Bullguard Free Antivirus Forum

The original version of this page can be found at : http://forum.bullguard.com/forum/10/Possible-Virus---Help-Request_94824.html

Posted By : JohnP - 12/15/2012 9:17 PM

Evening All,

I was hoping for some help as I suspect i have a virus.

I'm having problems running some exe files, and file updates (such as itunes) and also no zip files will extract. Also, the PC is runnng very slowly and I've a usage warning hich is very strange.

I've run the programs as advised (cc cleaner, Malware, virus scanner). The DDS scan wouldn't run from the link on this website (downloaded as a text file) and I've managed to download it from elsewhere but the scan won't complete. I will restart and try after I've posted this.

I'd very much appreciate any help that can be offered.

Thanks,

John

Virus scan is clean, but here is a report from the resident shield protection:
Resident Shield detection
Infection;"Object";"Result";"Detection time";"Object Type";"Process"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 17:35:59";"file";"C:\Windows\System32\consent.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 17:35:59";"file";"C:\Windows\System32\consent.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 17:28:00";"file";"C:\Windows\System32\taskeng.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 17:28:00";"file";"C:\Windows\System32\taskeng.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 17:21:32";"file";"C:\Windows\System32\taskeng.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 17:21:32";"file";"C:\Windows\System32\taskeng.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 17:11:03";"file";"C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 17:11:03";"file";"C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 16:58:31";"file";"C:\Windows\System32\rundll32.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 16:58:31";"file";"C:\Windows\System32\rundll32.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 16:56:54";"file";"C:\Windows\System32\taskeng.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 16:56:54";"file";"C:\Windows\System32\taskeng.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 16:56:11";"file";"C:\Program Files\Internet Explorer\ielowutil.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 16:56:11";"file";"C:\Program Files\Internet Explorer\ielowutil.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 16:53:48";"file";"C:\Windows\System32\msfeedssync.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 16:53:47";"file";"C:\Windows\System32\msfeedssync.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 16:45:00";"file";"C:\Program Files\Google\Update\GoogleUpdate.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 16:45:00";"file";"C:\Program Files\Google\Update\GoogleUpdate.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 16:33:43";"file";"C:\Windows\System32\VSSVC.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 16:33:43";"file";"C:\Windows\System32\VSSVC.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 16:31:35";"file";"C:\Windows\System32\rundll32.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 16:31:35";"file";"C:\Windows\System32\rundll32.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 16:22:40";"file";"C:\Windows\System32\Defrag.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 16:22:40";"file";"C:\Windows\System32\Defrag.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 16:11:00";"file";"C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 16:11:00";"file";"C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 16:10:13";"file";"C:\Program Files\Windows Media Player\wmpnscfg.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 16:10:12";"file";"C:\Program Files\Windows Media Player\wmpnscfg.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 15:56:53";"file";"C:\Windows\System32\taskeng.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 15:56:53";"file";"C:\Windows\System32\taskeng.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 15:51:18";"file";"C:\Windows\System32\wuauclt.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 15:51:18";"file";"C:\Windows\System32\wuauclt.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 15:49:28";"file";"C:\Windows\System32\wbem\WmiPrvSE.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 15:49:28";"file";"C:\Windows\System32\wbem\WmiPrvSE.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 15:48:04";"file";"C:\Program Files\AVG\AVG2012\avgcmgr.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 15:48:04";"file";"C:\Program Files\AVG\AVG2012\avgcmgr.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 15:47:07";"file";"C:\Program Files\AVG\AVG2012\avgmfapx.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 15:47:06";"file";"C:\Program Files\AVG\AVG2012\avgmfapx.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Object is inaccessible.";"15/12/2012, 15:46:22";"file";"C:\Windows\System32\wuauclt.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Object is inaccessible.";"15/12/2012, 15:46:21";"file";"C:\Windows\System32\wuauclt.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe";"Moved to Virus Vault";"15/12/2012, 15:45:37";"file";"C:\Program Files\AVG\AVG2012\avgsrmax.exe"
Trojan horse Generic30.BHGD;"c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe";"Moved to Virus Vault";"15/12/2012, 15:45:36";"file";"C:\Program Files\AVG\AVG2012\avgsrmax.exe"
Trojan horse Downloader.Generic9.BEXB;"c:\Users\John\Downloads\Fake Webcam 6.1.3 with Keygen [.Dude.]\Fake Webcam 6.1.3\Keygen.exe";"Infected";"18/09/2012, 21:55:14";"file";"C:\Windows\explorer.exe"
Trojan horse Downloader.Generic9.BEXB;"c:\Users\John\Downloads\Fake Webcam 6.1.3 with Keygen [.Dude.]\Fake Webcam 6.1.3\Keygen.exe";"Infected";"18/09/2012, 21:53:39";"file";"C:\Windows\explorer.exe"

Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:42, on 15/12/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Users\John\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\John\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\John\Documents\dds.com
C:\Users\John\AppData\Local\Temp\nsmF460.tmp\nsB540.tmp
C:\Windows\system32\cmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Users\John\AppData\Local\Temp\nsmF460.tmp\PEV.DAT

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.claro-search.com/?affID=116677&tt=5012_1&babsrc=HP_ss&mntrId=0adf335c000000000000001cdf55d5d3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Claro LTD Helper Object - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.8.3.10\bh\claro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Claro LTD Toolbar - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.8.3.10\claroTlbr.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HFALoader] C:\Program Files\Hamster Soft\Free ZIP Archiver\HamsterArc.exe -loader
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\John\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 9158 bytes

Posted By : JohnP - 12/15/2012 10:20 PM

More log files! First DDS one:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by John at 18:22:54 on 2012-12-15
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Users\John\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\John\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\John\AppData\Local\Temp\nsmF460.tmp\nsB540.tmp
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\AVG\AVG2012\avgcfgex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\John\AppData\Local\Temp\nsmF460.tmp\PEV.DAT
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.claro-search.com/?affID=116677&tt=5012_1&babsrc=HP_ss&mntrId=0adf335c000000000000001cdf55d5d3
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
BHO: Claro LTD Helper Object: {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - c:\program files\claro ltd\claro\1.8.3.10\bh\claro.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
TB: Claro LTD Toolbar: {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - c:\program files\claro ltd\claro\1.8.3.10\claroTlbr.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Akamai NetSession Interface] "c:\users\john\appdata\local\akamai\netsession_win.exe"
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [SkyDrive] "c:\users\john\appdata\local\microsoft\skydrive\SkyDrive.exe" /background
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [DataCardMonitor] c:\program files\t-mobile\t-mobile internet manager\DataCardMonitor.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HFALoader] c:\program files\hamster soft\free zip archiver\HamsterArc.exe -loader
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{726FD201-4437-40E8-8B1F-DB99A9D4DB59} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll c:\progra~1\google\google~3\GOEC62~1.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\8v585965.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=116677&tt=5012_1&babsrc=KW_ss&mntrId=0adf335c000000000000001cdf55d5d3&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\users\john\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2009-10-21 21:16; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.claro.tlbrSrchUrl -
FF - user.js: extensions.claro.id - 0adf335c000000000000001cdf55d5d3
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15685
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1018:53:30
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - base
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
============= SERVICES / DRIVERS ===============
.
R? AVGIDSAgent;AVGIDSAgent
R? AVGIDSDriver;AVGIDSDriver
R? AVGIDSFilter;AVGIDSFilter
R? BrowserProtect;BrowserProtect
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clwvd;CyberLink WebCam Virtual Driver
R? easytether;easytether
R? GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335
R? hwusbfake;Huawei DataCard USB Fake
R? LMIRfsClientNP;LMIRfsClientNP
R? McComponentHostService;McAfee Security Scan Component Host Service
R? Netaapl;Apple Mobile Device Ethernet Service
R? nmwcdnsu;Nokia USB Flashing Phone Parent
R? nmwcdnsuc;Nokia USB Flashing Generic
R? phc700;USB PC Camera (SPC700NC)
R? Skype C2C Service;Skype C2C Service
R? SkypeUpdate;Skype Updater
R? TeamViewer7;TeamViewer 7
R? VCam_WDM;Fake Webcam 7.2
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AERTFilters;Andrea RT Filters Service
S? AMD External Events Utility;AMD External Events Utility
S? Autodesk Content Service;Autodesk Content Service
S? AVGIDSHX;AVGIDSHX
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgwd;AVG WatchDog
S? FontCache;Windows Font Cache Service
S? LMIGuardianSvc;LMIGuardianSvc
S? LMIInfo;LogMeIn Kernel Information Provider
S? LMIRfsDriver;LogMeIn Remote File System Driver
S? MBAMSwissArmy;MBAMSwissArmy
S? rt61x86;Belkin F5D9000 Wireless G+ MIMO Desktop PCI Card Driver for Windows Vista
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2012-12-15 18:04:11 -------- dc----w- c:\program files\Trend Micro
2012-12-15 17:41:34 -------- dc----w- c:\users\john\appdata\local\{E5237BDA-8757-4871-8442-A8B6D11F7831}
2012-12-13 03:01:35 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-13 03:01:14 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 03:01:14 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-13 03:01:14 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 03:01:13 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-13 03:01:13 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-13 03:01:08 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-13 03:01:08 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-13 03:01:06 34944 ----a-w- c:\windows\system32\drivers\winusb.sys
2012-12-13 03:01:05 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-13 03:01:05 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-13 03:01:05 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-12 06:13:15 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 06:13:14 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 06:13:14 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-12 06:13:12 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-12 06:13:07 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-12 06:13:07 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 06:13:05 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-11 18:54:24 -------- dc----w- c:\users\john\appdata\roaming\HamsterSoft
2012-12-11 18:54:24 -------- dc----w- c:\program files\Hamster Soft
2012-12-11 18:53:42 -------- dc----w- c:\users\john\appdata\roaming\Claro
2012-12-11 18:53:34 -------- dc----w- c:\programdata\BrowserProtect
2012-12-11 18:53:32 -------- dc----w- c:\program files\Claro LTD
2012-12-11 18:53:13 -------- dc----w- c:\users\john\appdata\roaming\Babylon
2012-12-11 18:53:13 -------- dc----w- c:\programdata\Babylon
2012-12-11 18:33:34 -------- dc----w- c:\users\john\appdata\local\{7B304D62-770F-433A-B17C-F6342C6D08F0}
2012-12-03 18:33:10 -------- dc----w- c:\users\john\appdata\local\{A2AD8728-AEA6-432F-BC2F-4E34287B27A1}
2012-11-20 22:18:23 -------- dc----w- c:\users\john\appdata\local\{CD44907A-6393-4A89-94C9-59C94EE68204}
2012-11-19 18:09:16 -------- dc----w- c:\users\john\appdata\local\{021540BE-895D-412F-BF7A-2BF50E79192C}
2012-11-18 14:05:45 -------- dc----w- c:\users\john\appdata\local\{7EF2953B-E4BE-48E4-9FF0-7E636B1567D5}
2012-11-17 11:35:47 -------- dc----w- c:\users\john\appdata\local\{C4D595CE-A43A-4E20-8B4C-BE6E05A9E015}
2012-11-16 19:17:57 -------- dc----w- c:\users\john\appdata\local\{B6779BDC-24C3-4E2A-A43D-9AA969A11581}
2012-11-15 22:00:53 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2012-12-03 18:34:28 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-03 18:34:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-25 03:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 03:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-25 16:19:41 75776 ----a-w- c:\windows\system32\synceng.dll
.
============= FINISH: 19:15:31.84 ===============

Posted By : JohnP - 12/15/2012 10:20 PM

Second DDS File:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 04/01/2009 12:02:12
System Uptime: 15/12/2012 15:39:59 (4 hours ago)
.
Motherboard: Dell Inc. | | 0K216C
Processor: Intel(R) Core(TM)2 Duo CPU E7300 @ 2.66GHz | Socket 775 | 2667/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 107.725 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.805 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (NTFS) - 932 GiB total, 917.964 GiB free.
M: is FIXED (NTFS) - 233 GiB total, 137.554 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.65
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Akamai NetSession Interface
Anti-Spy.Info 1.8d
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asterisk Key 10.0
ATI Catalyst Control Center
ATI Catalyst Install Manager
µTorrent
AutoCAD Architecture 2012 - English
AutoCAD Architecture 2012 - English SP 1
AutoCAD Architecture 2012 Language Pack - English
Autodesk Content Service
Autodesk Design Review 2012
Autodesk Inventor Fusion 2012
Autodesk Inventor Fusion 2012 Language Pack
Autodesk Material Library 2012
Autodesk Material Library Base Resolution Image Library 2012
AVG 2012
AVG 2013
BlackBerry Device Manager 7.0
BlackBerry Device Software Updater
Bonjour
Browser Address Error Redirector
BrowserProtect
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Polish
CCC Help Portuguese
CCC Help Spanish
CCC Help Thai
CCC Help Turkish
CCleaner
Claro Chrome Toolbar
Claro LTD toolbar
Compatibility Pack for the 2007 Office system
CutePDF Writer 2.8
D3DX10
Debut Video Capture Software
Defraggler
Dell Resource CD
Dell Support Center (Support Software)
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DVD Flick
DWG TrueView 2011
DWG TrueView 2012
Evernote v. 4.5.8
Facebook Video Calling 1.2.0.287
FARO LS 1.1.406.58
Free RAR Extract Frog
Google Desktop
Google SketchUp 8
Google Update Helper
Hamster Lite Archiver 2.0.1.2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
HP Photo Creations
HP Update
HPDiagnosticAlert
iCloud
Intel(R) PRO Network Connections 12.1.11.0
iTunes
Java 7 Update 9
Java Auto Updater
Lagarith lossless video codec (Remove Only)
LogMeIn
Malwarebytes' Anti-Malware
Mavis Beacon Teaches Typing Platinum 20
McAfee Security Scan Plus
MediaRemoteConnector
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Project 2007 Service Pack 3 (SP3)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SkyDrive
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 16.0.2 (x86 en-GB)
Mozilla Maintenance Service
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MusicBrainz Picard
OGA Notifier 2.0.0048.0
pdfsam
Philips VLounge
QuickTime
Realtek High Definition Audio Driver
SDExplorer Advanced 3.5
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Segoe UI
SketchUp DWG Importer
Skins
Skype Click to Call
Skype™ 5.10
SPC 700NC PC Camera
Speccy
Spotify
TeamViewer 7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Script Editor Help (KB963671)
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.2
Vuze
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Yahoo! Messenger
.
==== End Of File ===========================

Posted By : JohnP - 12/16/2012 12:05 AM

And the Malware log!!

Thanks in advance for any help.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

15/12/2012 20:49:14
mbam-log-2012-12-15 (20-49-14).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|H:\|I:\|J:\|)
Objects scanned: 397486
Time elapsed: 2 hour(s), 40 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Posted By : Touch - 12/16/2012 3:58 AM

Hi JohnP :-)

"but here is a report from the resident shield protection:"

From which scanner/Anitivirus ?

It looks however, there are "only" one infected file:

Trojan horse Downloader.Generic9.BEXB;"c:\Users\John\Downloads\Fake Webcam 6.1.3 with Keygen [.Dude.]\Fake Webcam 6.1.3\Keygen.exe";"Infected";"18/09/2012, 21:55:14";"file";"C:\Windows\explorer.exe"

Keygen - huh shocked

Remove from Programs in controlpanel:

µTorrent
AVG 2012
Claro Chrome Toolbar
Claro LTD toolbar
McAfee Security Scan Plus
Vuze

Reboot.

Please download ->

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Double click on AdwCleaner.exe to run the tool.
***Note: Windows Vista and Windows 7 users:
Right click in the adwCleaner.exe and select – Run as admin

Click Delete.
Everything that was found will be deleted.
Save any open files and approve the reboot. A text file will open after the restart.

Please download Combofix from: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

And save to the desktop.

After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC:
Exit all windows that are currently open on your computer.

To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer.

Double-click on the combofix icon found on your desktop.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall.

In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When finished, it will produce a logfile located at C:\combofix.txt.

Post the contents of that log in your next reply

The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.

Please read: Forum Rules

Click here: Before-posting-a-log

Do not PM me with logfiles. They will be deleted.

Posted By : JohnP - 12/16/2012 2:56 PM

Hi Touch,

Thank you very much for taking the time to reply; it's appreciated.

Everything went fine, bar the AVG antivirus just won't uninstall. The resident shield that I referred to earlier is part of this.

I've been through the uninstall process and the only thing that seems to have happened is that it now says the anti-rootkit driver is now not found. The AVG website says a re-start will sort the problem out but it hasn't. An update to the anti virus software just says 'general error' now. I did manage to disable it to run all the scans though.

Just for clarity, my AVG is my only antivirus running on this PC.

Log from combofix below.

Thanks again,

John

ComboFix 12-12-14.01 - John 16/12/2012 11:26:16.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.678 [GMT 0:00]
Running from: c:\users\John\Documents\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\wininit.ini
K:\Autorun.inf
K:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-16 to 2012-12-16 )))))))))))))))))))))))))))))))
.
.
2012-12-16 11:42 . 2012-12-16 11:42 -------- dc----w- c:\users\John\AppData\Local\temp
2012-12-16 11:42 . 2012-12-16 11:42 -------- dc----w- c:\users\Default\AppData\Local\temp
2012-12-15 18:04 . 2012-12-15 18:04 -------- dc----w- c:\program files\Trend Micro
2012-12-13 03:01 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-13 03:01 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 03:01 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 03:01 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-13 03:01 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-13 03:01 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-13 03:01 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-13 03:01 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-13 03:01 . 2009-07-13 23:51 34944 ----a-w- c:\windows\system32\drivers\winusb.sys
2012-12-13 03:01 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-13 03:01 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-13 03:01 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-12 06:13 . 2012-11-13 01:36 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 06:13 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 06:13 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-12 06:13 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-12 06:13 . 2012-11-08 03:46 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-12 06:13 . 2012-11-08 01:36 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 06:13 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-11 18:54 . 2012-12-11 18:54 -------- dc----w- c:\users\John\AppData\Roaming\HamsterSoft
2012-12-11 18:54 . 2012-12-11 18:54 -------- dc----w- c:\program files\Hamster Soft
2012-12-11 18:53 . 2012-12-11 18:53 -------- dc----w- c:\programdata\BrowserProtect
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-03 18:34 . 2012-04-04 16:18 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-03 18:34 . 2011-06-20 06:21 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-25 03:12 . 2012-10-25 03:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 03:12 . 2012-10-25 03:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-09-25 16:19 . 2012-11-14 05:21 75776 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 23:16 . 2012-11-15 22:00 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-27 20:22 . 2012-10-27 20:22 261600 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-06-15 18:41 . 2012-10-27 20:22 119808 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-15 21:59 222712 -c--a-w- c:\users\John\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-15 21:59 222712 -c--a-w- c:\users\John\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-15 21:59 222712 -c--a-w- c:\users\John\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Akamai NetSession Interface"="c:\users\John\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-09-10 59280]
"SkyDrive"="c:\users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-11-15 255992]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2012-08-06 1591808]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"HFALoader"="c:\program files\Hamster Soft\Free ZIP Archiver\HamsterArc.exe" [2012-03-06 2260480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin700.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin700.exe.lnk
backup=c:\windows\pss\TrayMin700.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]
path=c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
backup=c:\windows\pss\EvernoteClipper.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteTray.lnk]
path=c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
backup=c:\windows\pss\EvernoteTray.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2008-10-04 13:58 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-11 22:23 138096 -c--atw- c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-06-15 18:41 30192 -c--a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 09:14 206112 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 22:30 421776 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-08-11 12:41 63048 -c--a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaRemoteControl]
2012-01-10 11:07 103936 -c--a-w- c:\program files\MediaRemoteConnector\MediaRemoteConnector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-02-22 19:49 6591800 -c--a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phc700]
2006-10-16 10:18 344064 -c--a-w- c:\windows\vphc700.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 03:12 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 12:33 17418928 -c--a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-09-10 10:37 1193176 -c--a-w- c:\users\John\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"phc700"=c:\windows\vphc700.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:34]
.
2012-12-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000Core.job
- c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-29 22:23]
.
2012-12-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000UA.job
- c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-29 22:23]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-05 09:39]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-05 09:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8v585965.default\
FF - prefs.js: browser.startup.homepage -
FF - ExtSQL: !HIDDEN! 2009-10-21 21:16; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKLM-Run-DataCardMonitor - c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Dell DataSafe Online - c:\program files\Dell DataSafe Online\DataSafeOnline.exe
MSConfigStartUp-HW_OPENEYE_OUC_T-Mobile Internet Manager - c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-YouCam Tray - c:\program files\CyberLink\YouCam\YouCamTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-16 11:42
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,09,9a,e6,0f,07,fc,40,a1,03,54,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,09,9a,e6,0f,07,fc,40,a1,03,54,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1*]
"value"="?\0a\00\02\0a\09\00?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-12-16 11:49:44
ComboFix-quarantined-files.txt 2012-12-16 11:49
ComboFix2.txt 2009-04-06 21:13
.
Pre-Run: 108,734,070,784 bytes free
Post-Run: 108,932,288,512 bytes free
.
- - End Of File - - CEAB5F25126E2FB5C019F9989BFF55A8

Posted By : Touch - 12/17/2012 11:47 AM

"Just for clarity, my AVG is my only antivirus running on this PC."

I can see that, now

It seems that you have so many things to boot up, so I would suggest we stop many of them, to make things easier.

For this purpose, please follow below:

Click here ->
http://sourceforge.net/projects/hjt/

to download HJTinstall.exe
• Save HJTinstall.exe to your desktop.
• Double click on the HJTinstall.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\Hijack This.
• Click I accept
• Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
• Click Save to save the log file and then the log will open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.

• DO NOT have Hijack This fix anything yet.
• Most of what it finds will be harmless or even required.

Please read: Forum Rules

Click here: Before-posting-a-log

Do not PM me with logfiles. They will be deleted.

Posted By : JohnP - 12/17/2012 1:04 PM

Hello Touch,

After I'd ran everything that you suggested, I tried again to update programs such as AVG, itunes and download a zip file, all of which worked fine, and the PC is working much faster, so I'm not sure if the programs you told me to run did manage to find and remove something.

AVG is still operating, and I ran a fresh scan overnight last night to see if it picked anything up.

I'm not on that PC at the moment but will post a fresh HJ log tonight.

Thanks!

John

Posted By : JohnP - 12/17/2012 9:23 PM

Touch,

Thanks again. Please find below the HJ log as requested.

A few notes:

- The AVG scan last night found some threats. They state they are from unsigned drivers from Autodesk Architectural which is interesting because it's a licensed copy downloaded from Autodesk. I'm happy to remove Autodesk products as I primarily use them off another laptop. I've attached a screen shot of the report as I couldn't save a copy.

- I've noted my Firefox is defaulting to Caro whch I remembering removing before.

- The PC appears much slower again than it did after running everything the other day.

Thanks,

John

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:42, on 15/12/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Users\John\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\John\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\John\Documents\dds.com
C:\Users\John\AppData\Local\Temp\nsmF460.tmp\nsB540.tmp
C:\Windows\system32\cmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Users\John\AppData\Local\Temp\nsmF460.tmp\PEV.DAT

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.claro-search.com/?affID=116677&tt=5012_1&babsrc=HP_ss&mntrId=0adf335c000000000000001cdf55d5d3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Claro LTD Helper Object - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.8.3.10\bh\claro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Claro LTD Toolbar - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.8.3.10\claroTlbr.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HFALoader] C:\Program Files\Hamster Soft\Free ZIP Archiver\HamsterArc.exe -loader
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\John\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 9158 bytes

Posted By : Touch - 12/18/2012 7:39 PM

" I'm happy to remove Autodesk products"

Good, then I suggest you remove it.

Download OTL by OldTimer, saving it to your desktop: http://oldtimer.geekstogo.com/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in:

netsvcs
activex
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
MRESP50.SYS
CBPSp50.sys
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT

•
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

• Post both logs

Please read: Forum Rules

Click here: Before-posting-a-log

Do not PM me with logfiles. They will be deleted.

Posted By : JohnP - 12/18/2012 11:25 PM

Thank you.

As requested. OTL.txt:

OTL logfile created on: 18/12/2012 19:55:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Documents
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.47% Memory free
4.23 Gb Paging File | 3.13 Gb Available in Paging File | 74.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.02 Gb Total Space | 86.34 Gb Free Space | 29.98% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.80 Gb Free Space | 48.05% Space Free | Partition Type: NTFS
Drive K: | 931.51 Gb Total Space | 922.39 Gb Free Space | 99.02% Space Free | Partition Type: NTFS
Drive M: | 232.88 Gb Total Space | 137.41 Gb Free Space | 59.00% Space Free | Partition Type: NTFS

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/18 19:54:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Documents\OTL.exe
PRC - [2012/11/28 16:37:22 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/11/28 16:23:06 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/11/28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/11/15 21:59:03 | 000,255,992 | ---- | M] (Microsoft Corporation) -- C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\John\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/08/09 22:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/07/12 17:36:56 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/04/06 01:16:26 | 000,451,072 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/04/06 01:15:52 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/04 13:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/10/04 13:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/15 03:23:51 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fb3f7dcfc0e32eb2db9d481ae090714c\System.Xml.ni.dll
MOD - [2012/11/15 03:22:34 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
MOD - [2012/11/15 03:22:21 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
MOD - [2012/06/07 22:12:38 | 000,235,008 | ---- | M] () -- C:\Program Files\SDExplorer\sdectxmn32.dll
MOD - [2012/04/06 00:09:12 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- C:\Windows\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - File not found [Auto | Stopped] -- C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2012/12/03 18:34:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/27 20:22:40 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/08/31 14:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/08/13 12:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/12 17:37:34 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/07/12 17:36:56 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/04/06 01:15:52 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/12/15 23:44:37 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/04 13:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\easytthr.sys -- (easytether)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\clwvd.sys -- (clwvd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\John\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/05 03:32:50 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/07/12 17:36:57 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/05/25 11:25:56 | 000,101,688 | ---- | M] (e2eSoft) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VCam_WDM.sys -- (VCam_WDM)
DRV - [2012/04/06 04:21:12 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2012/04/06 04:21:12 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012/04/06 04:21:12 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/04/06 00:10:24 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/06/05 10:42:28 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/06/12 09:46:40 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2007/11/08 21:17:44 | 000,316,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr61.sys -- (rt61x86)
DRV - [2007/04/29 08:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/10/16 10:36:10 | 000,644,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\phc700.sys -- (phc700)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUK

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\..\SearchScopes\{2BD4956F-0D65-41A9-8C75-451E0514F67B}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7DLUK_en
IE - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DLUK_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Claro Search"
FF - prefs.js..browser.startup.homepage: "http://www.claro-search.com/?affID=116677&tt=5012_1&babsrc=HP_ss&mntrId=0adf335c000000000000001cdf55d5d3"
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..keyword.URL: "http://www.claro-search.com/?affID=116677&tt=5012_1&babsrc=KW_ss&mntrId=0adf335c000000000000001cdf55d5d3&q="
FF - prefs.js..network.proxy.socks_version: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\John\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/15 10:28:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/18 16:24:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/18 16:24:54 | 000,000,000 | ---D | M]

[2009/01/06 14:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2012/12/16 11:17:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8v585965.default\extensions
[2010/04/29 07:12:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8v585965.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/29 16:42:43 | 000,008,283 | ---- | M] () (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8v585965.default\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}.xpi
[2012/12/03 18:37:59 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8v585965.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/27 20:22:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/27 20:22:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/12/18 07:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2012/12/18 07:43:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/12/18 07:44:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/04/15 10:28:53 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/10/27 20:22:40 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/26 20:42:16 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/08/30 16:47:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/26 20:42:16 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/26 20:42:16 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/10/20 15:51:47 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/04/26 20:42:16 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/12/16 11:42:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [HFALoader] C:\Program Files\Hamster Soft\Free ZIP Archiver\HamsterArc.exe (Hamster Soft)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000..\Run: [Akamai NetSession Interface] C:\Users\John\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions (TM))
O4 - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000..\Run: [SkyDrive] C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_110_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{726FD201-4437-40E8-8B1F-DB99A9D4DB59}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/15 20:58:16 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/12/19 10:22:05 | 000,000,000 | ---D | M] - K:\Autocad -- [ NTFS ]
O32 - AutoRun File - [2011/12/19 14:05:20 | 000,000,000 | ---D | M] - K:\AutoCAD_Architecture_2012_English_Win_32Bit -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3702371316-2332676665-1026982982-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44830460-B286-1F5A-1D01-52EF71148533} - Microsoft Windows Media Player
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {844F4FD8-5367-EB0E-22DC-10836306A011} - Microsoft Windows Media Player
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A84C8EF6-AEDA-F974-E762-65840E76ABD8} - Themes Setup
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CCE992CC-6FD5-11B3-34DB-8C1D08E409B6} -
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {D95753A8-0528-9AD8-AFC2-CBE67D9F568D} - Microsoft Windows Media Player 11.0
ActiveX: {DD4700E1-BDC1-C9BD-6DC0-8324CDE61678} - Java (Sun)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin700.exe.lnk - C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe - ()
MsConfig - StartUpFolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe - (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
MsConfig - StartUpFolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteTray.lnk - C:\Program Files\Evernote\Evernote\EvernoteTray.exe - (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
MsConfig - StartUpFolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: dellsupportcenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: Facebook Update - hkey= - key= - C:\Users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: ISUSPM - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LogMeIn GUI - hkey= - key= - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
MsConfig - StartUpReg: MediaRemoteControl - hkey= - key= - C:\Program Files\MediaRemoteConnector\MediaRemoteConnector.exe (Christian Dullweber)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: phc700 - hkey= - key= - C:\Windows\vphc700.exe (Sonix)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\John\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/12/18 19:54:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\John\Documents\OTL.exe
[2012/12/17 18:24:10 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{EBE697CD-250B-481B-B444-82B00F65D274}
[2012/12/16 19:05:16 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\join.me
[2012/12/16 18:57:20 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\AVG2013
[2012/12/16 12:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/16 12:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/16 12:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/12/16 12:32:54 | 000,000,000 | ---D | C] -- C:\AVGTemp
[2012/12/16 11:49:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/16 11:49:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/16 11:49:46 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\temp
[2012/12/16 11:18:44 | 005,010,912 | R--- | C] (Swearware) -- C:\Users\John\Documents\ComboFix.exe
[2012/12/16 10:21:58 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{2A573679-AF27-4F5E-9065-496BB114CBEF}
[2012/12/15 18:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2012/12/15 18:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/12/15 18:01:54 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\John\Documents\HJTInstall.exe
[2012/12/15 17:45:12 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\John\Documents\dds.com
[2012/12/15 17:41:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{E5237BDA-8757-4871-8442-A8B6D11F7831}
[2012/12/11 18:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hamster Soft
[2012/12/11 18:54:24 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\HamsterSoft
[2012/12/11 18:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hamster Soft
[2012/12/11 18:53:43 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2012/12/11 18:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2012/12/11 18:33:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{7B304D62-770F-433A-B17C-F6342C6D08F0}
[2012/12/08 17:07:45 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\SystemUpdate_16202_USB
[2012/12/03 18:33:10 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{A2AD8728-AEA6-432F-BC2F-4E34287B27A1}
[2012/11/20 22:18:23 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{CD44907A-6393-4A89-94C9-59C94EE68204}
[2012/11/19 18:09:16 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{021540BE-895D-412F-BF7A-2BF50E79192C}

========== Files - Modified Within 30 Days ==========

[2012/12/18 19:54:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Documents\OTL.exe
[2012/12/18 19:45:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/18 19:44:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/18 19:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/18 18:15:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/18 18:15:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/18 17:28:01 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000UA.job
[2012/12/17 23:28:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000Core.job
[2012/12/17 18:15:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/17 18:08:29 | 000,211,930 | ---- | M] () -- C:\Users\John\Desktop\AVG Log.jpg
[2012/12/16 18:53:22 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/12/16 17:24:52 | 000,021,235 | ---- | M] () -- C:\Users\John\Desktop\Sag.jpg
[2012/12/16 13:31:30 | 000,000,933 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/12/16 13:31:23 | 000,648,030 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/16 13:31:23 | 000,124,030 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/16 12:48:45 | 000,001,659 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/16 12:32:43 | 000,392,736 | ---- | M] () -- C:\Users\John\Documents\reset_access_avg2012_en.exe
[2012/12/16 12:27:11 | 118,449,256 | ---- | M] () -- C:\Users\John\Documents\BASTILLE_-_OTHER_PEOPLE'S_HEARTACHE_PT_2.zip
[2012/12/16 11:42:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/12/16 11:18:57 | 005,010,912 | R--- | M] (Swearware) -- C:\Users\John\Documents\ComboFix.exe
[2012/12/16 10:41:09 | 000,545,819 | ---- | M] () -- C:\Users\John\Documents\adwcleaner.exe
[2012/12/16 10:29:05 | 000,137,034 | ---- | M] () -- C:\Users\John\Desktop\Antivirus Log.jpg
[2012/12/16 10:27:31 | 003,210,281 | ---- | M] () -- C:\Users\John\Desktop\AVGInstLog.cab
[2012/12/15 18:09:05 | 000,020,050 | ---- | M] () -- C:\Users\John\Documents\Virus Log.csv
[2012/12/15 18:04:17 | 000,001,869 | ---- | M] () -- C:\Users\John\Desktop\HijackThis.lnk
[2012/12/15 18:02:14 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\John\Documents\HJTInstall.exe
[2012/12/15 17:46:21 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\John\Documents\dds.com
[2012/12/13 03:29:43 | 000,430,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/13 03:24:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
[2012/12/11 18:54:33 | 000,000,035 | ---- | M] () -- C:\Users\John\AppData\Local\installLang.ini
[2012/12/11 18:54:27 | 000,001,941 | ---- | M] () -- C:\Users\John\Desktop\Hamster Lite Archiver.lnk
[2012/12/11 18:52:37 | 000,614,264 | ---- | M] () -- C:\Users\John\Documents\cbsidlm-tr1_8-Hamster_Free_Zip_Archiver-ORG2-75335474(1).exe
[2012/12/11 18:50:43 | 000,614,264 | ---- | M] () -- C:\Users\John\Documents\cbsidlm-tr1_8-Hamster_Free_Zip_Archiver-ORG2-75335474.exe
[2012/12/08 17:02:17 | 113,030,954 | ---- | M] () -- C:\Users\John\Desktop\SystemUpdate_16202_USB.zip
[2012/12/05 21:30:51 | 1951,052,032 | ---- | M] () -- C:\Users\John\Documents\AutoCAD_Architecture_2013_English_Win_32Bit.exe

========== Files Created - No Company Name ==========

[2012/12/17 18:08:28 | 000,211,930 | ---- | C] () -- C:\Users\John\Desktop\AVG Log.jpg
[2012/12/16 19:05:21 | 000,000,895 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
[2012/12/16 18:53:22 | 000,000,837 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/12/16 17:24:51 | 000,021,235 | ---- | C] () -- C:\Users\John\Desktop\Sag.jpg
[2012/12/16 12:48:45 | 000,001,659 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/16 12:32:41 | 000,392,736 | ---- | C] () -- C:\Users\John\Documents\reset_access_avg2012_en.exe
[2012/12/16 11:23:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/16 11:23:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/16 10:40:59 | 000,545,819 | ---- | C] () -- C:\Users\John\Documents\adwcleaner.exe
[2012/12/16 10:29:04 | 000,137,034 | ---- | C] () -- C:\Users\John\Desktop\Antivirus Log.jpg
[2012/12/16 10:27:31 | 003,210,281 | ---- | C] () -- C:\Users\John\Desktop\AVGInstLog.cab
[2012/12/15 18:09:04 | 000,020,050 | ---- | C] () -- C:\Users\John\Documents\Virus Log.csv
[2012/12/15 18:04:16 | 000,001,869 | ---- | C] () -- C:\Users\John\Desktop\HijackThis.lnk
[2012/12/13 03:24:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
[2012/12/13 03:01:46 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/13 03:01:46 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/12/11 18:54:27 | 000,001,941 | ---- | C] () -- C:\Users\John\Desktop\Hamster Lite Archiver.lnk
[2012/12/11 18:54:26 | 000,000,035 | ---- | C] () -- C:\Users\John\AppData\Local\installLang.ini
[2012/12/11 18:52:37 | 000,614,264 | ---- | C] () -- C:\Users\John\Documents\cbsidlm-tr1_8-Hamster_Free_Zip_Archiver-ORG2-75335474(1).exe
[2012/12/11 18:50:43 | 000,614,264 | ---- | C] () -- C:\Users\John\Documents\cbsidlm-tr1_8-Hamster_Free_Zip_Archiver-ORG2-75335474.exe
[2012/12/10 20:37:22 | 118,449,256 | ---- | C] () -- C:\Users\John\Documents\BASTILLE_-_OTHER_PEOPLE'S_HEARTACHE_PT_2.zip
[2012/12/08 17:01:20 | 113,030,954 | ---- | C] () -- C:\Users\John\Desktop\SystemUpdate_16202_USB.zip
[2012/12/05 21:08:36 | 1951,052,032 | ---- | C] () -- C:\Users\John\Documents\AutoCAD_Architecture_2013_English_Win_32Bit.exe
[2012/09/18 21:47:26 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\LAGARITH.DLL
[2012/04/14 17:23:49 | 000,007,268 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2012/01/10 20:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/12/15 23:48:06 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/09/12 22:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/01/24 14:11:26 | 000,038,435 | ---- | C] () -- C:\Users\John\AppData\Roaming\Comma Separated Values (Windows).ADR
[2009/10/18 12:08:43 | 000,024,206 | ---- | C] () -- C:\Users\John\AppData\Roaming\UserTile.png
[2009/09/14 20:07:14 | 000,038,424 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft Excel.ADR
[2009/05/14 07:09:44 | 000,000,360 | ---- | C] () -- C:\Users\John\Music.lnk
[2009/01/07 10:01:55 | 000,000,124 | ---- | C] () -- C:\Users\John\AppData\Roaming\wklnhst.dat
[2009/01/06 11:35:08 | 000,145,920 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/12/21 13:31:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Autodesk
[2012/12/16 18:57:20 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG2013
[2012/03/31 17:52:20 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Azureus
[2011/03/29 19:10:14 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Broderbund
[2010/12/14 22:24:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Camfrog
[2012/02/04 17:56:01 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Copyright © 2011-2012 RealNetworks
[2012/12/11 18:54:28 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\HamsterSoft
[2010/07/25 14:23:20 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech
[2012/05/19 10:32:14 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\MediaRemoteControl
[2011/01/03 11:32:16 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\MusicBrainz
[2010/06/07 18:54:49 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Nokia
[2010/01/27 17:25:42 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Nokia Ovi Suite
[2012/01/07 14:33:21 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\OpenOffice.org
[2010/01/24 10:23:17 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PC Suite
[2010/11/23 18:25:34 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PCDr
[2009/10/18 12:08:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PeerNetworking
[2011/07/28 19:29:09 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Research In Motion
[2012/02/04 17:23:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\rinsebyreal
[2012/10/02 19:34:58 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Spotify
[2010/07/04 20:54:40 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\T-Mobile
[2010/07/24 16:25:20 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\T-Mobile Internet Manager
[2009/01/07 10:01:55 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Template
[2010/10/11 19:23:03 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TSO
[2012/06/05 17:14:55 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TuneUp Software
[2012/02/04 18:07:58 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TuneUpMedia
[2012/12/16 10:19:13 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent
[2011/07/10 21:10:12 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\WindSolutions

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2009/11/13 12:13:59 | 000,000,000 | -H-D | M] -- C:\$AVG
[2012/12/16 11:49:54 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011/12/15 20:58:16 | 000,000,000 | ---D | M] -- C:\Autodesk
[2012/12/16 12:32:54 | 000,000,000 | ---D | M] -- C:\AVGTemp
[2009/10/24 10:02:22 | 000,000,000 | ---D | M] -- C:\Boot
[2012/12/17 17:45:18 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2010/01/21 08:43:38 | 000,000,000 | ---D | M] -- C:\DELL
[2009/01/04 19:39:04 | 000,000,000 | ---D | M] -- C:\doctemp
[2009/01/06 11:20:28 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007/10/24 23:49:30 | 000,000,000 | ---D | M] -- C:\Drivers
[2009/01/07 14:20:19 | 000,000,000 | R--D | M] -- C:\MSOCache
[2008/01/21 02:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/12/16 12:47:54 | 000,000,000 | ---D | M] -- C:\Program Files
[2012/12/16 12:47:51 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012/12/16 11:49:47 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012/10/18 08:06:47 | 000,000,000 | -H-D | M] -- C:\SkyDriveTemp
[2012/12/18 19:57:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009/01/06 11:21:04 | 000,000,000 | R--D | M] -- C:\Users
[2012/12/17 23:37:34 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %windir%\Installer\*.* >
[2010/01/24 10:16:16 | 000,215,552 | ---- | M] () -- C:\Windows\Installer\1030e5.msi
[2010/01/24 10:28:38 | 000,078,336 | ---- | M] () -- C:\Windows\Installer\1031dc.msi
[2012/07/28 01:47:34 | 013,123,584 | R--- | M] () -- C:\Windows\Installer\1060afc.msp
[2011/11/21 23:07:36 | 017,191,936 | R--- | M] () -- C:\Windows\Installer\10bf3a19.msp
[2010/10/21 20:08:12 | 000,071,680 | ---- | M] () -- C:\Windows\Installer\11066bed.msi
[2010/10/21 20:08:15 | 000,022,016 | ---- | M] () -- C:\Windows\Installer\11066bfc.msi
[2010/10/21 20:08:18 | 000,191,488 | ---- | M] () -- C:\Windows\Installer\11066c00.msi
[2010/10/21 20:08:19 | 000,022,528 | ---- | M] () -- C:\Windows\Installer\11066c04.msi
[2010/04/21 16:46:50 | 005,522,432 | R--- | M] () -- C:\Windows\Installer\110e612.msp
[2009/10/16 17:07:18 | 006,115,328 | R--- | M] () -- C:\Windows\Installer\110e626.msp
[2009/01/07 14:23:54 | 004,716,032 | ---- | M] () -- C:\Windows\Installer\111112c.msi
[2009/01/07 14:31:34 | 000,051,712 | ---- | M] () -- C:\Windows\Installer\1111133.msi
[2008/10/05 04:12:22 | 004,784,128 | R--- | M] () -- C:\Windows\Installer\111113a.msp
[2012/04/15 10:27:39 | 000,178,688 | ---- | M] () -- C:\Windows\Installer\112230d6.msi
[2011/06/28 20:27:28 | 004,028,928 | R--- | M] () -- C:\Windows\Installer\1166d31.msp
[2011/01/17 16:06:20 | 005,518,848 | R--- | M] () -- C:\Windows\Installer\12a73122.msp
[2012/09/28 19:04:59 | 000,160,768 | ---- | M] () -- C:\Windows\Installer\130807ba.msi
[2012/07/16 19:36:04 | 000,923,136 | ---- | M] () -- C:\Windows\Installer\13b568.msi
[2009/04/24 11:38:18 | 001,229,312 | R--- | M] () -- C:\Windows\Installer\14bdd42.msp
[2009/04/24 11:31:18 | 001,425,920 | R--- | M] () -- C:\Windows\Installer\14bdd4e.msp
[2009/05/01 14:49:44 | 004,328,960 | R--- | M] () -- C:\Windows\Installer\14bdd6b.msp
[2012/03/05 21:34:06 | 005,519,872 | R--- | M] () -- C:\Windows\Installer\14db0ad9.msp
[2011/06/29 19:58:44 | 000,019,968 | ---- | M] () -- C:\Windows\Installer\14dca5d3.msi
[2009/01/15 03:35:20 | 004,830,720 | R--- | M] () -- C:\Windows\Installer\14eb30.msp
[2011/04/28 20:20:13 | 000,242,688 | ---- | M] () -- C:\Windows\Installer\158bd0a0.msi
[2011/12/26 05:06:20 | 005,115,392 | R--- | M] () -- C:\Windows\Installer\1628a33.msp
[2011/12/25 05:40:46 | 000,819,200 | R--- | M] () -- C:\Windows\Installer\1628a46.msp
[2011/12/06 15:22:40 | 005,519,360 | R--- | M] () -- C:\Windows\Installer\1628a5a.msp
[2011/09/05 18:09:17 | 000,361,984 | ---- | M] () -- C:\Windows\Installer\1632ca.msi
[2010/08/24 08:49:22 | 006,825,472 | R--- | M] () -- C:\Windows\Installer\163f30f.msp
[2010/10/04 15:32:10 | 005,517,824 | R--- | M] () -- C:\Windows\Installer\163f324.msp
[2010/08/23 16:09:02 | 007,673,344 | R--- | M] () -- C:\Windows\Installer\163f339.msp
[2010/08/13 17:02:20 | 002,545,664 | R--- | M] () -- C:\Windows\Installer\163f344.msp
[2010/08/13 16:59:46 | 008,182,272 | R--- | M] () -- C:\Windows\Installer\163f34f.msp
[2011/04/29 11:30:12 | 001,197,056 | R--- | M] () -- C:\Windows\Installer\1726eee3.msp
[2011/04/29 12:04:54 | 005,053,440 | R--- | M] () -- C:\Windows\Installer\1726ef01.msp
[2011/04/27 10:14:04 | 005,520,384 | R--- | M] () -- C:\Windows\Installer\1726ef16.msp
[2010/05/03 15:06:36 | 005,053,952 | R--- | M] () -- C:\Windows\Installer\1948e45.msp
[2010/04/24 16:10:46 | 008,486,400 | R--- | M] () -- C:\Windows\Installer\1948e4f.msp
[2012/04/09 17:50:02 | 000,023,040 | ---- | M] () -- C:\Windows\Installer\19738e.msi
[2012/04/09 17:48:11 | 004,426,240 | R--- | M] () -- C:\Windows\Installer\19739d.msp
[2012/04/09 17:50:46 | 000,030,720 | ---- | M] () -- C:\Windows\Installer\1973a2.msi
[2012/04/09 17:48:17 | 002,932,224 | R--- | M] () -- C:\Windows\Installer\1973b6.msp
[2012/04/09 17:50:59 | 000,238,080 | ---- | M] () -- C:\Windows\Installer\1973bb.msi
[2012/04/09 17:48:22 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\1973c0.msp
[2012/04/09 17:51:06 | 000,212,992 | ---- | M] () -- C:\Windows\Installer\1973c5.msi
[2012/04/09 17:48:38 | 001,139,712 | R--- | M] () -- C:\Windows\Installer\1973d1.msp
[2012/04/09 17:51:15 | 000,058,880 | ---- | M] () -- C:\Windows\Installer\1973d6.msi
[2012/04/09 17:48:45 | 000,715,264 | R--- | M] () -- C:\Windows\Installer\1973de.msp
[2012/04/09 17:51:23 | 000,200,192 | ---- | M] () -- C:\Windows\Installer\1973e6.msi
[2012/04/09 17:49:15 | 003,312,128 | R--- | M] () -- C:\Windows\Installer\197402.msp
[2012/04/09 17:51:33 | 000,417,792 | ---- | M] () -- C:\Windows\Installer\197409.msi
[2012/04/09 17:49:19 | 005,535,744 | R--- | M] () -- C:\Windows\Installer\19741d.msp
[2012/04/09 17:52:03 | 000,022,016 | ---- | M] () -- C:\Windows\Installer\197423.msi
[2012/04/09 17:49:21 | 000,029,184 | R--- | M] () -- C:\Windows\Installer\197429.msp
[2012/04/09 17:52:12 | 000,029,184 | ---- | M] () -- C:\Windows\Installer\19742e.msi
[2012/04/09 17:49:26 | 000,625,664 | R--- | M] () -- C:\Windows\Installer\197437.msp
[2012/04/09 17:52:23 | 000,022,528 | ---- | M] () -- C:\Windows\Installer\19743c.msi
[2012/04/09 17:49:28 | 000,468,480 | R--- | M] () -- C:\Windows\Installer\197446.msp
[2012/04/09 17:52:28 | 000,023,552 | ---- | M] () -- C:\Windows\Installer\19744c.msi
[2012/04/09 17:49:42 | 005,124,096 | R--- | M] () -- C:\Windows\Installer\197456.msp
[2011/02/18 03:00:29 | 020,308,992 | R--- | M] () -- C:\Windows\Installer\19dd694.msp
[2012/12/16 18:53:32 | 006,104,064 | ---- | M] () -- C:\Windows\Installer\19ff66d.msi
[2010/05/10 16:17:22 | 005,520,896 | R--- | M] () -- C:\Windows\Installer\1a2a31c.msp
[2010/05/04 21:25:30 | 007,681,024 | R--- | M] () -- C:\Windows\Installer\1a2a330.msp
[2010/04/24 16:09:46 | 011,750,912 | R--- | M] () -- C:\Windows\Installer\1a2a33a.msp
[2010/05/03 15:27:52 | 006,825,472 | R--- | M] () -- C:\Windows\Installer\1a2a363.msp
[2010/05/11 10:30:58 | 011,194,880 | R--- | M] () -- C:\Windows\Installer\1a2a377.msp
[2011/11/11 16:16:20 | 008,458,240 | R--- | M] () -- C:\Windows\Installer\1a9b932.msp
[2011/11/17 10:55:20 | 005,522,944 | R--- | M] () -- C:\Windows\Installer\1a9b947.msp
[2011/11/01 13:34:30 | 002,531,840 | R--- | M] () -- C:\Windows\Installer\1a9b952.msp
[2011/10/29 23:10:18 | 006,824,960 | R--- | M] () -- C:\Windows\Installer\1a9b97e.msp
[2011/11/01 13:34:28 | 002,247,168 | R--- | M] () -- C:\Windows\Installer\1a9b989.msp
[2011/11/01 13:34:30 | 001,552,384 | R--- | M] () -- C:\Windows\Installer\1a9b994.msp
[2011/07/26 12:50:18 | 005,522,432 | R--- | M] () -- C:\Windows\Installer\1aa8945.msp
[2011/04/28 09:54:26 | 002,720,768 | R--- | M] () -- C:\Windows\Installer\1aa8952.msp
[2011/11/03 13:31:36 | 005,525,504 | R--- | M] () -- C:\Windows\Installer\1acbe742.msp
[2009/01/07 17:20:24 | 000,432,640 | ---- | M] () -- C:\Windows\Installer\1b407ec.msi
[2007/07/27 09:03:06 | 119,977,472 | R--- | M] () -- C:\Windows\Installer\1b4092e.msp
[2008/11/05 14:25:16 | 005,518,336 | R--- | M] () -- C:\Windows\Installer\1b40943.msp
[2005/10/26 14:59:54 | 002,883,072 | R--- | M] () -- C:\Windows\Installer\1b40957.msp
[2011/08/14 17:03:44 | 001,942,016 | ---- | M] () -- C:\Windows\Installer\1b6ef55.msi
[2012/03/28 17:10:04 | 012,098,048 | R--- | M] () -- C:\Windows\Installer\1bed69b.msp
[2012/03/22 12:09:58 | 005,521,920 | R--- | M] () -- C:\Windows\Installer\1bed6af.msp
[2012/01/22 09:09:26 | 001,700,352 | R--- | M] () -- C:\Windows\Installer\1bed6b8.msp
[2011/11/01 12:34:26 | 001,169,920 | R--- | M] () -- C:\Windows\Installer\1bed6c6.msp
[2012/03/23 13:59:02 | 007,899,648 | R--- | M] () -- C:\Windows\Installer\1bed6d4.msp
[2009/02/11 15:02:00 | 005,519,872 | R--- | M] () -- C:\Windows\Installer\1c563d.msp
[2010/08/25 16:06:30 | 006,479,360 | R--- | M] () -- C:\Windows\Installer\1d3b528.msp
[2010/08/20 12:50:16 | 005,518,848 | R--- | M] () -- C:\Windows\Installer\1d3b53d.msp
[2010/08/04 14:13:04 | 000,686,080 | R--- | M] () -- C:\Windows\Installer\1d3b54d.msp
[2010/08/05 09:57:58 | 004,066,304 | R--- | M] () -- C:\Windows\Installer\1d3b571.msp
[2011/12/19 19:25:38 | 018,071,552 | R--- | M] () -- C:\Windows\Installer\1e6a60.msp
[2011/01/06 03:00:37 | 020,304,384 | R--- | M] () -- C:\Windows\Installer\1f59ee3.msp
[2010/10/22 13:25:02 | 005,521,408 | R--- | M] () -- C:\Windows\Installer\1f8004b.msp
[2010/10/01 17:42:36 | 005,054,464 | R--- | M] () -- C:\Windows\Installer\1f80060.msp
[2010/10/07 18:43:04 | 001,980,416 | R--- | M] () -- C:\Windows\Installer\1f8006b.msp
[2010/10/14 16:57:14 | 011,189,248 | R--- | M] () -- C:\Windows\Installer\1f80080.msp
[2010/09/17 06:04:16 | 009,401,856 | R--- | M] () -- C:\Windows\Installer\1f8008b.msp
[2012/02/04 17:23:33 | 000,028,160 | ---- | M] () -- C:\Windows\Installer\1fe685f2.msi
[2009/04/04 06:35:30 | 038,325,760 | R--- | M] () -- C:\Windows\Installer\20f3c0.msp
[2009/04/04 06:35:48 | 036,977,152 | R--- | M] () -- C:\Windows\Installer\20f3cc.msp
[2010/05/27 22:05:27 | 000,195,584 | ---- | M] () -- C:\Windows\Installer\21f8d23.msi
[2010/06/26 01:02:34 | 001,160,192 | ---- | M] () -- C:\Windows\Installer\234d653.msi
[2009/11/29 16:16:41 | 000,429,568 | ---- | M] () -- C:\Windows\Installer\27850d.msi
[2010/07/10 19:14:14 | 002,850,816 | R--- | M] () -- C:\Windows\Installer\2916212.msp
[2010/07/26 16:02:46 | 005,519,360 | R--- | M] () -- C:\Windows\Installer\2916226.msp
[2010/06/28 21:53:16 | 006,819,840 | R--- | M] () -- C:\Windows\Installer\291623a.msp
[2010/06/28 15:01:18 | 007,677,952 | R--- | M] () -- C:\Windows\Installer\291624e.msp
[2012/06/29 13:33:46 | 006,063,616 | R--- | M] () -- C:\Windows\Installer\297096af.msp
[2012/06/19 11:54:40 | 002,239,488 | R--- | M] () -- C:\Windows\Installer\297096bd.msp
[2011/10/13 15:02:49 | 002,002,432 | ---- | M] () -- C:\Windows\Installer\2a0e3b1.msi
[2010/05/24 18:45:21 | 002,397,184 | ---- | M] () -- C:\Windows\Installer\2a51123.msi
[2010/05/24 18:45:31 | 000,501,248 | ---- | M] () -- C:\Windows\Installer\2a5112a.msi
[2010/05/24 18:45:38 | 001,664,000 | ---- | M] () -- C:\Windows\Installer\2a51131.msi
[2010/05/24 18:45:48 | 000,513,024 | ---- | M] () -- C:\Windows\Installer\2a5113e.msi
[2010/05/24 18:45:57 | 000,516,608 | ---- | M] () -- C:\Windows\Installer\2a5114d.msi
[2010/05/24 18:46:10 | 000,506,880 | ---- | M] () -- C:\Windows\Installer\2a51156.msi
[2010/05/24 18:46:16 | 000,501,248 | ---- | M] () -- C:\Windows\Installer\2a5115d.msi
[2010/05/24 18:47:26 | 005,594,112 | ---- | M] () -- C:\Windows\Installer\2a5116d.msi
[2011/12/15 21:10:03 | 000,492,544 | ---- | M] () -- C:\Windows\Installer\2a8edd.msi
[2011/12/15 21:23:54 | 004,535,808 | ---- | M] () -- C:\Windows\Installer\2a8f31.msi
[2012/08/14 21:06:57 | 002,557,440 | ---- | M] () -- C:\Windows\Installer\2be4c5.msi
[2009/03/17 21:18:42 | 000,301,056 | ---- | M] () -- C:\Windows\Installer\2f035b7.msi
[2008/11/05 11:02:28 | 000,119,296 | R--- | M] () -- C:\Windows\Installer\2fdd534b.msp
[2009/02/11 09:57:32 | 000,648,192 | ---- | M] () -- C:\Windows\Installer\31060ab.msi
[2008/12/13 09:58:22 | 000,754,688 | R--- | M] () -- C:\Windows\Installer\31060b7.msp
[2009/01/14 15:43:58 | 005,520,384 | R--- | M] () -- C:\Windows\Installer\31060e1.msp
[2011/09/20 14:36:20 | 005,521,408 | R--- | M] () -- C:\Windows\Installer\317b7cd.msp
[2011/07/11 16:19:28 | 010,619,904 | R--- | M] () -- C:\Windows\Installer\317b7db.msp
[2011/10/13 17:35:03 | 020,333,568 | R--- | M] () -- C:\Windows\Installer\317b7e7.msp
[2010/03/11 11:03:40 | 005,524,480 | R--- | M] () -- C:\Windows\Installer\31e190e.msp
[2010/03/22 15:03:14 | 011,732,992 | R--- | M] () -- C:\Windows\Installer\31e1918.msp
[2009/01/08 09:46:36 | 000,836,096 | ---- | M] () -- C:\Windows\Installer\334787d.msi
[2009/04/14 03:50:22 | 005,191,680 | R--- | M] () -- C:\Windows\Installer\337ecf5.msp
[2009/04/14 03:19:26 | 010,844,160 | R--- | M] () -- C:\Windows\Installer\337ecff.msp
[2009/04/04 16:09:34 | 015,190,016 | R--- | M] () -- C:\Windows\Installer\337ed1d.msp
[2009/04/04 16:09:44 | 009,084,416 | R--- | M] () -- C:\Windows\Installer\337ed2d.msp
[2009/04/04 16:06:22 | 079,920,128 | R--- | M] () -- C:\Windows\Installer\337edba.msp
[2009/04/04 16:10:08 | 009,926,144 | R--- | M] () -- C:\Windows\Installer\337edc6.msp
[2009/04/04 16:10:16 | 007,888,384 | R--- | M] () -- C:\Windows\Installer\337edd1.msp
[2009/04/04 16:10:24 | 001,282,560 | R--- | M] () -- C:\Windows\Installer\337edda.msp
[2009/02/25 18:08:18 | 008,311,808 | R--- | M] () -- C:\Windows\Installer\337ede8.msp
[2009/04/14 03:51:24 | 001,303,040 | R--- | M] () -- C:\Windows\Installer\337edf2.msp
[2012/04/04 13:32:41 | 016,613,376 | R--- | M] () -- C:\Windows\Installer\347ab11.msp
[2012/05/09 17:57:26 | 020,343,808 | R--- | M] () -- C:\Windows\Installer\348e94.msp
[2011/07/27 06:39:50 | 009,892,352 | R--- | M] () -- C:\Windows\Installer\34fffeb.msp
[2011/09/06 20:48:02 | 008,181,248 | R--- | M] () -- C:\Windows\Installer\350000d.msp
[2011/07/21 11:34:34 | 003,456,000 | R--- | M] () -- C:\Windows\Installer\350001b.msp
[2011/08/10 16:42:04 | 007,070,208 | R--- | M] () -- C:\Windows\Installer\3500025.msp
[2011/08/16 11:35:02 | 005,519,872 | R--- | M] () -- C:\Windows\Installer\3500048.msp
[2011/07/26 07:17:10 | 006,824,960 | R--- | M] () -- C:\Windows\Installer\350005d.msp
[2011/07/26 15:33:48 | 010,984,448 | R--- | M] () -- C:\Windows\Installer\3500072.msp
[2011/08/10 16:43:30 | 003,795,968 | R--- | M] () -- C:\Windows\Installer\350007d.msp
[2010/02/21 01:00:02 | 008,480,768 | R--- | M] () -- C:\Windows\Installer\368747d.msp
[2010/01/27 17:53:46 | 006,820,864 | R--- | M] () -- C:\Windows\Installer\3687491.msp
[2010/02/04 18:11:54 | 005,526,528 | R--- | M] () -- C:\Windows\Installer\36874a5.msp
[2009/11/20 23:46:06 | 011,524,608 | R--- | M] () -- C:\Windows\Installer\36874af.msp
[2011/08/06 11:02:06 | 000,953,344 | ---- | M] () -- C:\Windows\Installer\369f10cb.msi
[2011/04/07 02:43:30 | 123,313,664 | R--- | M] () -- C:\Windows\Installer\36da56c.msp
[2011/05/18 21:55:38 | 019,624,448 | R--- | M] () -- C:\Windows\Installer\36da584.msp
[2009/10/22 12:28:50 | 005,521,408 | R--- | M] () -- C:\Windows\Installer\37f95d.msp
[2009/10/06 18:40:46 | 007,681,024 | R--- | M] () -- C:\Windows\Installer\37f970.msp
[2009/08/18 12:58:56 | 008,301,056 | R--- | M] () -- C:\Windows\Installer\37f979.msp
[2009/10/22 12:46:32 | 006,821,888 | R--- | M] () -- C:\Windows\Installer\37f98c.msp
[2007/11/08 11:42:36 | 004,158,464 | R--- | M] () -- C:\Windows\Installer\38915fc.msp
[2008/06/11 14:02:44 | 000,830,464 | R--- | M] () -- C:\Windows\Installer\389160f.msp
[2008/07/08 11:27:36 | 008,436,736 | R--- | M] () -- C:\Windows\Installer\3891623.msp
[2008/01/14 15:24:52 | 010,721,280 | R--- | M] () -- C:\Windows\Installer\3891636.msp
[2008/10/25 09:15:10 | 006,227,456 | R--- | M] () -- C:\Windows\Installer\3891649.msp
[2008/01/14 16:53:34 | 005,213,696 | R--- | M] () -- C:\Windows\Installer\389165c.msp
[2008/01/31 10:30:52 | 009,947,648 | R--- | M] () -- C:\Windows\Installer\3891677.msp
[2008/06/04 13:29:48 | 016,905,728 | R--- | M] () -- C:\Windows\Installer\389168b.msp
[2008/10/22 22:48:56 | 007,672,832 | R--- | M] () -- C:\Windows\Installer\389169f.msp
[2008/07/30 08:50:56 | 012,506,112 | R--- | M] () -- C:\Windows\Installer\38916b3.msp
[2008/10/22 22:43:52 | 006,820,352 | R--- | M] () -- C:\Windows\Installer\38916c7.msp
[2008/06/11 15:05:06 | 009,994,240 | R--- | M] () -- C:\Windows\Installer\38916df.msp
[2011/09/05 22:01:26 | 013,135,872 | R--- | M] () -- C:\Windows\Installer\3a6940c.msp
[2009/01/04 12:13:28 | 003,454,464 | ---- | M] () -- C:\Windows\Installer\3b651.msi
[2009/01/04 12:14:57 | 000,261,632 | ---- | M] () -- C:\Windows\Installer\3b657.msi
[2009/01/04 12:15:00 | 000,176,640 | ---- | M] () -- C:\Windows\Installer\3b65d.msi
[2009/01/04 12:15:06 | 000,278,016 | ---- | M] () -- C:\Windows\Installer\3b663.msi
[2009/01/04 12:15:09 | 000,174,592 | ---- | M] () -- C:\Windows\Installer\3b669.msi
[2009/01/04 12:15:11 | 000,252,928 | ---- | M] () -- C:\Windows\Installer\3b66f.msi
[2009/01/04 12:15:14 | 000,252,416 | ---- | M] () -- C:\Windows\Installer\3b675.msi
[2009/01/04 12:15:16 | 000,205,312 | ---- | M] () -- C:\Windows\Installer\3b67b.msi
[2009/01/04 12:15:17 | 000,259,584 | ---- | M] () -- C:\Windows\Installer\3b681.msi
[2009/01/04 12:15:19 | 000,259,584 | ---- | M] () -- C:\Windows\Installer\3b687.msi
[2009/01/04 12:15:21 | 000,182,784 | ---- | M] () -- C:\Windows\Installer\3b68d.msi
[2009/01/04 12:15:22 | 000,259,072 | ---- | M] () -- C:\Windows\Installer\3b693.msi
[2009/01/04 12:15:23 | 000,259,072 | ---- | M] () -- C:\Windows\Installer\3b699.msi
[2009/01/04 12:15:24 | 000,181,248 | ---- | M] () -- C:\Windows\Installer\3b69f.msi
[2009/01/04 12:15:26 | 000,181,248 | ---- | M] () -- C:\Windows\Installer\3b6a5.msi
[2009/01/04 12:15:27 | 000,261,632 | ---- | M] () -- C:\Windows\Installer\3b6ab.msi
[2009/01/04 12:15:29 | 000,262,656 | ---- | M] () -- C:\Windows\Installer\3b6b1.msi
[2009/01/04 12:15:30 | 000,261,632 | ---- | M] () -- C:\Windows\Installer\3b6b7.msi
[2009/01/04 12:15:31 | 000,261,632 | ---- | M] () -- C:\Windows\Installer\3b6bd.msi
[2009/01/04 12:15:32 | 000,262,656 | ---- | M] () -- C:\Windows\Installer\3b6c3.msi
[2009/01/04 12:15:33 | 000,262,656 | ---- | M] () -- C:\Windows\Installer\3b6c9.msi
[2009/01/04 12:15:34 | 000,249,344 | ---- | M] () -- C:\Windows\Installer\3b6cf.msi
[2009/01/04 12:15:35 | 000,252,928 | ---- | M] () -- C:\Windows\Installer\3b6d5.msi
[2009/01/04 12:15:37 | 000,249,344 | ---- | M] () -- C:\Windows\Installer\3b6db.msi
[2009/01/04 12:15:38 | 000,249,344 | ---- | M] () -- C:\Windows\Installer\3b6e1.msi
[2009/01/04 12:15:39 | 000,250,880 | ---- | M] () -- C:\Windows\Installer\3b6e7.msi
[2009/01/04 12:15:40 | 000,248,832 | ---- | M] () -- C:\Windows\Installer\3b6ed.msi
[2009/01/04 12:15:41 | 000,248,832 | ---- | M] () -- C:\Windows\Installer\3b6f3.msi
[2009/01/04 12:15:42 | 000,248,320 | ---- | M] () -- C:\Windows\Installer\3b6f9.msi
[2009/01/04 12:15:43 | 000,250,880 | ---- | M] () -- C:\Windows\Installer\3b6ff.msi
[2009/01/04 12:15:44 | 000,251,392 | ---- | M] () -- C:\Windows\Installer\3b705.msi
[2009/01/04 12:15:45 | 000,250,880 | ---- | M] () -- C:\Windows\Installer\3b70b.msi
[2009/01/04 12:15:47 | 000,250,880 | ---- | M] () -- C:\Windows\Installer\3b711.msi
[2009/01/04 12:15:48 | 000,248,832 | ---- | M] () -- C:\Windows\Installer\3b717.msi
[2009/01/04 12:15:50 | 000,248,832 | ---- | M] () -- C:\Windows\Installer\3b71d.msi
[2009/01/04 12:15:51 | 000,188,928 | ---- | M] () -- C:\Windows\Installer\3b723.msi
[2009/01/04 12:15:54 | 000,688,640 | ---- | M] () -- C:\Windows\Installer\3b729.msi
[2009/01/04 12:18:43 | 000,020,992 | ---- | M] () -- C:\Windows\Installer\3b73c.msi
[2009/01/04 12:19:36 | 000,422,912 | ---- | M] () -- C:\Windows\Installer\3b746.msi
[2009/01/04 12:24:20 | 000,360,448 | ---- | M] () -- C:\Windows\Installer\3b750.msi
[2009/01/04 12:24:30 | 000,355,840 | ---- | M] () -- C:\Windows\Installer\3b755.msi
[2009/01/04 12:32:23 | 001,319,424 | ---- | M] () -- C:\Windows\Installer\3b79b.msi
[2012/07/18 14:54:24 | 002,831,360 | R--- | M] () -- C:\Windows\Installer\3cd3a700.msp
[2012/08/06 12:24:02 | 007,682,560 | R--- | M] () -- C:\Windows\Installer\3cd3a715.msp
[2011/12/15 22:53:00 | 000,331,264 | ---- | M] () -- C:\Windows\Installer\40653f.msi
[2011/12/15 23:18:23 | 003,331,584 | ---- | M] () -- C:\Windows\Installer\40656b.msi
[2011/12/15 23:20:41 | 013,978,624 | ---- | M] () -- C:\Windows\Installer\406572.msi
[2011/12/15 23:21:23 | 012,463,104 | ---- | M] () -- C:\Windows\Installer\406579.msi
[2011/12/15 23:23:34 | 001,136,640 | ---- | M] () -- C:\Windows\Installer\406580.msi
[2011/12/15 23:44:41 | 013,658,624 | ---- | M] () -- C:\Windows\Installer\4065b1.msi
[2011/12/16 00:12:45 | 007,529,472 | ---- | M] () -- C:\Windows\Installer\4065e5.msi
[2011/12/16 00:24:11 | 001,629,184 | ---- | M] () -- C:\Windows\Installer\4065f4.msi
[2011/12/16 00:28:31 | 000,801,280 | ---- | M] () -- C:\Windows\Installer\4065fc.msi
[2011/04/28 17:51:24 | 001,375,744 | R--- | M] () -- C:\Windows\Installer\406604.msp
[2009/09/09 15:40:48 | 000,632,320 | R--- | M] () -- C:\Windows\Installer\4119aa.msp
[2009/11/20 15:00:24 | 005,521,408 | R--- | M] () -- C:\Windows\Installer\4119bd.msp
[2012/11/07 10:36:56 | 007,677,952 | R--- | M] () -- C:\Windows\Installer\411f18.msp
[2012/11/21 15:13:14 | 005,522,432 | R--- | M] () -- C:\Windows\Installer\411f2d.msp
[2010/09/23 20:02:28 | 000,798,208 | R--- | M] () -- C:\Windows\Installer\4286a06.msp
[2009/08/18 12:08:34 | 001,373,696 | R--- | M] () -- C:\Windows\Installer\4352b85.msp
[2009/05/26 17:53:56 | 000,579,072 | R--- | M] () -- C:\Windows\Installer\4352b93.msp
[2009/10/16 06:08:48 | 002,237,952 | R--- | M] () -- C:\Windows\Installer\4352ba1.msp
[2012/07/19 14:21:01 | 001,648,640 | ---- | M] () -- C:\Windows\Installer\443b0.msi
[2011/02/16 15:22:49 | 000,019,968 | ---- | M] () -- C:\Windows\Installer\4764e0f.msi
[2011/02/16 16:20:37 | 001,013,248 | ---- | M] () -- C:\Windows\Installer\476500d.msi
[2011/02/16 16:31:56 | 005,230,080 | ---- | M] () -- C:\Windows\Installer\4765052.msi
[2012/04/17 11:11:06 | 007,681,024 | R--- | M] () -- C:\Windows\Installer\4a36ad.msp
[2012/02/17 07:45:24 | 002,299,392 | R--- | M] () -- C:\Windows\Installer\4a36bb.msp
[2012/04/28 20:43:58 | 008,459,264 | R--- | M] () -- C:\Windows\Installer\4a36c5.msp
[2012/04/27 14:09:22 | 005,521,408 | R--- | M] () -- C:\Windows\Installer\4a36d9.msp
[2012/03/19 21:02:30 | 006,695,936 | R--- | M] () -- C:\Windows\Installer\4a36ed.msp
[2012/04/09 15:50:24 | 006,829,568 | R--- | M] () -- C:\Windows\Installer\4a3701.msp
[2011/12/15 12:40:40 | 023,374,336 | R--- | M] () -- C:\Windows\Installer\4a3717.msp
[2012/04/04 21:38:16 | 003,620,864 | R--- | M] () -- C:\Windows\Installer\4a3720.msp
[2012/01/19 12:37:24 | 008,999,936 | R--- | M] () -- C:\Windows\Installer\4a3741.msp
[2011/12/22 15:50:54 | 000,256,000 | R--- | M] () -- C:\Windows\Installer\4a3749.msp
[2012/04/04 21:38:44 | 002,831,360 | R--- | M] () -- C:\Windows\Installer\4a3753.msp
[2012/12/16 12:38:19 | 001,547,776 | ---- | M] () -- C:\Windows\Installer\4c3f96.msi
[2012/12/16 12:39:38 | 005,846,528 | ---- | M] () -- C:\Windows\Installer\4c4053.msi
[2012/12/16 12:42:07 | 001,716,736 | ---- | M] () -- C:\Windows\Installer\4c40fd.msi
[2012/12/16 12:49:23 | 004,509,696 | ---- | M] () -- C:\Windows\Installer\4c5052.msi
[2010/01/13 14:26:40 | 000,119,296 | ---- | M] () -- C:\Windows\Installer\4fcbbfe.msi
[2009/12/11 10:29:56 | 005,521,408 | R--- | M] () -- C:\Windows\Installer\4fcbc11.msp
[2010/12/27 16:44:21 | 003,144,704 | ---- | M] () -- C:\Windows\Installer\55d8b.msi
[2009/01/20 21:09:20 | 000,119,296 | R--- | M] () -- C:\Windows\Installer\563016.msp
[2011/03/29 19:09:08 | 000,843,264 | ---- | M] () -- C:\Windows\Installer\56c8084.msi
[2012/09/24 19:45:03 | 000,022,016 | ---- | M] () -- C:\Windows\Installer\56fb58.msi
[2010/06/30 21:52:28 | 005,522,944 | R--- | M] () -- C:\Windows\Installer\581da85.msp
[2010/05/25 10:45:58 | 008,445,440 | R--- | M] () -- C:\Windows\Installer\581da9a.msp
[2010/11/10 00:23:40 | 001,139,712 | R--- | M] () -- C:\Windows\Installer\5925108.msp
[2010/11/10 02:16:22 | 003,314,688 | R--- | M] () -- C:\Windows\Installer\5925141.msp
[2010/11/10 01:15:38 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\592514b.msp
[2010/11/10 00:46:30 | 004,427,776 | R--- | M] () -- C:\Windows\Installer\592515e.msp
[2010/11/10 01:20:38 | 002,932,736 | R--- | M] () -- C:\Windows\Installer\5925176.msp
[2011/09/15 18:37:40 | 037,148,160 | R--- | M] () -- C:\Windows\Installer\5b9a4b.msp
[2011/09/15 18:37:28 | 016,691,712 | R--- | M] () -- C:\Windows\Installer\5b9a6b.msp
[2011/09/15 18:37:44 | 009,697,280 | R--- | M] () -- C:\Windows\Installer\5b9a7d.msp
[2011/09/15 18:34:22 | 089,837,056 | R--- | M] () -- C:\Windows\Installer\5b9ae2.msp
[2011/09/15 18:38:04 | 010,838,528 | R--- | M] () -- C:\Windows\Installer\5b9aef.msp
[2011/09/15 18:39:22 | 011,163,136 | R--- | M] () -- C:\Windows\Installer\5b9afd.msp
[2011/09/15 18:40:36 | 007,959,552 | R--- | M] () -- C:\Windows\Installer\5b9b09.msp
[2011/09/15 18:37:32 | 038,176,256 | R--- | M] () -- C:\Windows\Installer\5b9b1e.msp
[2011/04/16 02:01:24 | 000,223,232 | ---- | M] () -- C:\Windows\Installer\65b4c64.msi
[2010/11/20 22:33:46 | 001,980,928 | R--- | M] () -- C:\Windows\Installer\65b4c6e.msp
[2011/01/11 16:50:38 | 008,177,152 | R--- | M] () -- C:\Windows\Installer\65b4c79.msp
[2011/03/03 10:25:14 | 005,051,904 | R--- | M] () -- C:\Windows\Installer\65b4c8e.msp
[2011/03/17 19:01:58 | 009,563,648 | R--- | M] () -- C:\Windows\Installer\65b4c99.msp
[2011/02/11 07:43:44 | 010,951,168 | R--- | M] () -- C:\Windows\Installer\65b4cc0.msp
[2010/11/20 22:34:34 | 001,198,080 | R--- | M] () -- C:\Windows\Installer\65b4cca.msp
[2011/04/05 11:52:16 | 005,519,872 | R--- | M] () -- C:\Windows\Installer\65b4ce8.msp
[2011/02/24 08:38:52 | 010,984,448 | R--- | M] () -- C:\Windows\Installer\65b4cfd.msp
[2011/03/17 19:00:20 | 000,090,624 | R--- | M] () -- C:\Windows\Installer\65b4d07.msp
[2011/01/27 13:49:14 | 006,825,472 | R--- | M] () -- C:\Windows\Installer\65b4d25.msp
[2010/02/09 14:36:11 | 004,298,752 | ---- | M] () -- C:\Windows\Installer\684e361.msi
[2012/09/11 08:49:46 | 005,174,272 | ---- | M] () -- C:\Windows\Installer\68a8520.msi
[2008/10/20 10:18:14 | 006,474,240 | R--- | M] () -- C:\Windows\Installer\699a93.msp
[2007/07/21 13:26:34 | 007,574,016 | R--- | M] () -- C:\Windows\Installer\699a9c.msp
[2007/10/14 23:59:26 | 026,614,784 | R--- | M] () -- C:\Windows\Installer\699ab6.msp
[2007/10/14 23:33:24 | 026,646,016 | R--- | M] () -- C:\Windows\Installer\699ac1.msp
[2008/09/24 12:05:44 | 016,381,440 | R--- | M] () -- C:\Windows\Installer\699aca.msp
[2008/08/11 11:49:32 | 022,457,344 | R--- | M] () -- C:\Windows\Installer\699ada.msp
[2008/06/19 18:28:04 | 001,573,376 | R--- | M] () -- C:\Windows\Installer\699aeb.msp
[2008/08/11 11:51:14 | 015,916,544 | R--- | M] () -- C:\Windows\Installer\699afb.msp
[2008/10/20 10:22:54 | 011,758,592 | R--- | M] () -- C:\Windows\Installer\699b0b.msp
[2012/09/24 20:08:18 | 019,838,976 | ---- | M] () -- C:\Windows\Installer\6b21cc.msi
[2011/02/22 10:32:12 | 005,520,384 | R--- | M] () -- C:\Windows\Installer\6c04b58.msp
[2012/09/25 12:35:46 | 004,285,952 | R--- | M] () -- C:\Windows\Installer\6c93aa95.msp
[2012/11/04 19:47:18 | 005,520,896 | R--- | M] () -- C:\Windows\Installer\6c93aab5.msp
[2012/09/25 12:35:30 | 007,695,360 | R--- | M] () -- C:\Windows\Installer\6c93aac1.msp
[2012/09/27 16:53:12 | 006,825,472 | R--- | M] () -- C:\Windows\Installer\6c93aae6.msp
[2012/09/25 12:36:20 | 008,465,408 | R--- | M] () -- C:\Windows\Installer\6c93aaf2.msp
[2012/09/06 09:22:10 | 013,475,840 | R--- | M] () -- C:\Windows\Installer\6c93ab04.msp
[2012/09/10 08:59:10 | 010,739,712 | R--- | M] () -- C:\Windows\Installer\6c93ab15.msp
[2011/06/17 02:01:15 | 000,467,456 | ---- | M] () -- C:\Windows\Installer\6dafc34.msi
[2011/04/29 11:33:30 | 008,173,568 | R--- | M] () -- C:\Windows\Installer\6dafc3e.msp
[2011/05/17 17:28:52 | 006,862,848 | R--- | M] () -- C:\Windows\Installer\6dafc53.msp
[2011/05/20 16:31:56 | 005,518,848 | R--- | M] () -- C:\Windows\Installer\6dafc68.msp
[2011/04/27 18:51:18 | 006,825,472 | R--- | M] () -- C:\Windows\Installer\6dafc7d.msp
[2011/06/17 02:04:07 | 020,333,056 | R--- | M] () -- C:\Windows\Installer\6dafc8b.msp
[2011/06/17 02:05:12 | 000,223,744 | ---- | M] () -- C:\Windows\Installer\6dafc94.msi
[2011/04/29 11:28:40 | 001,995,264 | R--- | M] () -- C:\Windows\Installer\6dafc9e.msp
[2011/05/24 15:27:26 | 000,060,928 | R--- | M] () -- C:\Windows\Installer\6dafcc9.msp
[2011/05/23 13:15:48 | 003,617,792 | R--- | M] () -- C:\Windows\Installer\7064d2e.msp
[2012/12/15 17:47:56 | 002,449,920 | ---- | M] () -- C:\Windows\Installer\74631b.msi
[2012/10/24 19:28:39 | 000,112,640 | ---- | M] () -- C:\Windows\Installer\74fab3.msi
[2010/05/26 17:53:08 | 000,552,448 | ---- | M] () -- C:\Windows\Installer\79cae14.msi
[2009/04/23 16:57:12 | 007,672,832 | R--- | M] () -- C:\Windows\Installer\79d2b.msp
[2009/05/28 11:32:54 | 005,518,848 | R--- | M] () -- C:\Windows\Installer\79d3f.msp
[2009/04/24 11:30:16 | 002,583,552 | R--- | M] () -- C:\Windows\Installer\79d4b.msp
[2009/05/12 12:01:38 | 006,818,816 | R--- | M] () -- C:\Windows\Installer\79d5f.msp
[2009/05/04 06:46:14 | 008,299,008 | R--- | M] () -- C:\Windows\Installer\79d6a.msp
[2010/01/20 08:07:03 | 015,710,720 | R--- | M] () -- C:\Windows\Installer\7a4ce.msp
[2009/10/21 20:13:13 | 000,248,832 | ---- | M] () -- C:\Windows\Installer\7d139.msi
[2009/09/21 15:53:56 | 005,518,848 | R--- | M] () -- C:\Windows\Installer\7d14c.msp
[2009/09/29 08:08:12 | 006,747,648 | R--- | M] () -- C:\Windows\Installer\7d160.msp
[2009/10/21 20:15:27 | 015,709,696 | R--- | M] () -- C:\Windows\Installer\7d169.msp
[2009/07/27 03:31:24 | 003,738,624 | R--- | M] () -- C:\Windows\Installer\7d172.msp
[2009/03/20 10:48:56 | 000,183,808 | R--- | M] () -- C:\Windows\Installer\7d186.msp
[2009/07/01 12:21:28 | 008,891,904 | R--- | M] () -- C:\Windows\Installer\7d19c.msp
[2009/07/01 12:19:52 | 010,607,104 | R--- | M] () -- C:\Windows\Installer\7d19d.msp
[2009/08/20 04:02:38 | 005,204,992 | R--- | M] () -- C:\Windows\Installer\7d1b1.msp
[2009/08/21 09:14:20 | 008,363,008 | R--- | M] () -- C:\Windows\Installer\7d1cb.msp
[2010/05/26 21:06:30 | 000,228,352 | ---- | M] () -- C:\Windows\Installer\84e0f5c.msi
[2011/04/24 16:04:40 | 020,314,624 | R--- | M] () -- C:\Windows\Installer\869b6.msp
[2012/09/12 19:37:59 | 000,873,984 | ---- | M] () -- C:\Windows\Installer\8e2045.msi
[2012/09/12 19:39:49 | 000,176,128 | ---- | M] () -- C:\Windows\Installer\8e204c.msi
[2010/09/04 01:36:14 | 020,303,872 | R--- | M] () -- C:\Windows\Installer\979210.msp
[2009/11/15 09:28:03 | 000,324,608 | ---- | M] () -- C:\Windows\Installer\9a8a818.msi
[2009/01/06 17:22:44 | 008,691,712 | ---- | M] () -- C:\Windows\Installer\9bf933.msi
[2012/11/18 16:24:40 | 009,473,536 | ---- | M] () -- C:\Windows\Installer\9d34de9.msi
[2008/10/26 22:33:58 | 000,444,416 | R--- | M] () -- C:\Windows\Installer\9dd1c76.msp
[2011/07/28 19:23:14 | 000,228,352 | ---- | M] () -- C:\Windows\Installer\a107866.msi
[2011/06/27 18:23:30 | 000,771,584 | ---- | M] () -- C:\Windows\Installer\a322781.msi
[2011/12/15 23:21:52 | 001,097,728 | ---- | M] (Autodesk, Inc.) -- C:\Windows\Installer\adp_core-2_5.dll
[2011/12/15 23:21:52 | 000,210,432 | ---- | M] (Autodesk, Inc.) -- C:\Windows\Installer\adp_data-2_5.dll
[2011/12/15 23:21:59 | 000,356,352 | ---- | M] (Autodesk, Inc.) -- C:\Windows\Installer\adp_io_plugin-2_5.dll
[2011/12/15 23:21:53 | 000,598,016 | ---- | M] (Autodesk, Inc.) -- C:\Windows\Installer\adp_service_opczip-2_5.dll
[2011/12/15 23:21:52 | 000,557,568 | ---- | M] (Autodesk, Inc.) -- C:\Windows\Installer\adp_toolkit-2_5.dll
[2010/06/03 21:39:31 | 020,242,432 | R--- | M] () -- C:\Windows\Installer\b206e2f.msp
[2010/10/20 17:29:50 | 000,219,648 | ---- | M] () -- C:\Windows\Installer\b4fd519.msi
[2012/08/02 09:29:26 | 005,521,920 | R--- | M] () -- C:\Windows\Installer\b874e1e.msp
[2012/07/18 14:53:36 | 010,937,344 | R--- | M] () -- C:\Windows\Installer\b874e28.msp
[2012/07/17 09:11:02 | 006,145,024 | R--- | M] () -- C:\Windows\Installer\b874e51.msp
[2012/07/18 14:46:48 | 000,593,408 | R--- | M] () -- C:\Windows\Installer\b874e60.msp
[2012/07/25 15:59:06 | 011,032,064 | R--- | M] () -- C:\Windows\Installer\b874e6f.msp
[2012/07/17 09:17:04 | 022,363,136 | R--- | M] () -- C:\Windows\Installer\b874e82.msp
[2012/06/26 17:03:12 | 003,875,840 | R--- | M] () -- C:\Windows\Installer\b874e8b.msp
[2012/10/20 23:32:14 | 002,830,848 | R--- | M] () -- C:\Windows\Installer\ba2568e.msp
[2012/11/15 12:44:38 | 043,956,736 | R--- | M] () -- C:\Windows\Installer\ba256a2.msp
[2009/04/06 16:00:42 | 005,518,336 | R--- | M] () -- C:\Windows\Installer\bac7b7.msp
[2010/01/24 09:40:51 | 000,163,840 | ---- | M] () -- C:\Windows\Installer\bb56f.msi
[2010/09/28 20:46:19 | 020,303,872 | R--- | M] () -- C:\Windows\Installer\bfc3cb.msp
[2011/06/19 10:48:53 | 002,295,808 | ---- | M] () -- C:\Windows\Installer\c1788e4.msi
[2011/04/13 10:37:02 | 019,201,024 | R--- | M] () -- C:\Windows\Installer\c1788f4.msp
[2011/03/25 08:03:44 | 005,079,552 | R--- | M] () -- C:\Windows\Installer\c1788fd.msp
[2010/07/23 01:03:24 | 000,338,432 | R--- | M] () -- C:\Windows\Installer\c27f2c5.msp
[2010/12/06 15:02:34 | 005,518,848 | R--- | M] () -- C:\Windows\Installer\c27f2da.msp
[2010/11/12 11:08:30 | 000,889,344 | R--- | M] () -- C:\Windows\Installer\c27f2ee.msp
[2010/10/22 15:45:16 | 008,444,928 | R--- | M] () -- C:\Windows\Installer\c27f304.msp
[2012/04/22 21:37:42 | 001,182,720 | R--- | M] () -- C:\Windows\Installer\c53766e.msp
[2012/03/15 12:43:28 | 004,216,320 | R--- | M] () -- C:\Windows\Installer\c537676.msp
[2011/03/26 16:16:54 | 002,746,368 | ---- | M] () -- C:\Windows\Installer\d14ce32.msi
[2011/03/26 16:17:16 | 000,134,656 | ---- | M] () -- C:\Windows\Installer\d14ce3a.msi
[2009/01/07 09:16:15 | 001,227,776 | ---- | M] () -- C:\Windows\Installer\d21a9.msi
[2012/05/19 09:14:35 | 000,488,448 | ---- | M] () -- C:\Windows\Installer\d95b718.msi
[2008/12/12 11:09:40 | 005,517,824 | R--- | M] () -- C:\Windows\Installer\e007901.msp
[2011/06/05 10:06:21 | 016,530,944 | ---- | M] () -- C:\Windows\Installer\e504c97.msi
[2010/01/19 18:29:16 | 005,050,368 | R--- | M] () -- C:\Windows\Installer\e56297d.msp
[2010/01/19 17:51:12 | 005,524,480 | R--- | M] () -- C:\Windows\Installer\e562990.msp
[2011/06/05 10:32:18 | 000,691,200 | ---- | M] () -- C:\Windows\Installer\e69e55d.msi
[2009/12/16 22:58:22 | 005,382,144 | R--- | M] () -- C:\Windows\Installer\eac98.msp
[2009/03/05 14:40:52 | 006,819,840 | R--- | M] () -- C:\Windows\Installer\f3856b.msp
[2009/02/25 18:07:14 | 011,646,464 | R--- | M] () -- C:\Windows\Installer\f38575.msp
[2011/08/14 13:22:18 | 003,597,824 | ---- | M] () -- C:\Windows\Installer\f7375b.msi
[2011/08/14 13:19:33 | 004,425,728 | R--- | M] () -- C:\Windows\Installer\f7376f.msp
[2011/08/14 13:19:34 | 002,933,248 | R--- | M] () -- C:\Windows\Installer\f73788.msp
[2011/08/14 13:19:36 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\f73792.msp
[2011/08/14 13:19:39 | 001,139,200 | R--- | M] () -- C:\Windows\Installer\f737a3.msp
[2011/08/14 13:19:44 | 000,715,264 | R--- | M] () -- C:\Windows\Installer\f737be.msp
[2011/08/14 13:20:41 | 003,313,152 | R--- | M] () -- C:\Windows\Installer\f737e2.msp
[2011/08/14 13:20:42 | 000,029,184 | R--- | M] () -- C:\Windows\Installer\f7381a.msp
[2011/08/14 13:20:45 | 000,626,688 | R--- | M] () -- C:\Windows\Installer\f73828.msp
[2011/08/14 13:20:47 | 000,468,480 | R--- | M] () -- C:\Windows\Installer\f73837.msp
[2012/08/29 13:54:38 | 001,188,352 | ---- | M] () -- C:\Windows\Installer\f74e0b2.msi
[2012/01/03 17:58:05 | 015,929,344 | R--- | M] () -- C:\Windows\Installer\fad9afe.msp
[2012/01/25 14:55:08 | 005,520,384 | R--- | M] () -- C:\Windows\Installer\fc716f.msp
[2011/10/26 15:38:54 | 002,830,848 | R--- | M] () -- C:\Windows\Installer\fc7178.msp
[2012/02/14 23:08:45 | 020,333,056 | R--- | M] () -- C:\Windows\Installer\fc7184.msp
[2011/12/15 23:21:59 | 007,173,632 | ---- | M] (Autodesk, Inc.) -- C:\Windows\Installer\libfbxsdk-2_5.dll
[2011/12/15 23:21:59 | 000,038,912 | ---- | M] (Autodesk, Inc.) -- C:\Windows\Installer\Luc.exe
[2011/12/15 23:21:51 | 000,000,524 | ---- | M] () -- C:\Windows\Installer\Microsoft.VC90.CRT.manifest
[2011/12/15 23:21:51 | 000,224,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\Installer\msvcm90.dll
[2011/12/15 23:21:51 | 000,568,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\Installer\msvcp90.dll
[2011/12/15 23:21:51 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\Installer\msvcr90.dll
[2011/12/15 23:21:53 | 000,179,392 | ---- | M] (Intel Corporation) -- C:\Windows\Installer\tbb.dll
[2011/12/15 23:23:34 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}.SchedServiceConfig.rmi
[2009/03/17 08:02:39 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{162B71B8-8464-4680-A086-601D555B331D}.SchedServiceConfig.rmi
[2010/11/19 18:55:18 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{308B6AEA-DE50-4666-996D-0FA461719D6B}.SchedServiceConfig.rmi
[2012/11/14 19:33:29 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{3C3901C5-3455-3E0A-A214-0B093A5070A6}.SchedServiceConfig.rmi
[2012/12/16 12:42:07 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{459699C3-9430-4381-964B-4248D87B49F9}.SchedServiceConfig.rmi
[2011/02/15 22:59:59 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}.SchedServiceConfig.rmi
[2011/11/15 18:38:36 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{8153ED9A-C94A-426E-9880-5E6775C08B62}.SchedServiceConfig.rmi
[2009/06/11 17:39:43 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{8355F970-601D-442D-A79B-1D7DB4F24CAD}.SchedServiceConfig.rmi
[2010/06/21 19:34:12 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{85991ED2-010C-4930-96FA-52F43C2CE98A}.SchedServiceConfig.rmi
[2012/06/17 21:09:57 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}.SchedServiceConfig.rmi
[2010/04/28 06:32:05 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}.SchedServiceConfig.rmi
[2011/10/13 15:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}.SchedServiceConfig.rmi
[2009/11/16 14:51:02 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}.SchedServiceConfig.rmi
[2009/04/06 19:47:20 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{AFA20D47-69C3-4030-8DF8-D37466E70F13}.SchedServiceConfig.rmi
[2010/03/31 22:54:58 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{B5C3B892-0849-476C-9F46-B12F84819D57}.SchedServiceConfig.rmi
[2011/06/27 18:18:32 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{C23CD6DA-1958-43A5-ADD0-59396572E02E}.SchedServiceConfig.rmi
[2011/03/07 19:20:31 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{CACAEB5F-174D-4C7C-AC56-A33289A807CA}.SchedServiceConfig.rmi
[2010/09/07 21:10:49 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}.SchedServiceConfig.rmi
[2012/09/16 12:21:43 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}.SchedServiceConfig.rmi
[2012/03/12 19:14:18 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}.SchedServiceConfig.rmi
[18 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %windir%\system32\tasks\*.* >
[2012/12/03 18:34:57 | 000,003,682 | ---- | M] () -- C:\Windows\system32\tasks\Adobe Flash Player Updater
[2012/06/05 17:30:35 | 000,003,656 | ---- | M] () -- C:\Windows\system32\tasks\Adobe online update program
[2012/12/15 15:42:02 | 000,003,346 | ---- | M] () -- C:\Windows\system32\tasks\BrowserProtect
[2012/06/05 17:30:47 | 000,003,700 | ---- | M] () -- C:\Windows\system32\tasks\Divx online update program
[2012/07/11 22:23:39 | 000,003,528 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000Core
[2012/07/11 22:23:39 | 000,003,896 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000UA
[2012/09/24 18:39:53 | 000,003,630 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore
[2012/09/24 18:40:08 | 000,003,882 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA
[2012/06/05 17:30:32 | 000,003,638 | ---- | M] () -- C:\Windows\system32\tasks\HP online update program
[2012/06/05 17:30:43 | 000,003,666 | ---- | M] () -- C:\Windows\system32\tasks\Java Update Scheduler
[2012/06/05 17:59:41 | 000,003,280 | ---- | M] () -- C:\Windows\system32\tasks\TuneUp DiskDoctor
[2012/12/18 19:02:21 | 000,003,678 | ---- | M] () -- C:\Windows\system32\tasks\User_Feed_Synchronization-{DD4DCA60-9F17-4E99-B212-349DBA39490B}
[2011/06/05 10:02:42 | 000,003,038 | ---- | M] () -- C:\Windows\system32\tasks\{321F1E0E-0082-4738-B494-978D99495706}
[2010/02/14 15:44:49 | 000,003,052 | ---- | M] () -- C:\Windows\system32\tasks\{36426164-7A7B-40DC-8B22-755B7AC34D5A}
[2009/01/06 14:10:07 | 000,002,926 | ---- | M] () -- C:\Windows\system32\tasks\{3AD0BC28-67E3-475E-A0A5-CD18FA3E8528}
[2010/03/02 17:06:36 | 000,003,058 | ---- | M] () -- C:\Windows\system32\tasks\{55E7CFB3-7CFD-4BE0-A18D-FB9F6AD27FFA}
[2011/05/01 08:29:36 | 000,003,044 | ---- | M] () -- C:\Windows\system32\tasks\{6D40BF25-994F-430E-8079-1AC479F38355}
[2010/05/25 21:37:21 | 000,003,014 | ---- | M] () -- C:\Windows\system32\tasks\{9CB989FB-95DE-454A-A88E-6730AF831B5F}

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 02:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008/01/21 02:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\ERDNT\cache\regedit.exe
[2008/01/21 02:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008/01/21 02:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe

< MD5 for: SVCHOST.EXE >
[2008/01/21 02:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/21 02:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 02:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 02:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/21 02:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 02:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 02:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >
[2006/11/02 13:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 13:01:49 | 000,032,552 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/09/05 09:39:42 | 000,000,882 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010/09/05 09:39:43 | 000,000,886 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/01/29 14:18:29 | 000,000,900 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000Core.job
[2012/01/29 14:18:30 | 000,000,922 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000UA.job
[2012/04/04 16:19:00 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.0.6002
Copyright (C) 1999-2007 Microsoft Corporation.
On computer: JOHN-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 D RECOVERY NTFS Partition 10 GB Healthy
Volume 2 C OS NTFS Partition 288 GB Healthy System
Volume 3 K John's Larg NTFS Partition 932 GB Healthy
Volume 4 G Removable 0 B No Media
Volume 5 H Removable 0 B No Media
Volume 6 I Removable 0 B No Media
Volume 7 J Removable 0 B No Media
Volume 8 M John's Mini NTFS Partition 233 GB Healthy

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Posted By : JohnP - 12/18/2012 11:26 PM

And extras.txt:

OTL Extras logfile created on: 18/12/2012 19:55:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Documents
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.47% Memory free
4.23 Gb Paging File | 3.13 Gb Available in Paging File | 74.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.02 Gb Total Space | 86.34 Gb Free Space | 29.98% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.80 Gb Free Space | 48.05% Space Free | Partition Type: NTFS
Drive K: | 931.51 Gb Total Space | 922.39 Gb Free Space | 99.02% Space Free | Partition Type: NTFS
Drive M: | 232.88 Gb Total Space | 137.41 Gb Free Space | 59.00% Space Free | Partition Type: NTFS

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3702371316-2332676665-1026982982-1000\SOFTWARE\Classes\<extension>]
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C0DE20-1B64-4866-A6A7-D8062C4D7B6D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0DF60FA5-CF86-4824-82A4-73835025721A}" = lport=445 | protocol=6 | dir=in | app=system |
"{15E19AE0-2E5F-40C4-BE0E-61D0ECD63FEC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{17883F6A-3798-426E-8723-A07235090A5E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1BFC9F93-1D42-4EC8-8E2A-B2CEC97226C8}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{2363C361-B6EF-48B3-BD45-0F5D80CA851D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{313B3867-D319-465C-B8A1-620C2A3ADA95}" = lport=137 | protocol=17 | dir=in | app=system |
"{32DC8C5F-54AF-4381-B937-19AD07AFB68A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{34280BB1-97EC-4EE6-A4FF-69BE21BBFC4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{350184E5-7F58-4D5B-8933-D4A6F1543E80}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{3542F9A1-C400-4394-BC48-2D5A67BF1836}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3669B5AA-A0AC-4260-B729-B8948B45C084}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{37512E2C-9778-4CD1-8A9D-DEC9C3151709}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{3A0DF30C-DE9E-47A2-A818-C0E4DB132D18}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A56B275-B6C0-453F-A5CF-DBEB5B49A039}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3B167035-075F-469D-A7A3-FF6422EA16FE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3E8A2F9B-788A-4CE5-9CAF-C451536B939C}" = rport=445 | protocol=6 | dir=out | app=system |
"{3ED6FB6A-2DB4-4864-99D6-87C2D3441B9F}" = rport=10244 | protocol=6 | dir=out | app=system |
"{42AA7630-0F23-491C-8D0A-F7C60B5F0AE7}" = lport=10244 | protocol=6 | dir=in | app=system |
"{58573801-5264-4BEA-8225-0AA7F1102BEC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6287EBF8-4904-4CC0-9B88-2E67F7A087B1}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{65B9F3B0-B321-4D44-A8E9-49DFD34EF084}" = rport=139 | protocol=6 | dir=out | app=system |
"{6B887BCC-0FC6-4840-9548-B3874645F3F4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{70839EA0-A8AE-40D8-A1DC-115DCF72B887}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{754647C8-8B3D-4E2A-9839-C3913529D0A9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{77933F6F-7027-49DF-A863-B3D949B131AF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D767F25-FCD6-4819-8C52-3C42520B7825}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7E4D14A7-BC6C-46B2-B9BA-464697F99C62}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{82B6519E-4327-43DA-8F64-219601DBA2FC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8807602F-DE79-4362-9C51-705901193CE9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8BCB891E-63FB-4700-BEEA-B82B4DDF1F8A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{96CC8E99-D80D-404B-BBC0-D204292E25E1}" = lport=10244 | protocol=6 | dir=in | app=system |
"{9A4038F5-48AE-4C2F-B4AA-A870E26B0C62}" = rport=138 | protocol=17 | dir=out | app=system |
"{9CEB8BE9-DD8D-4C41-A8A0-3E68266A7353}" = rport=10244 | protocol=6 | dir=out | app=system |
"{A0B01B58-B741-478A-8B2E-0050A53A26D1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A12440B2-472E-447A-99CF-1D7B1CF02E7F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A8ACDBE4-3703-404A-9768-9747430ECF47}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA7BA044-1252-4C61-9B4C-0A5EE24A7EF2}" = lport=139 | protocol=6 | dir=in | app=system |
"{B172C93E-82C6-4C26-AFD8-9C4281A2F4E1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B4FBCC43-5C4C-460D-A1DB-6E88DB8FC2DF}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{B6FAAB02-E9F7-4E1D-A389-F17EAAC0A850}" = rport=137 | protocol=17 | dir=out | app=system |
"{BD42DD9E-65E6-45AF-B516-1F79DC357474}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C216290A-06B3-4E8B-B7D8-59D646E235CC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C8CF1541-0616-4382-A715-145681BD092C}" = lport=3390 | protocol=6 | dir=in | app=system |
"{C92CFB8C-3A0A-4CF2-ABE3-63A30BE7A5C5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DCE272CE-B6A8-44AC-B261-9776AB907BAF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD27BF7F-3CCB-4C48-BB14-EEAE995E1D85}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DD849E50-B5E9-4084-8CA5-25BB284D9AE1}" = lport=138 | protocol=17 | dir=in | app=system |
"{DDF1D447-F171-4D1C-AC15-0C8804C3F2EA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DE29DEA3-5786-4257-A017-7FC35B7CC1FE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E225A40A-394F-4AC1-8724-FFEBC9E97B9F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2440105-072D-42A6-819B-BA880A070ACC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F3308415-C977-4B6F-85E5-582C09B9B4AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F6DB1DBF-06D0-41AF-942D-D987921C7402}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{FB27E8F6-01ED-4893-BAC1-E555FF60E0BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBBB3066-09D3-47B9-8C3D-1CDFA8693C49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FEDD4962-2D74-496D-85F4-2F9A26BE48D7}" = lport=3390 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08652152-F474-4355-A1B3-9187C0B62014}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{0BD6F8F3-47E7-46FA-848D-B086E8CDD3CE}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{0C1DA678-F866-4867-98D6-52421678D25F}" = protocol=17 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe |
"{0E37CD89-9317-47A7-8F58-D39FFDE52728}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{117303F6-8F32-492A-B26B-BE3D60968C44}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{1BF9CD5F-EC7B-406D-BD63-D14FFF556424}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1D9E55B3-13F2-4235-9061-06E07E2F19FD}" = dir=in | app=c:\users\john\appdata\local\microsoft\skydrive\skydrive.exe |
"{1F06EE8D-4FB2-4B68-97A2-9AB2D032ECD6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{2101D9F2-AAC5-4955-9DB4-557F267CC31D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{22EB462F-6116-4434-A7E0-10CE177FD92C}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{289AD30D-25BF-4925-B0F2-F0DBB926D5C6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A63F03E-C14E-47A5-B70A-E39B8F6E3EF5}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{2C692802-3079-4EEB-8450-1CBA00CC60CD}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{2F16FA8C-633B-446E-BF3A-B9FF291511EB}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{31CF61D4-D075-4E30-9FAF-49D42A92ACC7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{324A3023-A200-4EE4-BB8A-E0E195EA1485}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{36C0F2C9-602C-44D2-ACDB-F671E9D1339F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{3C91E47B-7500-4216-9750-10611086E499}" = protocol=17 | dir=in | app=e:\x86\ibiscont.exe |
"{4489E623-56D2-4DB9-B3FC-87597A18E8DA}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{45F455A4-6918-4C78-A0E7-22FAAAD5CEF7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{468FB6D9-DE19-407B-B07A-3B68F55AFE34}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{496EE6BA-9981-4C27-95B5-7A11550C5EE7}" = protocol=6 | dir=in | app=e:\x86\ibiscont.exe |
"{4DAC9D5C-40D1-415D-B9D0-DA7748CBC763}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{52D5614E-6956-4B33-81A9-57E8D77DFCC2}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5374B255-0521-45B2-8A2E-8EFFC72BC460}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{546D5661-7BF7-4F6F-9511-75FE2534FC6A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{55FD6137-D887-4169-9434-40D5AB4B76E3}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{5975FD57-CD98-41A7-8C16-A1B91D252049}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{5A89B12F-BE60-449B-BBF5-5C9E4488CD5E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5D94C5BB-1250-4306-A419-B297724FF829}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{63787B34-2B3B-4ABA-85D4-B268C2A3D26F}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{6454A5F7-B158-426B-805A-550E3536BC37}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{65E44CF4-4D49-4DBA-8DC7-56D2D3AD8D32}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{67A08D03-721B-4B7B-9DBA-2E470C388794}" = dir=in | app=c:\users\john\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{6A0992DD-6757-4495-B4F6-B44789049018}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6F80DB0E-B863-468F-B292-87B0E1B89A0B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{707FE3E6-DA92-4B7A-9EF8-66D702723E02}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{730D3C01-9F95-4EA7-A16C-96DD26A230C8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{731D934A-F001-47A1-8903-DA5572FFFBB4}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{77A52F20-F807-43ED-81A0-8EA65C852357}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{798965C5-7F72-45D5-9B3A-A3AF386ACCFB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{79AFBAD6-988C-46F5-988B-48E29DD30E05}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{7C912291-3FA6-4F51-A2C3-6BE0B5562DF9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{7F5E1F7E-BAB7-4742-9A5E-34F85905A373}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7FE6BB42-599B-4D59-A1B2-05F63228B9AB}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{81A29012-FDFC-46D8-81AA-542DFED26489}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{8248E023-4183-4687-AB6B-900ADB56A0EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8512BE37-837E-40EA-AF29-8F3AA802B9C3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{88531CD6-8EBE-4B2E-B84A-CD8C33C5B5CE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8FA010B5-18EE-46B2-B0B2-FA11886CFCE9}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{9066933B-755C-4FBF-8E9C-E46AEE541CE2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{93F5E8F1-01CD-493B-9693-BCDD6A2ECC2E}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{96E2B094-92E3-4F3F-AE5F-C6C0451BA646}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{98FFABDD-3918-4F4B-8436-50D08762F83B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{99F4915D-8BEF-4462-89D2-DBF678C7BC2F}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{9E9CB8BA-8D61-4BAA-8087-7FF1C9D82114}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{A6014ACC-2975-4FDD-A1B2-91EB87667EF0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{A6EDF409-1B7C-47EA-917E-B7B9F0036827}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{A7C265B3-6886-4197-A50C-81B3F07C877E}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{AB78865A-F3C8-4DFD-AD56-42ABB9F291C1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{AD0DDCFC-4712-43A4-AC61-51E106B85791}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{ADD0E95A-03E2-4B16-B093-F8BC6E9B0EE0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AEAA92D3-85FD-4FAB-AFA1-371BB6ECD9C4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{B17AA620-1329-44B5-99B0-11DA1B2FB3F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B419EF2A-DD20-4C94-BBAB-8393C040A8A5}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{B6706F9C-F540-473C-9AAB-4DC800590FDF}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B71013D9-9B81-4D93-994B-FDA3E095945B}" = protocol=6 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe |
"{BF4CDC2C-9B2E-4098-8E89-778FF1BF008F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{BFD9C4CB-90C1-4232-A349-B8A94403940C}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C09D2CFE-B644-444E-A701-3190E35AA491}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C0C20217-7B53-4D3C-8A13-18AE53F6A368}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{C1DAE738-0C46-48C6-AFB0-CDD6234EB17C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C92C9DAC-880D-4477-A283-049556302D8D}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{CD3D1637-9BC2-4C8D-AA8E-6B2FB17EEA3F}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{D1F61E8A-F81F-4D43-AEF2-6A7DDB967F23}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D4ED3459-D496-40E4-AE87-95282B0FD53C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{D752EFD7-3C8B-442F-B89C-7035689C2BAC}" = protocol=6 | dir=out | app=system |
"{D8A7B9E6-819A-4104-AC23-EA1D5B69468B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E3683297-03F7-4DD8-A036-AB2D9B4A93F5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E875313B-D5C1-4B18-9254-E2C20FAC534F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{EC3313B0-B4FA-4D8D-8466-374250DCB09A}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{EF441E68-9903-4007-9354-85FE91124FC4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{F4875A62-B782-4AFF-9224-DF5A11F84C84}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F4FD0B13-F296-4586-9AC7-262972ABDB2D}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{F8E576CC-DCA0-4ADD-A549-F63F6F1EBC64}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{F90BCA4D-D9A6-458E-95B5-A8EBE248E7DB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{FE9BFB22-C372-458F-9DCB-06017310CD2D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"TCP Query User{274CFE59-F2CA-4EDF-BFE5-567BE803984B}C:\users\john\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\local\akamai\netsession_win.exe |
"TCP Query User{395FF2B9-AACA-49F5-93AE-E08285F33303}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{3EFDBE4E-B8C8-4DA4-8949-2BA79EE6127D}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{4D559B2A-0EF0-49A9-B5B7-2AD1252EA934}C:\users\john\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\spotify\spotify.exe |
"TCP Query User{62FCC867-7591-42CF-BD1C-5DB56F130CA3}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{70DB31A3-D019-463A-8E03-187DE8946A96}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{763C40F0-0B7C-4770-83F3-A83130118198}C:\program files\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=c:\program files\musicbrainz picard\picard.exe |
"TCP Query User{8951808A-6C2B-48F9-B3F7-E5E0AE9CC148}C:\program files\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=c:\program files\musicbrainz picard\picard.exe |
"TCP Query User{8A387258-BABE-4461-9233-97DE6EEDAC0C}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{8F3AFDC5-3E3A-4D34-BA8D-5C4252729C39}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{9D322AD9-4B1B-4A22-8161-666B3F790063}C:\program files\mediaremoteconnector\mediaremoteconnector.exe" = protocol=6 | dir=in | app=c:\program files\mediaremoteconnector\mediaremoteconnector.exe |
"TCP Query User{B21228A3-F79B-44C8-96E7-04629A6FE6E0}C:\users\john\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\local\akamai\netsession_win.exe |
"TCP Query User{D4A8CD46-EB9A-4016-AA59-DA0ADCD4AB00}C:\program files\printershare\paconsole.exe" = protocol=6 | dir=in | app=c:\program files\printershare\paconsole.exe |
"TCP Query User{D6534213-C7A2-46D9-A509-B6C534DAD546}C:\program files\mediaremoteconnector\mediaremoteconnector.exe" = protocol=6 | dir=in | app=c:\program files\mediaremoteconnector\mediaremoteconnector.exe |
"TCP Query User{E191EF0C-13F4-4FCE-90D0-2C51B4B60D33}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{EC3FEE8D-7E8E-4855-9310-D161C602A212}C:\program files\frog\frog\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\frog\frog\camfrog video chat.exe |
"UDP Query User{03C051C6-BF8A-4D60-A304-B016C411BAA0}C:\program files\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=c:\program files\musicbrainz picard\picard.exe |
"UDP Query User{127CCAB3-B515-4FC9-8CB4-91DCE8AFF2D8}C:\users\john\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\spotify\spotify.exe |
"UDP Query User{1BE51EE6-30FB-418D-A67C-AAA63AFC2798}C:\users\john\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\local\akamai\netsession_win.exe |
"UDP Query User{287212F1-7C6D-40A1-8A81-2C5875D95CA4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{303DE5D4-DBD0-4864-919B-BFBD6ADA6078}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{4EE9FD9C-089D-4FFB-94EC-4600E837E056}C:\program files\printershare\paconsole.exe" = protocol=17 | dir=in | app=c:\program files\printershare\paconsole.exe |
"UDP Query User{6DFDBC87-24EA-4CFA-9250-1D0E799A03E2}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{704D533F-0085-43D5-904C-1322B7877E32}C:\program files\mediaremoteconnector\mediaremoteconnector.exe" = protocol=17 | dir=in | app=c:\program files\mediaremoteconnector\mediaremoteconnector.exe |
"UDP Query User{7795AB3A-9245-48F6-B9F6-B959E72ED37D}C:\users\john\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\local\akamai\netsession_win.exe |
"UDP Query User{8CF7E707-9B2F-4C48-9125-5F492289A77D}C:\program files\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=c:\program files\musicbrainz picard\picard.exe |
"UDP Query User{8D2E8053-CF97-4267-95A1-5600287B8F51}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{BC02AFC1-A160-4AF3-89CC-B69DD87288A1}C:\program files\frog\frog\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\frog\frog\camfrog video chat.exe |
"UDP Query User{C5EAF724-E1B8-41C1-8930-FFF955E81101}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{CD0E10FA-69FD-4E2A-A060-D51263C97A52}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{DA7F3025-985B-4652-A681-A864E63D8A26}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{DDFADFBE-75D3-4F3C-A5D0-2DB6968D4F6F}C:\program files\mediaremoteconnector\mediaremoteconnector.exe" = protocol=17 | dir=in | app=c:\program files\mediaremoteconnector\mediaremoteconnector.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00CD9341-46BF-C386-1D4C-4D980B615549}" = Catalyst Control Center Localization Chinese Standard
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F81061C-661C-D357-F79C-31B1D78609F9}" = Catalyst Control Center Localization Spanish
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{170715E4-3235-8999-C05D-54156AC3F163}" = CCC Help German
"{174C89F3-EBA7-17AB-2FCA-82AE6AF7C8C5}" = CCC Help Japanese
"{1D9C9979-7B3D-0EBA-06B5-1A648DE8ECFC}" = Skins
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{250AD9EB-E6A4-FEE1-AAAF-66EB69E96060}" = CCC Help Polish
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B64ACEB-703E-6D90-5CBE-140B9A66C85B}" = Catalyst Control Center Localization Portuguese
"{2CADE3B6-6B69-2050-7B7C-2E6BB1183458}" = Catalyst Control Center Localization Thai
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30C042F8-B207-313E-F932-3599ADF24651}" = CCC Help Korean
"{3256C48C-78D0-4FC6-A0F5-81ADF3A9D7D4}" = AVG 2013
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3AE375B7-4C1A-8954-D87B-126990CA06ED}" = Catalyst Control Center Localization Turkish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4229F016-3A60-439E-B626-DE4BD457469F}" = BlackBerry Device Manager 7.0
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{42DB15D5-DAAD-A187-252F-80B669BFC970}" = CCC Help Turkish
"{44F70E24-C55E-4C6E-29F1-573C03BDFB9D}" = CCC Help Chinese Traditional
"{4517895C-2CCB-9CA7-D24A-E74559551426}" = Catalyst Control Center Localization Chinese Traditional
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{49041980-E77D-DCAD-8365-F22688D3A8AE}" = Catalyst Control Center Localization Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{569F35EF-9A3E-7EA6-3817-01F7A142E608}" = CCC Help Thai
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{5783F2D7-A004-0409-0002-0060B0CE6BBA}" = AutoCAD Architecture 2012 - English
"{5783F2D7-A004-0409-1002-0060B0CE6BBA}" = AutoCAD Architecture 2012 Language Pack - English
"{5783F2D7-A028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2012
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57E08EAC-F4FA-E453-6516-CA4D8AF4BD6D}" = CCC Help English
"{58F9D852-9443-4955-A1ED-12C9E0504DD0}" = Mavis Beacon Teaches Typing Platinum 20
"{5D412B61-F3A7-42C6-9C07-29BBD3D442B1}" = AVG 2013
"{5D9748ED-2EC3-E694-68E7-14AE077AA686}" = Catalyst Control Center Core Implementation
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C9C3437-FA3B-4C82-9F82-EA448606415A}" = MediaRemoteConnector
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DA93E66-5FA8-44ED-9CCA-40773444C10D}" = HP Deskjet 3050 J610 series Basic Device Software
"{6FC963A4-D7C2-743E-4634-0BE6893D2D30}" = ccc-utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7484FF63-DFD5-4703-5D5A-7B197CBC6AF7}" = CCC Help Hungarian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79D4609A-AE25-B8CA-9FD2-9DC5A919414E}" = ccc-core-static
"{7AC72E27-1BA9-D541-996D-AF926F21DB92}" = ATI Catalyst Install Manager
"{7F19855D-DB03-2435-858D-8CD809994A3F}" = Catalyst Control Center Localization Korean
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8958DFF1-3103-8A70-9108-40D7D359D8C6}" = Catalyst Control Center Graphics Full New
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E3A5EA8-DE6D-9333-0DB4-55FB9B6EED46}" = CCC Help Chinese Standard
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90CA0C98-4E23-8B12-29EC-FCEB49983E7E}" = Catalyst Control Center Localization Japanese
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A57F3E7-F32D-FD92-124C-B9C9D7231C20}" = Catalyst Control Center Graphics Light
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C5B9ED6-0344-4550-A4AB-C4499EB36053}" = SPC 700NC PC Camera
"{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012
"{A62F50D4-EED7-4417-A382-E89ABCF11BAC}" = SketchUp DWG Importer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BB22EB20-70C4-32D9-CAE5-816E24F458CA}" = Catalyst Control Center Graphics Full Existing
"{C3A0F1A3-7AD3-F7E3-D81A-0A5EC68F0397}" = Catalyst Control Center Localization Polish
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C70BF2F2-2B54-4303-ABE6-82A20038A2EA}" = SPC 700NC PC Camera
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD65BFB7-291F-9D67-760B-4FD16337FCB9}" = CCC Help Italian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6B3114F-945B-4980-BF7A-AF12E9161A0F}" = iCloud
"{DB98F489-0D1B-0244-2B95-24F4C9D6A5BD}" = CCC Help Spanish
"{DC0D3295-0697-808C-4F1F-44E58330C3E8}" = Catalyst Control Center Localization German
"{DED01768-E634-11E1-AEB0-984BE15F174E}" = Evernote v. 4.5.8
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E79066AE-9AF1-9C3C-6F3A-95BC4A3C3E33}" = Catalyst Control Center Graphics Previews Common
"{E87B8271-8225-31ED-95BE-0C7DB1813F7C}" = CCC Help French
"{E87FE5BA-2E1B-A6F2-F40E-9D6865ADF886}" = Catalyst Control Center Localization French
"{EA57A1B9-0DD2-44DD-9B70-64E8DA553F6F}" = Philips VLounge
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18E39EE-5306-6765-9EE3-CD3ECFE9678F}" = Catalyst Control Center Graphics Previews Vista
"{F318B83E-27E2-2EFF-12EE-667C02A062D9}" = CCC Help Portuguese
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{FCDBE9CF-CFB4-2260-8F84-09B6F7FD9A87}" = Catalyst Control Center Localization Italian
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anti-Spy.Info" = Anti-Spy.Info 1.8d
"asterisk key" = Asterisk Key 10.0
"AutoCAD Architecture 2012 - English" = AutoCAD Architecture 2012 - English
"AutoCAD Architecture 2012 - English SP 1" = AutoCAD Architecture 2012 - English SP 1
"Autodesk Design Review 2012" = Autodesk Design Review 2012
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"AVG" = AVG 2013
"BlackBerry_HandheldManager" = BlackBerry Device Manager 7.0
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Debut" = Debut Video Capture Software
"Defraggler" = Defraggler
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"DVD Flick_is1" = DVD Flick
"DWG TrueView 2012" = DWG TrueView 2012
"Free RAR Extract Frog" = Free RAR Extract Frog
"Google Desktop" = Google Desktop
"Hamster Lite Archiver_is1" = Hamster Lite Archiver 2.0.1.2
"HijackThis" = HijackThis 2.0.2
"HP Photo Creations" = HP Photo Creations
"LAGARITH" = Lagarith lossless video codec (Remove Only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 16.0.2 (x86 en-GB)" = Mozilla Firefox 16.0.2 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MusicBrainz Picard" = MusicBrainz Picard
"pdfsam" = pdfsam
"PRJPRO" = Microsoft Office Project Professional 2007
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"SDEPRO20_is1" = SDExplorer Advanced 3.5
"Speccy" = Speccy
"Spotify" = Spotify
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3702371316-2332676665-1026982982-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"JoinMe" = join.me
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14/01/2011 17:37:04 | Computer Name = John-PC | Source = WinMgmt | ID = 10
Description =

Error - 14/01/2011 17:41:53 | Computer Name = John-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 14/01/2011 17:41:53 | Computer Name = John-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 14/01/2011 17:41:53 | Computer Name = John-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 14/01/2011 17:42:50 | Computer Name = John-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 14/01/2011 17:42:51 | Computer Name = John-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 14/01/2011 17:42:51 | Computer Name = John-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 14/01/2011 17:46:06 | Computer Name = John-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 14/01/2011 17:46:06 | Computer Name = John-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 14/01/2011 17:46:06 | Computer Name = John-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 15/11/2011 15:10:10 | Computer Name = John-PC | Source = Mcx2Dvcs | ID = 405
Description =

[ System Events ]
Error - 18/12/2012 16:05:03 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18/12/2012 16:06:09 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18/12/2012 16:07:00 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18/12/2012 16:08:00 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18/12/2012 16:09:02 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18/12/2012 16:10:00 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18/12/2012 16:11:02 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18/12/2012 16:12:00 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18/12/2012 16:13:03 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18/12/2012 16:14:00 | Computer Name = John-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

Posted By : Touch - 12/19/2012 7:22 PM

We need to run an OTL Fix

• Please reopen OTL on your desktop.
• Copy and Paste the following text in bold into the Custom Scan textbox.
•

:OTL
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin700.exe.lnk - C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe - ()
MsConfig - StartUpFolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe - (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
[2012/12/18 19:45:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/18 19:44:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/18 19:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/18 18:15:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/18 18:15:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/18 17:28:01 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000UA.job
[2012/12/17 23:28:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000Core.job
[2012/12/03 18:34:57 | 000,003,682 | ---- | M] () -- C:\Windows\system32\tasks\Adobe Flash Player Updater
[2012/06/05 17:30:35 | 000,003,656 | ---- | M] () -- C:\Windows\system32\tasks\Adobe online update program
[2012/12/15 15:42:02 | 000,003,346 | ---- | M] () -- C:\Windows\system32\tasks\BrowserProtect
[2012/06/05 17:30:47 | 000,003,700 | ---- | M] () -- C:\Windows\system32\tasks\Divx online update program
[2012/07/11 22:23:39 | 000,003,528 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000Core
[2012/07/11 22:23:39 | 000,003,896 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000UA
[2012/09/24 18:39:53 | 000,003,630 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore
[2012/09/24 18:40:08 | 000,003,882 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA
[2012/06/05 17:30:32 | 000,003,638 | ---- | M] () -- C:\Windows\system32\tasks\HP online update program
[2012/06/05 17:30:43 | 000,003,666 | ---- | M] () -- C:\Windows\system32\tasks\Java Update Scheduler
[2012/06/05 17:59:41 | 000,003,280 | ---- | M] () -- C:\Windows\system32\tasks\TuneUp DiskDoctor
[2012/12/18 19:02:21 | 000,003,678 | ---- | M] () -- C:\Windows\system32\tasks\User_Feed_Synchronization-{DD4DCA60-9F17-4E99-B212-349DBA39490B}
[2011/06/05 10:02:42 | 000,003,038 | ---- | M] () -- C:\Windows\system32\tasks\{321F1E0E-0082-4738-B494-978D99495706}
[2010/02/14 15:44:49 | 000,003,052 | ---- | M] () -- C:\Windows\system32\tasks\{36426164-7A7B-40DC-8B22-755B7AC34D5A}
[2009/01/06 14:10:07 | 000,002,926 | ---- | M] () -- C:\Windows\system32\tasks\{3AD0BC28-67E3-475E-A0A5-CD18FA3E8528}
[2010/03/02 17:06:36 | 000,003,058 | ---- | M] () -- C:\Windows\system32\tasks\{55E7CFB3-7CFD-4BE0-A18D-FB9F6AD27FFA}
[2011/05/01 08:29:36 | 000,003,044 | ---- | M] () -- C:\Windows\system32\tasks\{6D40BF25-994F-430E-8079-1AC479F38355}
[2010/05/25 21:37:21 | 000,003,014 | ---- | M] () -- C:\Windows\system32\tasks\{9CB989FB-95DE-454A-A88E-6730AF831B5F}
• :Reg
•
• :Files
• ipconfig /flushdns /c
• :Commands
• [purity]
• [resethosts]
• [CreateRestorePoint]
• [emptytemp]
[EMPTYFLASH]

• Push Run Fix Button
• OTL may ask to reboot the machine. Please do so if asked.
• Click OK.
• A report will open. Copy and Paste that report in your next reply, and tell how your computer are behaving ?

• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Please read: Forum Rules

Click here: Before-posting-a-log

Do not PM me with logfiles. They will be deleted.

Posted By : JohnP - 12/20/2012 11:23 PM

Thanks!! log from OTL:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk\ deleted successfully.
C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin700.exe.lnk\ deleted successfully.
C:\Windows\pss\TrayMin700.exe.lnk.CommonStartup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk\ deleted successfully.
C:\Windows\pss\Dell Dock.lnk.Startup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk\ deleted successfully.
C:\Windows\pss\EvernoteClipper.lnk.Startup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\QuickTime Task\ deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000UA.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000Core.job moved successfully.
C:\Windows\System32\Tasks\Adobe Flash Player Updater moved successfully.
C:\Windows\System32\Tasks\Adobe online update program moved successfully.
C:\Windows\System32\Tasks\BrowserProtect moved successfully.
C:\Windows\System32\Tasks\Divx online update program moved successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000Core moved successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3702371316-2332676665-1026982982-1000UA moved successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore moved successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA moved successfully.
C:\Windows\System32\Tasks\HP online update program moved successfully.
C:\Windows\System32\Tasks\Java Update Scheduler moved successfully.
C:\Windows\System32\Tasks\TuneUp DiskDoctor moved successfully.
C:\Windows\System32\Tasks\User_Feed_Synchronization-{DD4DCA60-9F17-4E99-B212-349DBA39490B} moved successfully.
C:\Windows\System32\Tasks\{321F1E0E-0082-4738-B494-978D99495706} moved successfully.
C:\Windows\System32\Tasks\{36426164-7A7B-40DC-8B22-755B7AC34D5A} moved successfully.
C:\Windows\System32\Tasks\{3AD0BC28-67E3-475E-A0A5-CD18FA3E8528} moved successfully.
C:\Windows\System32\Tasks\{55E7CFB3-7CFD-4BE0-A18D-FB9F6AD27FFA} moved successfully.
C:\Windows\System32\Tasks\{6D40BF25-994F-430E-8079-1AC479F38355} moved successfully.
C:\Windows\System32\Tasks\{9CB989FB-95DE-454A-A88E-6730AF831B5F} moved successfully.
File PTYFLASH] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 12202012_195938

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Posted By : Touch - 12/23/2012 12:09 PM

Please tell how things are running now ?

Please read: Forum Rules

Click here: Before-posting-a-log

Do not PM me with logfiles. They will be deleted.

Posted By : JohnP - 12/23/2012 2:27 PM

Hi Touch,

I have been on the PC very little although initally it seems to be running well but I'd need to do some work on it to be sure.

One problem is that upon a restart I've had a box pop up telling me that an unautorised change was made to windows and I need to put the windows activiation key back in, so I'm going to try and need to find a windows CD which I hope I still have! Is there anyway of extracting the key from windows if I can't find it - it is a legit version of windows preinstalled by Dell (but some time ago).

I'm away from my PC now for a week so thanks for your help and I'll pick up messages when I get back. I hope you have a good Christmas.

John

Posted By : JohnP - 12/23/2012 2:30 PM

Ignore me, it's on the PC case!

Posted By : Touch - 12/26/2012 10:31 AM

I hope you have a good Christmas. Thank you

Ignore me, it's on the PC case!

Please read: Forum Rules

Click here: Before-posting-a-log

Do not PM me with logfiles. They will be deleted.

Need Support? Write to:

| Forum Help Manual

Download free trial version of Bullguard Internet Security