b4}|\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastUI.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\AVAST Software\Avast\VisthAux.exe"="avast! Virus scanner"
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\ecb\Downloads\avast_free_antivirus_setup.exe"="AVAST Software Setup Engine"
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\AVAST Software\Avast\VisthAux.exe"="avast! Virus scanner"
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\ecb\Downloads\avast_free_antivirus_setup.exe"="AVAST Software Setup Engine"

Searching for "avg"
[HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayRSAlert]
[HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinished]
[HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanStarted]
[HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEnd]
[HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEndFail]
[HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdStart]
[HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayWSAlert]
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\AVGeneral]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\AVG Secure Search]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\AVG Secure Search]
"CurrentToolbarSearchURL"="http://isearch.avg.com/search?cid=%GUID%&mid=%MID%&lang=%LANG%&ds=%DISTSOURCE%&pr=%PROFILE%&d=%INSTALLDATE%&v=%TBVERSION%&sap=tr&q=%s1%"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f20e7ccb_0]
@="{0.0.0.00000000}.{c7eac0a8-328b-4dc0-8ed1-16696cddf7b4}|\Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2012\avgtray.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Classes\Applications\avgtray.exe]
[HKEY_CURRENT_USER\Software\Classes\Applications\avgtray.exe]
"TaskbarGroupIcon"="C:\Program Files (x86)\AVG\AVG2012\avguires.dll,-128"
[HKEY_CURRENT_USER\Software\Classes\Applications\avgui.exe]
[HKEY_CURRENT_USER\Software\Classes\Applications\avgui.exe]
"TaskbarGroupIcon"="C:\Program Files (x86)\AVG\AVG2012\avguires.dll,-128"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG LinkScanner®"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG LinkScanner®"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe"="AVG Diagnostics Utility"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}\Path]
"x64"="C:\Program Files (x86)\AVG\AVG2012\avgapia.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\9.0.1\toolband"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}\1.0\HELPDIR]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\9.0.1\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A30}\LocalServer32]
@="C:\PROGRA~2\AVG\AVG2012\PCTuneup\MICROS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}]
"LocalizedString"="@C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll,-200"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}\InprocServer32]
@="C:\PROGRA~2\AVG\AVG2012\PCTuneup\MICROS~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}\Path]
"x86"="C:\Program Files (x86)\AVG\AVG2012\avgapix.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}]
"url"="fwstats.mtrap.avg.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\9.0.1\toolband"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}\1.0\HELPDIR]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\9.0.1\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
"DllName"="avgssie.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\Antispam\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\log\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\system32\Drivers\AVG\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\scanlogs\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\update\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\EMC\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\avgam\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\lsdb\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\lsdb\prev\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\Cfg\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\cfgall\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\Temp\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\Dumps\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\Chjw\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\IDS\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\admincli\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\Content\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\Notification\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\myapps\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\3rd_party\licenses\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\3rd_party\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\Drivers\ErHr7x64\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\Drivers\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\Icons\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\Firefox4\Components\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\Firefox4\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\IDS\config\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\fas\component\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\fas\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\dav\component\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\dav\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\obx\component\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\obx\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\pct\component\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\pct\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\sounds\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\Chrome\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\Firefox\Chrome\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\Firefox\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\Firefox4\Chrome\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03417262F87C7FE4AAD0D2FBFC7CB9F3]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\scanlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E9A06E17F2CBFC42908A7AD66EF5401]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\corelog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F391EB72F3A0F44798692F96613B5A0]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\tdilog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41ED20A6906033F43860CECF0824F36F]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\privlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\47267D11CB256E640ADFDCA61B72D247]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\cfgexlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5522F383C5285CC459238472161300DA]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\cfglog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\583CA4CF0AC7F8843A84E5D8130C367A]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\ldrlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D70FD512AFFB5C459F4EB79441AB0CA]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\rslog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6692140C420A7034BB32511EEF6A4046]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\avgss.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B73052A1DF4DEC4F82474ABD9C86A1D]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\csllog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\84A020F387925634F9769E7BFE004F20]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\wdlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9238717B266ADD643AD39013EA460A97]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\arklog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1134359B7955984A9B6A1FC0EEB7EBE]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\nslog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4DF15DF1AEF0BC4194959FAC3C8D515]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\chjwlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABD4495076F8C342BE6AC610F4FC2AD]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\amlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEA16B55A833DBE4784A89E373C82EF0]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\publog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6240439242E4BC4E8F83A199AC2AEE2]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\vaultlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9416FA855A98BF4792271554BFDAABB]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\lnglog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBBE5F8AE6A8DE247A8A775E67E44B3C]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\avguilog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBD102EF66D93CB4A8C6AA14FD2335B3]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\updlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEA9A6D8B5FDFB34B875367D1065891A]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\schedlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D55441B1479F59740AFBE9FDD2740122]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\srmlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E44FA2B654640724596D61083C5FD4A4]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\wdsvclog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F061708F3225D9D4D906120730B2AC2D]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\idplog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1C570715109D3A4A99BE27ED26855D8]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\avgmail.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2A8FCE0C74359D4093F67EC7D6E1500]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\emclog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F59EFE50136030B4E87919A92806215B]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\lscanlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A10090400000000000F01FEC\Features]
"OutlookSocialConnectorIntl_1033"="{$wle.&EXAVg6GR3Yom,OUTLOOKFilesIntl_1033"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\046E72916C2A7AB4F834FF2DEAD3CF3F\Features]
"WIFI_Software"="-6cH%bCi-=E]LST]o(su0UWZrF@W{874uOHPF^XfF9!b3P1@0=,w}$oy5%bhzwkTec'xH9wa*]!DKPh^8^cX]4M=q?x9P,XVXlVl&}+dwJgxFA3sXJL,+QtvGQzb[ygN_=fXkY(K'4uu?*VWxUe7p8t1GZFpv+duU@M[EMVwN?IvH~j4_]Vz_APL]=(=*?Y`+o+uMN@mB?G&1KA5g@2RsWxYPy`,J!LtpF~yP9umy$z(-Pii{jlJ!'o599Wh+vG-e]hiF_'-7-q84?cZvQ^CZCRAQtE+,?w9n9A*+@7vbT~*U3O6pM{))=Tns?VxVxjLjwUCDe^)(@_cG&JeYm^FTNxAw8V0y9m$+5JQ}_?Wz74AYZPTb8Jt@}3]i+-9eeEZTEziW=wumxg1I$8TkbRY4m+y}=m'rw@%R~Z=nL&(%!WYZ=^t_TV&*uXJ]G~]e}!5P?EYP.7T3y@Ao0[0gxS4D?rylk*Mzvryg_w}Ow`qX9K0m}uI&cgfUSCNJ7lSv?CsJ3WcpM}5WcdqzIxY[@s1qbKr(oN8Jvm-x7Hj0=4QPp0M)kx0O'iKb].Py?WlRgJv62$L9)+'2b]!7?1KDQ'1^,!1{yA*JJkn==(~kJ9!Oa'5E+JpcJ(U[@J^n5?BnCS.tE3a7!3)i?Zn%gCx.Qd&KhZIb[Mjm@,KFGkhHwY3Hp4.gZ,_!?z{pQD=AdAqdq-)gs`q[=Mooy.6QtO=q%JC.c{O+@Kt2gpBPZrzZf$JF]nd5?6(TnKSI&K[K2{BT)I%%@Khb-^o~}Mke4^C@c0sz8[`@B$Bc+EbNSi5Mb,D89&cP'84XFEtPT2Z&Zl=O@UMq,S'cf!_]OZwiui(p=KD-D)R[x30(X?S
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\06AEBDCF0F97EAF4BB8A552AC606A994\InstallProperties]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\97EB8EC73CBAC2B4593482DEB2A0E98A\Features]
"BT_Profile"="]rB9Eu{bF?`.a}rYv[LTM?UL@upY66qjj}rYv[LTaA-S&qfc5?(_NXPIi?Px2v4j9H0@[?'L_FwRHRs2&7BucefA,=^Sy]vezUO.4UM0N6{IKA0Q0n(-TQpauu4(WHq.T=uPH80K`oxMgzm&v-2*T9BLVtg&9NOQS+o?],TQdAx+`cx,KawYI4ayd4}gt8..RwQ.sUODS$u[$QMU!?JOz{nWS2dsyqMS`.Ef1=R~Vtg'9NOQHeinS.+MZ8rlg@p6v=_pn=z9y%XW@AQn2JwF*hyJzJ@WAw*[9?C'*2qNneUWa0=Xy]O[t9(n`Q.JXR*=txYOI-4yN?Hb25dH?r{qDN0sf'X[a8P!t96*!TGW_H6vhmWbl=-My{Ma^CL3~fR-M1&JV?_oCfqodweM3g.m2bD-$9fR7E_3r)ToS%q=1+.D`@to(x57n?]5K^!B`98Tj=RJ4fm8m$aGaj&e_Eoh2=_%I@f)@%'!?$lDOa(?j9$4QTh{MzjMUc^aWWk&[=FnymqHkJbcB-xs9~Q8a=,2Feqey'}cK~n,(m~R,?e5M.i0A'Y83gJ+[%v(M=~$]AQ]pFk,jmhyMXP*[AU}^!H1%l]`8)SC@xqdA9_TLj95HV5x'k&A+yzIh=(FLhoJ,zOIe@))zqpNh==RQW]7,GEg(hJ0wbofRATx$d0en%)zHuBbpAR%f8k]201'N%q47zx=0)S9&=oV8c!_nRvdK]A^-L6ou96kf+x}@0G$!TPwD%Ei~9_(4G%-3XFK(bs8U!P4g8RcI}&xXH=n8$4Hh3A!6?$&4iw*k&k8=wv`sGzaQ=_^*lfwvbor%80R8'5Ty8*9^C'oCT'ndhn4BH-4O@33sXF-$'MSCBps'-$
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B48121C2745FE554B8638DE14D1EC764\Features]
"Mandatory"="7y)eW8l7_eO9MkbIdFwUpR^pXI`Quoe8MkbIdFwU,i4sY(ibi(u8MkbIdFwU,i4sY(ibi(*9MkbIdFwU7y)eW8l7_e?9MkbIdFwUpR^pXI`Quou8MkbIdFwUpR^pXI`Quo*9MkbIdFwU53^pXAtQuou8MkbIdFwUj&^pX@{Quou8MkbIdFwUr$^pX.}Quou8MkbIdFwUv!^pXW}Quou8MkbIdFwU53^pXAtQuo*9MkbIdFwU^)^pX$zQuou8MkbIdFwUb(^pXMzQuou8MkbIdFwUv!^pXW}Quo*9MkbIdFwUn%^pXe{Quou8MkbIdFwUf'^pXrzQuou8MkbIdFwUr$^pX.}Quo*9MkbIdFwUn%^pXe{Quo*9MkbIdFwUj&^pX@{Quo*9MkbIdFwU8_IsYU6Oi(u8MkbIdFwUOy!sY(Vti(u8MkbIdFwUf'^pXrzQuo*9MkbIdFwUVOAsYKAXi(u8MkbIdFwUb(^pXMzQuo*9MkbIdFwU1-,sY3Oki(u8MkbIdFwU^)^pX$zQuo*9MkbIdFwUg6,sYGKki(u8MkbIdFwU8_IsYU6Oi(*9MkbIdFwUVOAsYKAXi(*9MkbIdFwU1-,sY3Oki(*9MkbIdFwUOy!sY(Vti(*9MkbIdFwUg6,sYGKki(*9MkbIdFwU6k}pHLH$SDe8MkbIdFwUQ%WsI,^p_U*9MkbIdFwU6k}pHLH$SD*9MkbIdFwUYN}pHD]$SD*9MkbIdFwU@@}pHZe$SD*9MkbIdFwU8A}pH2e$SD*9MkbIdFwU4B}pHhd$SD*9MkbIdFwU0C}pHCd$SD*9MkbIdFwU+D}pHuc$SD*9MkbIdFwU'E}pHPc$SD*9MkbIdFwU!F}pH'c$
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.0.61118.0"="cNIAX@Eec?`{BgY8j598tC]z&[z7D@zM@sH5Mit+R+(PwW.5?@I6a4Q~[Ff]1r{F2Ro3V=0HLOt]XlUm*}-i6OUHj@jc7?epu,HwKH2MKL?t)9ys&pAeJ%~RqaNR$JV^JAEI?2%1mde17~P[%Z`zW9tr$pR+s&E-QYinf9[TB9M~eA)yf*4LN.t[,Jl2~8V2{ATU}M6rwX9^1ZULd=R.8^y}U*SxL{FLjsZ$D@YqOp7kN=1=U0K6$WW{F@OjTRvsU02H2nvy]}@%Z?,}}Cxl8txoz_O6)hXgm9`itkbDrKv*{5Nk&kBet=f1=nQ.[`b'CO~$Y^]7v9fZ]E3Y=yEqiQF7&1x63ANgh6sd*v`2sr5,p2g.e8kW~7J&5X`)m]C0&RqTv81)){_?P3Mz9_[3!d2'JAX!?nD)Og+uAVkA-3$W.Av9bqzk=+=xW!N)G@Gt.9Cool)9$c%p&tq3U7jvieK?{0WY%Xd+?rWhR.sJ6%XA1d%bt'4Uf-j!WfQLykE9dSjF*,U=8E'UO&d[dro8T,GWm1k9%xRV-Dl{}mA@K8+jz{^4?=0!xkt'2cg=kF.s9dm*M=eUfI=ynr_Agu3w2g!xtMJw$[j[Mhk=n6d{AIY9'9V*aWshwps@wVy1,LaKzL7P%4ZN'T4@E0E.t^I7&ZTD,?V[_8P9`SC%XNzCuDk@QeJCJRo=`^~QpDB@ZpObVKJI8aA9QkTg[}5A@vG_JqbJQ?T?u4oI**Q@V`WQy1NmYFO?ft6pnL&CQgDn1)$gJRFAIJl4u?O?JQ~~Ebn.&Zp8VzRARuXfq22(gS6RR,A9!L=LJL^aAa}B{{j'$^s?[-A5aiUK%P*2-f%0(0eAnhX3YOuO
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe"="VISTARTM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla]
"path"="C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://isearch.avg.com/tab?cid={1889AFB4-5EA2-465E-86BF-97D7CA704E03}&mid=2d4db31fdecc47d19e366d3e71d593c3-7af3d878c5e24718e2f684cc2630db269fc78bad&lang=en&ds=AVG&pr=pr&d=2011-09-26 23:08:28&v=8.0.0.34&sap=nt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
"DllName"="avgssie.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\14.0\Registration\{90140000-003D-0000-0000-0000000FF1CE}]
"Current"="TQBJAEMAUgBPAFMATwBGAFQAIABTAE8ARgBUAFcAQQBSAEUAIABMAEkAQwBFAE4AUwBFACAAVABFAFIATQBTAA0ACgBNAEkAQwBSAE8AUwBPAEYAVAAgAE8ARgBGAEkAQwBFACAAMgAwADEAMAAgAEQARQBTAEsAVABPAFAAIABBAFAAUABMAEkAQwBBAFQASQBPAE4AIABTAE8ARgBUAFcAQQBSAEUADQAKAEIAZQBsAG8AdwAgAGEAcgBlACAAdABoAHIAZQBlACAAcwBlAHAAYQByAGEAdABlACAAcwBlAHQAcwAgAG8AZgAgAGwAaQBjAGUAbgBzAGUAIAB0AGUAcgBtAHMALgAgAE8AbgBsAHkAIABvAG4AZQAgAHMAZQB0ACAAYQBwAHAAbABpAGUAcwAgAHQAbwAgAHkAbwB1AC4AIABUAG8AIABkAGUAdABlAHIAbQBpAG4AZQAgAHcAaABpAGMAaAAgAGwAaQBjAGUAbgBzAGUAIAB0AGUAcgBtAHMAIABhAHAAcABsAHkAIAB0AG8AIAB5AG8AdQAgAGMAaABlAGMAawAgAHQAaABlACAAbABpAGMAZQBuAHMAZQAgAGQAZQBzAGkAZwBuAGEAdABpAG8AbgAgAHAAcgBpAG4AdABlAGQAIABlAGkAdABoAGUAcgAgAG8AbgAgAHkAbwB1AHIAIABwAHIAbwBkAHUAYwB0ACAAawBlAHkALAAgAG4AZQBhAHIAIAB0AGgAZQAgAHAAcgBvAGQAdQBjAHQAIABuAGEAbQBlACAAbwBuACAAeQBvAHUAcgAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAG8AZgAgAEEAdQB0AGgAZQBuAHQAaQBjAGkAdAB5ACwAIABvAHIA
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\14.0\Registration\{91140000-0019-0000-0000-0000000FF1CE}]
"Current"="TQBJAEMAUgBPAFMATwBGAFQAIABTAE8ARgBUAFcAQQBSAEUAIABMAEkAQwBFAE4AUwBFACAAVABFAFIATQBTAA0ACgBNAEkAQwBSAE8AUwBPAEYAVAAgAE8ARgBGAEkAQwBFACAAMgAwADEAMAAgAEQARQBTAEsAVABPAFAAIABBAFAAUABMAEkAQwBBAFQASQBPAE4AIABTAE8ARgBUAFcAQQBSAEUADQAKAEIAZQBsAG8AdwAgAGEAcgBlACAAdABoAHIAZQBlACAAcwBlAHAAYQByAGEAdABlACAAcwBlAHQAcwAgAG8AZgAgAGwAaQBjAGUAbgBzAGUAIAB0AGUAcgBtAHMALgAgAE8AbgBsAHkAIABvAG4AZQAgAHMAZQB0ACAAYQBwAHAAbABpAGUAcwAgAHQAbwAgAHkAbwB1AC4AIABUAG8AIABkAGUAdABlAHIAbQBpAG4AZQAgAHcAaABpAGMAaAAgAGwAaQBjAGUAbgBzAGUAIAB0AGUAcgBtAHMAIABhAHAAcABsAHkAIAB0AG8AIAB5AG8AdQAgAGMAaABlAGMAawAgAHQAaABlACAAbABpAGMAZQBuAHMAZQAgAGQAZQBzAGkAZwBuAGEAdABpAG8AbgAgAHAAcgBpAG4AdABlAGQAIABlAGkAdABoAGUAcgAgAG8AbgAgAHkAbwB1AHIAIABwAHIAbwBkAHUAYwB0ACAAawBlAHkALAAgAG4AZQBhAHIAIAB0AGgAZQAgAHAAcgBvAGQAdQBjAHQAIABuAGEAbQBlACAAbwBuACAAeQBvAHUAcgAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAG8AZgAgAEEAdQB0AGgAZQBuAHQAaQBjAGkAdAB5ACwAIABvAHIA
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\14.0\User Settings\{90140000-003D-0000-0000-0000000FF1CE}\Create\Software\Microsoft\Office\14.0]
"Current"="TQBJAEMAUgBPAFMATwBGAFQAIABTAE8ARgBUAFcAQQBSAEUAIABMAEkAQwBFAE4AUwBFACAAVABFAFIATQBTAA0ACgBNAEkAQwBSAE8AUwBPAEYAVAAgAE8ARgBGAEkAQwBFACAAMgAwADEAMAAgAEQARQBTAEsAVABPAFAAIABBAFAAUABMAEkAQwBBAFQASQBPAE4AIABTAE8ARgBUAFcAQQBSAEUADQAKAEIAZQBsAG8AdwAgAGEAcgBlACAAdABoAHIAZQBlACAAcwBlAHAAYQByAGEAdABlACAAcwBlAHQAcwAgAG8AZgAgAGwAaQBjAGUAbgBzAGUAIAB0AGUAcgBtAHMALgAgAE8AbgBsAHkAIABvAG4AZQAgAHMAZQB0ACAAYQBwAHAAbABpAGUAcwAgAHQAbwAgAHkAbwB1AC4AIABUAG8AIABkAGUAdABlAHIAbQBpAG4AZQAgAHcAaABpAGMAaAAgAGwAaQBjAGUAbgBzAGUAIAB0AGUAcgBtAHMAIABhAHAAcABsAHkAIAB0AG8AIAB5AG8AdQAgAGMAaABlAGMAawAgAHQAaABlACAAbABpAGMAZQBuAHMAZQAgAGQAZQBzAGkAZwBuAGEAdABpAG8AbgAgAHAAcgBpAG4AdABlAGQAIABlAGkAdABoAGUAcgAgAG8AbgAgAHkAbwB1AHIAIABwAHIAbwBkAHUAYwB0ACAAawBlAHkALAAgAG4AZQBhAHIAIAB0AGgAZQAgAHAAcgBvAGQAdQBjAHQAIABuAGEAbQBlACAAbwBuACAAeQBvAHUAcgAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAG8AZgAgAEEAd
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\14.0\User Settings\{91140000-0019-0000-0000-0000000FF1CE}\Create\Software\Microsoft\Office\14.0]
"Current"="TQBJAEMAUgBPAFMATwBGAFQAIABTAE8ARgBUAFcAQQBSAEUAIABMAEkAQwBFAE4AUwBFACAAVABFAFIATQBTAA0ACgBNAEkAQwBSAE8AUwBPAEYAVAAgAE8ARgBGAEkAQwBFACAAMgAwADEAMAAgAEQARQBTAEsAVABPAFAAIABBAFAAUABMAEkAQwBBAFQASQBPAE4AIABTAE8ARgBUAFcAQQBSAEUADQAKAEIAZQBsAG8AdwAgAGEAcgBlACAAdABoAHIAZQBlACAAcwBlAHAAYQByAGEAdABlACAAcwBlAHQAcwAgAG8AZgAgAGwAaQBjAGUAbgBzAGUAIAB0AGUAcgBtAHMALgAgAE8AbgBsAHkAIABvAG4AZQAgAHMAZQB0ACAAYQBwAHAAbABpAGUAcwAgAHQAbwAgAHkAbwB1AC4AIABUAG8AIABkAGUAdABlAHIAbQBpAG4AZQAgAHcAaABpAGMAaAAgAGwAaQBjAGUAbgBzAGUAIAB0AGUAcgBtAHMAIABhAHAAcABsAHkAIAB0AG8AIAB5AG8AdQAgAGMAaABlAGMAawAgAHQAaABlACAAbABpAGMAZQBuAHMAZQAgAGQAZQBzAGkAZwBuAGEAdABpAG8AbgAgAHAAcgBpAG4AdABlAGQAIABlAGkAdABoAGUAcgAgAG8AbgAgAHkAbwB1AHIAIABwAHIAbwBkAHUAYwB0ACAAawBlAHkALAAgAG4AZQBhAHIAIAB0AGgAZQAgAHAAcgBvAGQAdQBjAHQAIABuAGEAbQBlACAAbwBuACAAeQBvAHUAcgAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAG8AZgAgAEEAd
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AVGTBInstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AVGTBInstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgui_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgui_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processo
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files (x86)\AVG\AVG2012\Firefox4\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A30}\LocalServer32]
@="C:\PROGRA~2\AVG\AVG2012\PCTuneup\MICROS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}]
"LocalizedString"="@C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll,-200"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}\InprocServer32]
@="C:\PROGRA~2\AVG\AVG2012\PCTuneup\MICROS~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}\Path]
"x86"="C:\Program Files (x86)\AVG\AVG2012\avgapix.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}]
"url"="fwstats.mtrap.avg.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\9.0.1\toolband"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}\1.0\HELPDIR]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\9.0.1\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012\PCTuneup\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSEH]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSEH\0000]
"Service"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSEH\0000]
"DeviceDesc"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSFILTER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"Service"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"DeviceDesc"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64\0000]
"Service"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA\0000]
"Service"="Avgtdia"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG TDI Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{047BBE05-F97E-4A27-8BBA-BC625AECB362}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{57941FF1-BB9D-47AF-A50D-D21FF16DF576}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{36254D28-DFBD-4ED0-BB81-D7B45F1C1D6D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe|Name=Online Shield|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A2DC079A-283D-4F41-B5DC-755BA76E9814}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe|Name=Online Shield|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F0EC39CA-F9A7-42CF-A083-0B2289046238}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe|Name=AVG Diagnostics 2012|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{71CD268B-7513-484E-8C13-174CF19EB0F5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe|Name=AVG Diagnostics 2012|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D4714A5-4A04-4E91-9011-787BF3827959}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe|Name=Online Shield|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D633D410-DBB6-4D3A-8E84-0FC27BB31678}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe|Name=Online Shield|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4B58352B-2697-4041-9549-36ED33880309}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe|Name=AVG Diagnostics 2012|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DBAF5CC-509F-4A27-82AE-09755F89EDF1}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe|Name=AVG Diagnostics 2012|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSEH]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSEH\0000]
"Service"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSEH\0000]
"DeviceDesc"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSFILTER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"Service"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"DeviceDesc"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64\0000]
"Service"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA\0000]
"Service"="Avgtdia"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG TDI Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{047BBE05-F97E-4A27-8BBA-BC625AECB362}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{57941FF1-BB9D-47AF-A50D-D21FF16DF576}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{36254D28-DFBD-4ED0-BB81-D7B45F1C1D6D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe|Name=Online Shield|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A2DC079A-283D-4F41-B5DC-755BA76E9814}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe|Name=Online Shield|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F0EC39CA-F9A7-42CF-A083-0B2289046238}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe|Name=AVG Diagnostics 2012|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{71CD268B-7513-484E-8C13-174CF19EB0F5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe|Name=AVG Diagnostics 2012|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D4714A5-4A04-4E91-9011-787BF3827959}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe|Name=Online Shield|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D633D410-DBB6-4D3A-8E84-0FC27BB31678}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe|Name=Online Shield|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4B58352B-2697-4041-9549-36ED33880309}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe|Name=AVG Diagnostics 2012|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DBAF5CC-509F-4A27-82AE-09755F89EDF1}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe|Name=AVG Diagnostics 2012|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH\0000]
"Service"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH\0000]
"DeviceDesc"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSFILTER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"Service"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"DeviceDesc"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64\0000]
"Service"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA\0000]
"Service"="Avgtdia"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG TDI Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{047BBE05-F97E-4A27-8BBA-BC625AECB362}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{57941FF1-BB9D-47AF-A50D-D21FF16DF576}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{36254D28-DFBD-4ED0-BB81-D7B45F1C1D6D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe|Name=Online Shield|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A2DC079A-283D-4F41-B5DC-755BA76E9814}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe|Name=Online Shield|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F0EC39CA-F9A7-42CF-A083-0B2289046238}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe|Name=AVG Diagnostics 2012|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{71CD268B-7513-484E-8C13-174CF19EB0F5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe|Name=AVG Diagnostics 2012|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D4714A5-4A04-4E91-9011-787BF3827959}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe|Name=Online Shield|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D633D410-DBB6-4D3A-8E84-0FC27BB31678}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe|Name=Online Shield|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4B58352B-2697-4041-9549-36ED33880309}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe|Name=AVG Diagnostics 2012|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DBAF5CC-509F-4A27-82AE-09755F89EDF1}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe|Name=AVG Diagnostics 2012|"
[HKEY_USERS\.DEFAULT\Software\AVG Secure Search]
[HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\PhysicalDeviceID\01zy2Qd2V0iZRJA3Sd6OiTUQ]
"DeviceId"="<Data><User username="01ZY2QD2V0IZRJA3SD6OITUQ"><Pwd Det="true">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAw3p1yKegSU6SD5xJ3jES7gQAAAACAAAAAAAQZgAAAAEAACAAAADKGNYxMVR1oB0Dq38cW3eaYx863vNIkvaCQteahvwEsgAAAAAOgAAAAAIAACAAAABFPf9GOPW/uX3kwDlNxmQQ+d1BC7GW5THoD32a6iglekAAAABydzSqR1FQ/TU4LMCgxG5dw7Rt9ptd6+9Zlf14tXTO+bX0aJRWULlu2BqH0UrmFnKOjnWc0phqW73TPPwPhDWdQAAAAJl+n1UVTCYDwMEL8kwrO6tceO5KaA0Fy7rTXZ9k8A23unjaFHalb50SKYqIRLGk/q2xR0zXFMolDikQ0Ve+Ubw=</Pwd><Certificate targetname="WindowsLive:(cert):name=01zy2qd2v0izrja3sd6oituq;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEAdwAzAHAAMQB5AEsAZQBnAFMAVQA2AFMARAA1AHgASgAzAGoARQBTADcAZwBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEQAcABsAFQAdABlAC8
[HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-3249648881-3253301769-3927457880-1000\02qyeqcoarqp]
"DeviceId"="<Data><User username="02QYEQCOARQP"><Pwd Det="false">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAw3p1yKegSU6SD5xJ3jES7gQAAAACAAAAAAAQZgAAAAEAACAAAAAKPUr+yRHPhErHgNfqnMFIUCIcFBAKIXUFSgsL1VPdSQAAAAAOgAAAAAIAACAAAADkfpuNMtT96w8QTtM5RUFR1vrd+/975UFz3/4DyWD1ezAAAAB2gNNTWGtc8NAyuqGJ9v2e4UUby4peG2lyzVwK77j6cNMAJuQgMhN7hdyMhsmcg1JAAAAAaOMK1DMiscVbGlBul6LzMsc1Qvxls1153Zc9Tytd+o9qJCzb8DES4t5rrO0DE1MZLDt4mgRiYklsTrpEepBKXQ==</Pwd><Certificate targetname="WindowsLive:(cert):name=02qyeqcoarqp;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEAdwAzAHAAMQB5AEsAZQBnAFMAVQA2AFMARAA1AHgASgAzAGoARQBTADcAZwBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEEAUABVAHIAOQBzAHAAMAAyAHMAUwBQAEsAdwBnAEgA
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\AppEvents\EventLabels\avgtrayRSAlert]
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\AppEvents\EventLabels\avgtrayScanFinished]
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\AppEvents\EventLabels\avgtrayScanStarted]
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\AppEvents\EventLabels\avgtrayUpdEnd]
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\AppEvents\EventLabels\avgtrayUpdEndFail]
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\AppEvents\EventLabels\avgtrayUpdStart]
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\AppEvents\EventLabels\avgtrayWSAlert]
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Adobe\Acrobat Reader\10.0\AVGeneral]
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\AVG Secure Search]
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\AVG Secure Search]
"CurrentToolbarSearchURL"="http://isearch.avg.com/search?cid=%GUID%&mid=%MID%&lang=%LANG%&ds=%DISTSOURCE%&pr=%PROFILE%&d=%INSTALLDATE%&v=%TBVERSION%&sap=tr&q=%s1%"
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f20e7ccb_0]
@="{0.0.0.00000000}.{c7eac0a8-328b-4dc0-8ed1-16696cddf7b4}|\Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2012\avgtray.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Classes\Applications\avgtray.exe]
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Classes\Applications\avgtray.exe]
"TaskbarGroupIcon"="C:\Program Files (x86)\AVG\AVG2012\avguires.dll,-128"
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Classes\Applications\avgui.exe]
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Classes\Applications\avgui.exe]
"TaskbarGroupIcon"="C:\Program Files (x86)\AVG\AVG2012\avguires.dll,-128"
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG LinkScanner®"
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG LinkScanner®"
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe"="AVG Diagnostics Utility"
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000_Classes\Applications\avgtray.exe]
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000_Classes\Applications\avgtray.exe]
"TaskbarGroupIcon"="C:\Program Files (x86)\AVG\AVG2012\avguires.dll,-128"
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000_Classes\Applications\avgui.exe]
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000_Classes\Applications\avgui.exe]
"TaskbarGroupIcon"="C:\Program Files (x86)\AVG\AVG2012\avguires.dll,-128"
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG LinkScanner®"
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG LinkScanner®"
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe"="AVG Diagnostics Utility"
[HKEY_USERS\S-1-5-18\Software\AVG Secure Search]
[HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\DeviceIdentities\production\PhysicalDeviceID\01zy2Qd2V0iZRJA3Sd6OiTUQ]
"DeviceId"="<Data><User username="01ZY2QD2V0IZRJA3SD6OITUQ"><Pwd Det="true">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAw3p1yKegSU6SD5xJ3jES7gQAAAACAAAAAAAQZgAAAAEAACAAAADKGNYxMVR1oB0Dq38cW3eaYx863vNIkvaCQteahvwEsgAAAAAOgAAAAAIAACAAAABFPf9GOPW/uX3kwDlNxmQQ+d1BC7GW5THoD32a6iglekAAAABydzSqR1FQ/TU4LM
Back to top
View user's profile Send private message
elizabeth
Junior Member


Joined: 12 Mar 2012
Last Visit: 15 May 2012
Posts: 14

PostPosted: Thu Mar 15, 2012 10:52 am    Post subject: System Look File Output Part 2 Reply with quote

Gary,
I think this makes the file output report complete (I did not see the "EOF" at the end of my last post).

Systemlook.txt part two results:

[HKEY_USERS\S-1-5-18\Software\AVG Secure Search]
[HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\DeviceIdentities\production\PhysicalDeviceID\01zy2Qd2V0iZRJA3Sd6OiTUQ]
"DeviceId"="<Data><User username="01ZY2QD2V0IZRJA3SD6OITUQ"><Pwd Det="true">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAw3p1yKegSU6SD5xJ3jES7gQAAAACAAAAAAAQZgAAAAEAACAAAADKGNYxMVR1oB0Dq38cW3eaYx863vNIkvaCQteahvwEsgAAAAAOgAAAAAIAACAAAABFPf9GOPW/uX3kwDlNxmQQ+d1BC7GW5THoD32a6iglekAAAABydzSqR1FQ/TU4LMCgxG5dw7Rt9ptd6+9Zlf14tXTO+bX0aJRWULlu2BqH0UrmFnKOjnWc0phqW73TPPwPhDWdQAAAAJl+n1UVTCYDwMEL8kwrO6tceO5KaA0Fy7rTXZ9k8A23unjaFHalb50SKYqIRLGk/q2xR0zXFMolDikQ0Ve+Ubw=</Pwd><Certificate targetname="WindowsLive:(cert):name=01zy2qd2v0izrja3sd6oituq;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEAdwAzAHAAMQB5AEsAZQBnAFMAVQA2AFMARAA1AHgASgAzAGoARQBTADcAZwBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEQAcABsAFQAdABlAC8
[HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-3249648881-3253301769-3927457880-1000\02qyeqcoarqp]
"DeviceId"="<Data><User username="02QYEQCOARQP"><Pwd Det="false">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAw3p1yKegSU6SD5xJ3jES7gQAAAACAAAAAAAQZgAAAAEAACAAAAAKPUr+yRHPhErHgNfqnMFIUCIcFBAKIXUFSgsL1VPdSQAAAAAOgAAAAAIAACAAAADkfpuNMtT96w8QTtM5RUFR1vrd+/975UFz3/4DyWD1ezAAAAB2gNNTWGtc8NAyuqGJ9v2e4UUby4peG2lyzVwK77j6cNMAJuQgMhN7hdyMhsmcg1JAAAAAaOMK1DMiscVbGlBul6LzMsc1Qvxls1153Zc9Tytd+o9qJCzb8DES4t5rrO0DE1MZLDt4mgRiYklsTrpEepBKXQ==</Pwd><Certificate targetname="WindowsLive:(cert):name=02qyeqcoarqp;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEAdwAzAHAAMQB5AEsAZQBnAFMAVQA2AFMARAA1AHgASgAzAGoARQBTADcAZwBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEEAUABVAHIAOQBzAHAAMAAyAHMAUwBQAEsAdwBnAEgA

-= EOF =-
Back to top
View user's profile Send private message
elizabeth
Junior Member


Joined: 12 Mar 2012
Last Visit: 15 May 2012
Posts: 14

PostPosted: Thu Mar 15, 2012 10:56 am    Post subject: FSS.exe Report Reply with quote

Hi Gary,
Here are the results of the FSS.exe RAA scan:

Farbar Service Scanner Version: 01-03-2012
Ran by ecb (administrator) on 15-03-2012 at 14:54:24
Running from "C:\Users\ecb\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Thu Mar 15, 2012 1:10 pm    Post subject: Reply with quote

OK, still quite a few orphans to remove ....


  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

Code:
:Files
C:\ProgramData\AVAST Software
C:\Users\All Users\AVAST Software

:Reg
[-HKEY_CURRENT_USER\Software\AVAST Software]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Avast Software]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\AVAST Software\Avast\VisthAux.exe"=-
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\ecb\Downloads\avast_free_antivirus_setup.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}\1.0\0\win64]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}\1.0\HELPDIR]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}\1.0\0\win64]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}\1.0\HELPDIR]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AVAST Software]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Exchange\Client\Extensions]
"avast!"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}\1.0\0\win64]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}\1.0\HELPDIR]
@=-
[-HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\AVAST Software]
[-HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Avast Software]
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\AVAST Software\Avast\VisthAux.exe"=-
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\ecb\Downloads\avast_free_antivirus_setup.exe"=-
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\AVAST Software\Avast\VisthAux.exe"=-
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\ecb\Downloads\avast_free_antivirus_setup.exe"=-
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayRSAlert]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinished]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanStarted]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEnd]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEndFail]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdStart]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayWSAlert]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\AVG Secure Search]
[-HKEY_CURRENT_USER\Software\Classes\Applications\avgtray.exe]
[-HKEY_CURRENT_USER\Software\Classes\Applications\avgui.exe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"=-
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"=-
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A30}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\Antispam\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\log\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\windows\system32\Drivers\AVG\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\scanlogs\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\update\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\EMC\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\avgam\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\lsdb\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\lsdb\prev\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\Cfg\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\cfgall\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\Temp\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\Dumps\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\Chjw\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\IDS\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\admincli\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\Content\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\Notification\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\myapps\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\3rd_party\licenses\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\3rd_party\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\Drivers\ErHr7x64\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\Drivers\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\Icons\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\Firefox4\Components\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\Firefox4\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\IDS\config\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\fas\component\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\fas\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\dav\component\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\dav\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\obx\component\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\obx\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\pct\component\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\pct\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\sounds\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\Chrome\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\Firefox\Chrome\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\Firefox\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\Firefox4\Chrome\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03417262F87C7FE4AAD0D2FBFC7CB9F3]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E9A06E17F2CBFC42908A7AD66EF5401]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F391EB72F3A0F44798692F96613B5A0]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41ED20A6906033F43860CECF0824F36F]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\47267D11CB256E640ADFDCA61B72D247]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5522F383C5285CC459238472161300DA]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\583CA4CF0AC7F8843A84E5D8130C367A]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D70FD512AFFB5C459F4EB79441AB0CA]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6692140C420A7034BB32511EEF6A4046]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B73052A1DF4DEC4F82474ABD9C86A1D]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\84A020F387925634F9769E7BFE004F20]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9238717B266ADD643AD39013EA460A97]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1134359B7955984A9B6A1FC0EEB7EBE]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4DF15DF1AEF0BC4194959FAC3C8D515]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\chjwlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABD4495076F8C342BE6AC610F4FC2AD]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEA16B55A833DBE4784A89E373C82EF0]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6240439242E4BC4E8F83A199AC2AEE2]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9416FA855A98BF4792271554BFDAABB]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBBE5F8AE6A8DE247A8A775E67E44B3C]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBD102EF66D93CB4A8C6AA14FD2335B3]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEA9A6D8B5FDFB34B875367D1065891A]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D55441B1479F59740AFBE9FDD2740122]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E44FA2B654640724596D61083C5FD4A4]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F061708F3225D9D4D906120730B2AC2D]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1C570715109D3A4A99BE27ED26855D8]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2A8FCE0C74359D4093F67EC7D6E1500]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F59EFE50136030B4E87919A92806215B]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\06AEBDCF0F97EAF4BB8A552AC606A994\InstallProperties]
"Publisher"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AVGTBInstall_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AVGTBInstall_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgui_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgui_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}]
"Publisher"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A30}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSFILTER]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{047BBE05-F97E-4A27-8BBA-BC625AECB362}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{57941FF1-BB9D-47AF-A50D-D21FF16DF576}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{36254D28-DFBD-4ED0-BB81-D7B45F1C1D6D}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A2DC079A-283D-4F41-B5DC-755BA76E9814}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F0EC39CA-F9A7-42CF-A083-0B2289046238}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{71CD268B-7513-484E-8C13-174CF19EB0F5}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D4714A5-4A04-4E91-9011-787BF3827959}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D633D410-DBB6-4D3A-8E84-0FC27BB31678}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4B58352B-2697-4041-9549-36ED33880309}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DBAF5CC-509F-4A27-82AE-09755F89EDF1}"=-
[-HKEY_USERS\.DEFAULT\Software\AVG Secure Search]
[-HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\AppEvents\EventLabels\avgtrayRSAlert]
[-HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\AppEvents\EventLabels\avgtrayScanFinished]
[-HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[-HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\AppEvents\EventLabels\avgtrayScanStarted]
[-HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\AppEvents\EventLabels\avgtrayUpdEnd]
[-HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\AppEvents\EventLabels\avgtrayUpdEndFail]
[-HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\AppEvents\EventLabels\avgtrayUpdStart]
[-HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\AppEvents\EventLabels\avgtrayWSAlert]
[-HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Adobe\Acrobat Reader\10.0\AVGeneral]
[-HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\AVG Secure Search]
[-HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Classes\Applications\avgtray.exe]
[-HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Classes\Applications\avgui.exe]
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"=-
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"=-
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe"=-
[-HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000_Classes\Applications\avgtray.exe]
[-HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000_Classes\Applications\avgui.exe]
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"=-
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"=-
[HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe"=-
[-HKEY_USERS\S-1-5-18\Software\AVG Secure Search]


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.


Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please run a new scan with DDS and post me the DDS.txt log (no need to post me the Attach.txt log, I don't need to see it).

Summary of the logs I need from you in your next post:

  • Latest OTL fix log
  • New DDS.txt log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.

There are some more things to do, but I'd like to take care of the Avast and AVG issues first.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
elizabeth
Junior Member


Joined: 12 Mar 2012
Last Visit: 15 May 2012
Posts: 14

PostPosted: Thu Mar 15, 2012 4:30 pm    Post subject: OTL Re-run Report Reply with quote

Hi Gary,
Thank you for your continued support. I ran the OTL again with the new clipboard info, rebooted, and got this report upon mandatory machine restart at 8:28pm EST just now:

========== FILES ==========
C:\ProgramData\AVAST Software\Avast\Support folder moved successfully.
C:\ProgramData\AVAST Software\Avast\sounds\1033 folder moved successfully.
C:\ProgramData\AVAST Software\Avast\sounds folder moved successfully.
C:\ProgramData\AVAST Software\Avast\report folder moved successfully.
C:\ProgramData\AVAST Software\Avast\moved folder moved successfully.
C:\ProgramData\AVAST Software\Avast\log folder moved successfully.
C:\ProgramData\AVAST Software\Avast\journal folder moved successfully.
C:\ProgramData\AVAST Software\Avast\integ folder moved successfully.
C:\ProgramData\AVAST Software\Avast\HtmlData folder moved successfully.
C:\ProgramData\AVAST Software\Avast\fw folder moved successfully.
C:\ProgramData\AVAST Software\Avast\chest folder moved successfully.
C:\ProgramData\AVAST Software\Avast\backup folder moved successfully.
C:\ProgramData\AVAST Software\Avast folder moved successfully.
C:\ProgramData\AVAST Software folder moved successfully.
File\Folder C:\Users\All Users\AVAST Software not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\AVAST Software\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Avast Software\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\AVAST Software\Avast\VisthAux.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\ecb\Downloads\avast_free_antivirus_setup.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}\1.0\0\win64\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}\1.0\HELPDIR\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}\1.0\0\win64\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}\1.0\HELPDIR\\@ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AVAST Software\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Exchange\Client\Extensions\\avast! deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions\\wrc@avast.com deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}\1.0\0\win64\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}\1.0\HELPDIR\\@ not found.
Registry key HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\AVAST Software\ not found.
Registry key HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Avast Software\ not found.
Registry value HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\AVAST Software\Avast\VisthAux.exe not found.
Registry value HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\ecb\Downloads\avast_free_antivirus_setup.exe not found.
Registry value HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\AVAST Software\Avast\VisthAux.exe not found.
Registry value HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\ecb\Downloads\avast_free_antivirus_setup.exe not found.
Registry key HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayRSAlert\ deleted successfully.
Registry key HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinished\ deleted successfully.
Registry key HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinishedThreatFound\ deleted successfully.
Registry key HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanStarted\ deleted successfully.
Registry key HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEnd\ deleted successfully.
Registry key HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEndFail\ deleted successfully.
Registry key HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdStart\ deleted successfully.
Registry key HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayWSAlert\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\AVG Secure Search\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\Applications\avgtray.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\Applications\avgui.exe\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\AVG\AVG2012\avgui.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\PROGRA~2\AVG\AVG2012\avgui.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D35344-B1B8-4671-81D7-11CF87391027}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A30}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A30}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D35344-B1B8-4671-81D7-11CF87391027}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\\DllName deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03417262F87C7FE4AAD0D2FBFC7CB9F3 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E9A06E17F2CBFC42908A7AD66EF5401 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F391EB72F3A0F44798692F96613B5A0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41ED20A6906033F43860CECF0824F36F not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\47267D11CB256E640ADFDCA61B72D247 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5522F383C5285CC459238472161300DA not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\583CA4CF0AC7F8843A84E5D8130C367A not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D70FD512AFFB5C459F4EB79441AB0CA not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6692140C420A7034BB32511EEF6A4046 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B73052A1DF4DEC4F82474ABD9C86A1D not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\84A020F387925634F9769E7BFE004F20 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9238717B266ADD643AD39013EA460A97 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1134359B7955984A9B6A1FC0EEB7EBE not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4DF15DF1AEF0BC4194959FAC3C8D515\\"00000000000000000000000000000000"|"C:\ProgramData\AVG2012\log\chjwlog.cfg" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABD4495076F8C342BE6AC610F4FC2AD not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEA16B55A833DBE4784A89E373C82EF0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6240439242E4BC4E8F83A199AC2AEE2 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9416FA855A98BF4792271554BFDAABB not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBBE5F8AE6A8DE247A8A775E67E44B3C not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBD102EF66D93CB4A8C6AA14FD2335B3 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEA9A6D8B5FDFB34B875367D1065891A not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D55441B1479F59740AFBE9FDD2740122 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E44FA2B654640724596D61083C5FD4A4 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F061708F3225D9D4D906120730B2AC2D not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1C570715109D3A4A99BE27ED26855D8 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2A8FCE0C74359D4093F67EC7D6E1500 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F59EFE50136030B4E87919A92806215B not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\06AEBDCF0F97EAF4BB8A552AC606A994\InstallProperties not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\\C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs\\Tabs deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\\DllName not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AVGTBInstall_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AVGTBInstall_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgui_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgui_RASMANCS\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}\\Publisher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A30}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A30}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E5D35344-B1B8-4671-81D7-11CF87391027}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D35344-B1B8-4671-81D7-11CF87391027}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSFILTER\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA\ scheduled to be deleted on reboot.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{047BBE05-F97E-4A27-8BBA-BC625AECB362} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{047BBE05-F97E-4A27-8BBA-BC625AECB362}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{57941FF1-BB9D-47AF-A50D-D21FF16DF576} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57941FF1-BB9D-47AF-A50D-D21FF16DF576}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{36254D28-DFBD-4ED0-BB81-D7B45F1C1D6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36254D28-DFBD-4ED0-BB81-D7B45F1C1D6D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A2DC079A-283D-4F41-B5DC-755BA76E9814} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2DC079A-283D-4F41-B5DC-755BA76E9814}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F0EC39CA-F9A7-42CF-A083-0B2289046238} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0EC39CA-F9A7-42CF-A083-0B2289046238}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71CD268B-7513-484E-8C13-174CF19EB0F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71CD268B-7513-484E-8C13-174CF19EB0F5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D4714A5-4A04-4E91-9011-787BF3827959} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D4714A5-4A04-4E91-9011-787BF3827959}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D633D410-DBB6-4D3A-8E84-0FC27BB31678} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D633D410-DBB6-4D3A-8E84-0FC27BB31678}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4B58352B-2697-4041-9549-36ED33880309} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B58352B-2697-4041-9549-36ED33880309}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1DBAF5CC-509F-4A27-82AE-09755F89EDF1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DBAF5CC-509F-4A27-82AE-09755F89EDF1}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\AVG Secure Search\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\AppEvents\EventLabels\avgtrayRSAlert\ not found.
Registry key HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\AppEvents\EventLabels\avgtrayScanFinished\ not found.
Registry key HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\AppEvents\EventLabels\avgtrayScanFinishedThreatFound\ not found.
Registry key HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\AppEvents\EventLabels\avgtrayScanStarted\ not found.
Registry key HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\AppEvents\EventLabels\avgtrayUpdEnd\ not found.
Registry key HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\AppEvents\EventLabels\avgtrayUpdEndFail\ not found.
Registry key HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\AppEvents\EventLabels\avgtrayUpdStart\ not found.
Registry key HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\AppEvents\EventLabels\avgtrayWSAlert\ not found.
Registry key HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Adobe\Acrobat Reader\10.0\AVGeneral\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\AVG Secure Search\ not found.
Registry key HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Classes\Applications\avgtray.exe\ not found.
Registry key HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Classes\Applications\avgui.exe\ not found.
Registry value HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\AVG\AVG2012\avgui.exe not found.
Registry value HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\PROGRA~2\AVG\AVG2012\avgui.exe not found.
Registry value HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe not found.
Registry key HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000_Classes\Applications\avgtray.exe\ not found.
Registry key HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000_Classes\Applications\avgui.exe\ not found.
Registry value HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\AVG\AVG2012\avgui.exe not found.
Registry value HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\PROGRA~2\AVG\AVG2012\avgui.exe not found.
Registry value HKEY_USERS\S-1-5-21-3249648881-3253301769-3927457880-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe not found.
Registry key HKEY_USERS\S-1-5-18\Software\AVG Secure Search\ not found.

OTL by OldTimer - Version 3.2.37.0 log created on 03152012_202353

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSFILTER\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA\ scheduled to be deleted on reboot.
Back to top
View user's profile Send private message
elizabeth
Junior Member


Joined: 12 Mar 2012
Last Visit: 15 May 2012
Posts: 14

PostPosted: Thu Mar 15, 2012 4:40 pm    Post subject: New DDS.txt Report Reply with quote

Gary,
I downloaded the .com version and ran it again. I appreciate you not giving up on my stubborn system!

Thank you for looking over the results below:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by ecb at 20:36:29 on 2012-03-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4009.2310 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://solutions.us.fujitsu.com/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
TB: {F0381DBD-E018-4E07-AE40-D96AB15083F0} - No File
uRun: [Google Update] "C:\Users\ecb\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IndicatorUtility] "C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe"
mRun: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
mRun: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
mRun: [snp2uvc] C:\windows\vsnp2uvc.exe
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [OTL] "C:\Users\ecb\Desktop\OTL.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} - hxxps://browsercheck.qualys.com/qbc_ax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
TCP: Interfaces\{C8A8BBF8-1AC9-4B35-A9E3-8E531D550421} : DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
TCP: Interfaces\{C8A8BBF8-1AC9-4B35-A9E3-8E531D550421}\24573796E656373702C4F657E67656 : DhcpNameServer = 74.174.50.5 74.174.50.6
TCP: Interfaces\{C8A8BBF8-1AC9-4B35-A9E3-8E531D550421}\3686562727976616962797 : DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
TCP: Interfaces\{C8A8BBF8-1AC9-4B35-A9E3-8E531D550421}\4456E6E69737F575962756C6563737 : DhcpNameServer = 70.148.95.201 205.152.128.23
TCP: Interfaces\{C8A8BBF8-1AC9-4B35-A9E3-8E531D550421}\47271696E61323 : DhcpNameServer = 74.174.50.5 74.174.50.6
TCP: Interfaces\{C8A8BBF8-1AC9-4B35-A9E3-8E531D550421}\7475343475946494 : DhcpNameServer = 74.174.50.5
TCP: Interfaces\{C8A8BBF8-1AC9-4B35-A9E3-8E531D550421}\B462A4 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C8A8BBF8-1AC9-4B35-A9E3-8E531D550421}\E4544574541425 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {F0381DBD-E018-4E07-AE40-D96AB15083F0} - No File
mRun-x64: [IndicatorUtility] "C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe"
mRun-x64: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun-x64: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
mRun-x64: [snp2uvc] C:\windows\vsnp2uvc.exe
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [OTL] "C:\Users\ecb\Desktop\OTL.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ecb\AppData\Roaming\Mozilla\Firefox\Profiles\yjeuv1af.No Conduit March 8 2012\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\ecb\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\ecb\AppData\Roaming\Mozilla\Firefox\Profiles\yjeuv1af.No Conduit March 8 2012\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}\plugins\npqbc.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 FBIOSDRV;Fujitsu BIOS Driver;C:\windows\system32\Drivers\FBIOSDRV.sys --> C:\windows\system32\Drivers\FBIOSDRV.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-3 897088]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-13 652872]
R2 PowerSavingUtilityService;PowerSavingUtilityService;C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2011-4-7 63336]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-7 2656280]
R2 UpdateNaviInstallService;UpdateNaviInstallService;C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe [2009-9-30 14336]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\system32\DRIVERS\btmaux.sys --> C:\windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\windows\system32\DRIVERS\btmhsf.sys --> C:\windows\system32\DRIVERS\btmhsf.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\windows\system32\drivers\FUJ02E3.sys --> C:\windows\system32\drivers\FUJ02E3.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\windows\system32\DRIVERS\iBtFltCoex.sys --> C:\windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\windows\system32\DRIVERS\iwdbus.sys --> C:\windows\system32\DRIVERS\iwdbus.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\drivers\HECIx64.sys --> C:\windows\system32\drivers\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-26 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\windows\system32\DRIVERS\BrSerIb.sys --> C:\windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\windows\system32\DRIVERS\BrUsbSIb.sys --> C:\windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-26 136176]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\system32\drivers\intelaud.sys --> C:\windows\system32\drivers\intelaud.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-16 00:06:56 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7CFF2C8-7A6D-443B-BFB4-51CBE4054B92}\mpengine.dll
2012-03-15 18:05:29 -------- d-----w- C:\_OTL
2012-03-14 10:28:26 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-14 10:28:26 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 10:28:25 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-03-14 03:13:36 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-03-14 03:13:35 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-03-14 03:13:35 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-03-14 03:13:01 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-03-14 03:13:01 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-03-14 03:13:01 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-03-14 03:12:59 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-03-14 03:12:59 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-03-14 03:12:59 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-03-14 03:12:59 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-03-06 01:01:12 -------- d-----w- C:\Users\ecb\OLIT Papers
2012-02-28 11:23:17 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-27 13:21:10 162664 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-27 05:08:01 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50C0DC84-2785-42A2-B700-4D464A1F434B}\gapaengine.dll
2012-02-27 05:07:02 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-02-27 05:06:54 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-02-27 04:27:23 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-02-27 04:21:54 -------- d-----r- C:\Program Files (x86)\Skype
2012-02-27 04:15:32 -------- d-----w- C:\Users\ecb\AppData\Local\Secunia PSI
2012-02-27 04:15:23 -------- d-----w- C:\Program Files (x86)\Secunia
2012-02-27 03:10:51 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{627AD6B4-A455-4CAC-B8A1-85DBE24FB8E9}\offreg.dll
2012-02-27 02:55:34 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{627AD6B4-A455-4CAC-B8A1-85DBE24FB8E9}\mpengine.dll
2012-02-24 03:34:34 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-02-23 15:33:34 -------- d-----w- C:\MATS
2012-02-21 00:41:27 -------- d-----w- C:\Users\ecb\.elan_data
2012-02-19 14:26:21 -------- d-----w- C:\Users\ecb\AppData\Roaming\Abine
2012-02-15 03:37:52 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-02-15 03:13:29 -------- d-----w- C:\Program Files (x86)\VS Revo Group
.
==================== Find3M ====================
.
2012-03-09 17:29:40 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-27 02:54:05 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-02-15 03:37:18 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2012-02-15 03:37:18 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2012-01-31 12:44:20 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-01-04 10:44:20 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\windows\SysWow64\timedate.cpl
2011-12-28 23:57:26 37888 ----a-w- C:\windows\System32\drivers\taphss.sys
2011-12-28 03:59:24 498688 ----a-w- C:\windows\System32\drivers\afd.sys
.
============= FINISH: 20:37:01.69 ===============
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Thu Mar 15, 2012 10:15 pm    Post subject: Reply with quote

OK, looks like we've successfully removed Avast and AVG now (or as much as we need to anyway). Time to move onto other things.

I think it would be a good idea to run an online scan to make sure you haven't picked up something nasty.

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go HERE then click on:

Quote:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.


  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:



    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: (Selecting Uninstall application on close if you so wish)


As far as Microsoft Security Essentials, DDS shows it to be updated. Windows Defender is shut down, but that is normal when MSE is installed ..... http://answers.microsoft.com/en-us/protect/forum/protect_start/windows-defender-and-microsoft-security-essentials/5309cb8d-02e1-40e8-974f-0dcedb9ab9fd

Quote:
Q: Is Microsoft Security Essentials designed to replace Windows Defender?

A: No but if you are running Microsoft Security Essentials, you do not need to run Windows Defender. Microsoft Security Essentials is designed to disable Windows Defender in order to manage the PC’s real-time protection, including anti-virus, rootkits, Trojans and spyware.


_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Sun Mar 18, 2012 10:01 pm    Post subject: Reply with quote

Quote:
Due to lack of response this topic is now closed.

If you still need help you must open a new thread in the Help with Spyware Removal forum, post a new log, and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

Gary R

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Mon Mar 19, 2012 8:57 am    Post subject: Reply with quote

Topic re-opened .... just got called away, back ASAP.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Mon Mar 19, 2012 2:09 pm    Post subject: Reply with quote

Since your e-set log was clean, I think it's reasonable to assume you're clear of any infection and we can set about trying to secure your computer against infection.

First

We need to remove the programs we've been using to investigate your computer ....

Let's clear out OTL and the files and folders it created. This will also remove SystemLook.

  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).


Next

Please delete Farbar Service Scanner and the report file FSS.txt that it created.

You can also delete DDS and any log files it has produced.

As far as securing your computer is concerned ....

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.


You asked me earlier about using VPNs, and I have to admit I have no personal hands-on experience of working with VPNs, so I'll need to ask around amongst my colleagues to see if any of them have any recommendations. If I get anything useful I'll post it later.

Rather than going all the way with a VPN, you might want to consider using a Sandbox. Some anti-virus programs come with sandboxing capabilities built in (like Avast), but considering we've just spent so much time removing Avast from your machine, you'll probably prefer to use one of the purpose built sandboxing programs like Sandboxie.

As for a Firewall, you won't really gain much extra security using a 3rd party firewall rather than the built in firewall that comes with Windows 7, though the 3rd party offerings are usually easier to configure for 2 way operation.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Fri Mar 23, 2012 7:06 am    Post subject: Reply with quote

Quote:
This topic is now closed.

It will not be re-opened


[B]Gary R

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group