denny222 Posted June 25, 2012 ID:564219 Share Posted June 25, 2012 Hello people, I would be must appreciative if you could suggest to me what I should copy/paste into 'Custom Scan/Fixes' in order to get rid of the annoying searchnu.com that is the automatic first tab on my Google Chrome. Have gotten rid of Incredibar so far. I followed instructions on downloading OTL by Oldtimer and ran a quick scan with all users ticked and got the OL.TXT and EXTRAS.TXT files. I will post them here for your attention - if you don't mind.Can I 'paste the following' as per Maniacs post into my 'Custom Scan/Fixes'?Link to that thread http://forums.malwarebytes.org/index.php?showtopic=108903From Maniac in previous post; Step 1Please uninstall the following application: Searchqu Toolbar . Then reboot your PC.Step 2Run OTLUnder the Custom Scans/Fixes box at the bottom, paste in the followingThen click the Run Fix button at the topLet the program run unhindered, reboot the PC when it is donePlease post the OTL fix log in your next reply.Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFilesAny assistance appreciated Link to post Share on other sites More sharing options...
denny222 Posted June 25, 2012 Author ID:564220 Share Posted June 25, 2012 OTL logfile created on: 25/06/2012 19:07:09 - Run 1OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Denny\Downloads64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy2.86 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 51.91% Memory free5.71 Gb Paging File | 3.74 Gb Available in Paging File | 65.55% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 281.99 Gb Total Space | 227.97 Gb Free Space | 80.84% Space Free | Partition Type: NTFSComputer Name: DENNY-PC | User Name: Denny | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/06/25 18:53:52 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Denny\Downloads\OTL.exePRC - [2012/06/14 14:34:32 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exePRC - [2012/06/14 14:34:30 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exePRC - [2012/05/08 15:15:02 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exePRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exePRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exePRC - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2012/02/18 08:59:28 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exePRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exePRC - [2011/03/14 12:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exePRC - [2011/03/14 12:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exePRC - [2011/03/14 12:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exePRC - [2011/03/14 12:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exePRC - [2011/02/15 20:36:10 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exePRC - [2011/02/15 20:35:34 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exePRC - [2011/02/01 22:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2011/02/01 22:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2011/01/31 22:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exePRC - [2011/01/13 03:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exePRC - [2011/01/13 03:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exePRC - [2010/12/29 14:56:22 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exePRC - [2010/12/29 14:56:18 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exePRC - [2010/12/27 09:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exePRC - [2010/12/09 22:25:22 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exePRC - [2010/10/05 23:46:10 | 000,704,104 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exePRC - [2010/09/28 04:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exePRC - [2010/09/18 01:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exePRC - [2010/09/18 01:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exePRC - [2010/04/27 03:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exePRC - [2010/01/30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exePRC - [2010/01/28 14:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exePRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exePRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exePRC - [2009/11/19 23:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exePRC - [2009/11/18 11:15:22 | 000,242,688 | ---- | M] () -- C:\Program Files (x86)\PC Suite\JoinMEAssistantServices.exePRC - [2009/03/10 19:50:18 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\PC Suite\JoinMEUIExec.exePRC - [1998/07/23 17:06:26 | 000,067,584 | ---- | M] (IntelliQuest Communications, Inc.) -- C:\Program Files\Corel\Print Office 2000\Register\Remind32.exe========== Modules (No Company Name) ==========MOD - [2012/06/14 14:34:33 | 000,132,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dllMOD - [2012/06/14 14:34:30 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exeMOD - [2012/06/14 13:58:03 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dllMOD - [2012/06/14 09:46:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dllMOD - [2012/06/14 09:46:48 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dllMOD - [2012/06/07 09:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dllMOD - [2012/06/07 09:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dllMOD - [2012/06/07 09:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dllMOD - [2012/06/07 09:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dllMOD - [2012/06/07 09:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dllMOD - [2012/06/07 09:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dllMOD - [2012/06/07 09:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dllMOD - [2012/06/07 08:23:19 | 009,252,040 | ---- | M] () -- C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dllMOD - [2012/05/11 20:26:57 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dllMOD - [2012/05/11 18:56:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dllMOD - [2012/05/11 18:54:47 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dllMOD - [2012/05/11 18:54:41 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dllMOD - [2012/05/11 18:54:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dllMOD - [2012/05/11 18:54:31 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dllMOD - [2012/05/11 18:54:10 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dllMOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODFMOD - [2011/02/15 20:37:10 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dllMOD - [2010/12/29 14:56:18 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exeMOD - [2010/12/29 14:56:16 | 000,210,312 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dllMOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dllMOD - [2009/03/10 19:50:18 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\PC Suite\JoinMEUIExec.exe========== Win32 Services (SafeList) ==========SRV:64bit: - [2012/05/08 15:15:02 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)SRV:64bit: - [2011/02/22 21:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)SRV:64bit: - [2011/01/31 22:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)SRV:64bit: - [2010/09/23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2012/06/21 23:00:46 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2012/06/14 14:34:32 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)SRV - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)SRV - [2012/01/13 12:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)SRV - [2011/04/25 07:41:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)SRV - [2011/03/14 12:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)SRV - [2011/02/15 20:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)SRV - [2011/02/01 22:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®SRV - [2011/02/01 22:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®SRV - [2011/01/13 03:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®SRV - [2010/12/27 09:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)SRV - [2010/09/28 03:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2010/01/30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)SRV - [2010/01/28 14:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)SRV - [2009/11/18 11:15:22 | 000,242,688 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PC Suite\JoinMEAssistantServices.exe -- (JoinMEUI Assistant Service)SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)DRV:64bit: - [2011/03/27 00:19:50 | 012,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2011/03/17 08:10:48 | 001,584,256 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/03/09 14:38:30 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)DRV:64bit: - [2011/03/09 14:38:30 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)DRV:64bit: - [2011/03/09 14:38:30 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)DRV:64bit: - [2011/01/13 12:46:18 | 001,412,144 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)DRV:64bit: - [2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2011/01/12 09:10:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/08 05:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®DRV:64bit: - [2010/10/15 09:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®DRV:64bit: - [2010/09/30 06:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)DRV:64bit: - [2010/09/30 06:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)DRV:64bit: - [2010/07/09 04:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)DRV:64bit: - [2010/05/11 11:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)DRV:64bit: - [2010/04/20 03:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)DRV:64bit: - [2010/01/19 12:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)DRV:64bit: - [2010/01/19 12:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)DRV:64bit: - [2010/01/19 12:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)DRV:64bit: - [2010/01/19 12:49:52 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)DRV:64bit: - [2009/12/31 14:36:24 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zgwhsnmea.sys -- (zgwhsnmea)DRV:64bit: - [2009/12/31 14:36:20 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zgwhsmdm.sys -- (zgwhsmdm)DRV:64bit: - [2009/12/31 14:36:16 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zgwhsdiag.sys -- (zgwhsdiag)DRV:64bit: - [2009/11/18 11:39:50 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)DRV:64bit: - [2008/05/20 20:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)DRV:64bit: - [2007/05/01 04:00:00 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)DRV - [2010/01/28 14:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\mdvrmng.sys -- (mdvrmng)DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.comIE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.comIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBoxIE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.comIE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBoxIE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.comIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ieIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ieIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ieIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ieIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113480&tt=060612_8_&babsrc=SP_ss&mntrId=80ab623a000000000000c0f8da13eae1IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\SearchScopes\{17B68CFB-29C2-4EAD-AA10-FDEB5383E062}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={FF0B5FC6-2C40-42ED-B3CA-8E15BDDC3CEB}&mid=527d6e7af26f47d19b66cd3c4e1ad77a-1046487ca0fc8c675f5976529045cd412ad24b92〈=en&ds=AVG&pr=fr&d=2012-01-19 18:42:30&v=10.0.0.7&sap=dsp&q={searchTerms}IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\SearchScopes\{A1A6415E-3359-4B4B-B34E-C79239731047}: "URL" = http://search.avg.com/?d=4e36e40f&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Search Results"FF - prefs.js..browser.search.order.1: "Search Results"FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..browser.startup.homepage: "http://isearch.avg.com?cid=%7B5b5b0c17-896f-4cc6-934a-142987c01a5d%7D&mid=527d6e7af26f47d19b66cd3c4e1ad77a-1046487ca0fc8c675f5976529045cd412ad24b92&ds=AVG&v=11.1.0.7〈=en&pr=fr&d=2012-01-19%2018%3A42%3A30&sap=hp"FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="FF - prefs.js..network.proxy.type: 0FF - user.js..browser.startup.homepage: "http://www.google.com/"FF - user.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="FF - user.js..browser.search.selectedEngine: "Google"FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Denny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Denny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/06/14 17:32:30 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/21 15:17:29 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/22 23:04:04 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/06/14 14:34:37 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/16 18:24:25 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/06/14 17:32:30 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/21 17:58:09 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins[2012/06/14 17:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denny\AppData\Roaming\Mozilla\Extensions[2012/06/25 18:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\vabb7f6c.default\extensions[2012/06/14 17:33:09 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\vabb7f6c.default\extensions\ffxtlbr@incredibar.com[2012/06/14 17:40:37 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\vabb7f6c.default\extensions\plugin@yontoo.com[2012/06/14 17:32:23 | 000,002,203 | ---- | M] () -- C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\vabb7f6c.default\searchplugins\MyStart Search.xml[2012/06/14 17:45:44 | 000,002,519 | ---- | M] () -- C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\vabb7f6c.default\searchplugins\Search_Results.xml[2012/06/14 17:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2012/02/05 22:47:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}[2012/06/14 17:40:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com[2012/06/21 15:17:29 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4[2012/06/14 17:32:30 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX[2012/06/14 14:34:37 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7File not found (No name found) -- C:\USERS\DENNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VABB7F6C.DEFAULT\EXTENSIONS\{5A95A9E0-59DD-4314-BD84-4D18CA83A0E2}.XPI[2011/12/21 17:58:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll[2011/12/21 17:58:06 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml[2012/06/14 14:34:30 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml[2012/06/14 17:40:45 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml[2011/12/21 17:58:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml[2011/12/21 17:58:06 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml[2011/12/21 17:58:06 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml[2012/06/14 17:45:44 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml[2011/12/21 17:58:06 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml========== Chrome ==========CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dllCHR - plugin: Shockwave Flash (Disabled) = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dllCHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dllCHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dllCHR - plugin: Skype Toolbars (Enabled) = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLLCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLLCHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dllCHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllCHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dllCHR - Extension: YouTube = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\CHR - Extension: Google Search = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\CHR - Extension: Web Assistant = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.442_0\CHR - Extension: SiteAdvisor = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\CHR - Extension: AdBlock = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.36_0\CHR - Extension: Earth = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jieopfhnlbjmbpckpdhfdedccdmngdac\1.5_0\CHR - Extension: Skype Click to Call = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\CHR - Extension: AVG Do Not Track = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\CHR - Extension: Evernote Web Clipper = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.5_1\CHR - Extension: Gmail = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)O3:64bit: - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)O4 - HKLM..\Run: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)O4 - HKLM..\Run: [JoinMEUIExec] C:\Program Files (x86)\PC Suite\JoinMEUIExec.exe ()O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - Startup: C:\Users\Denny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Corel Print Office Registration.lnk = C:\Program Files\Corel\Print Office 2000\Register\Remind32.exe (IntelliQuest Communications, Inc.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not foundO8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2ADFB0D5-C8BF-45CC-A3E0-F1873182E31A}: DhcpNameServer = 192.168.1.1 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7004B3CA-E164-4EAC-8FC6-74F9604EA488}: DhcpNameServer = 192.168.1.254O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value foundO18:64bit: - Protocol\Handler\viprotocol - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O33 - MountPoints2\{0f64ab74-b61d-11e1-a004-1c7508fe3e89}\Shell - "" = AutoRunO33 - MountPoints2\{0f64ab74-b61d-11e1-a004-1c7508fe3e89}\Shell\AutoRun\command - "" = E:\AutoRun.exeO33 - MountPoints2\{126f3f05-0e70-11e1-a6a2-1c7508fe3e89}\Shell - "" = AutoRunO33 - MountPoints2\{126f3f05-0e70-11e1-a6a2-1c7508fe3e89}\Shell\AutoRun\command - "" = F:\AutoRun.exeO33 - MountPoints2\{7a9bdb28-b55a-11e1-a02d-1c7508fe3e89}\Shell - "" = AutoRunO33 - MountPoints2\{7a9bdb28-b55a-11e1-a02d-1c7508fe3e89}\Shell\AutoRun\command - "" = E:\AutoRun.exeO33 - MountPoints2\{7a9bdb2a-b55a-11e1-a02d-1c7508fe3e89}\Shell - "" = AutoRunO33 - MountPoints2\{7a9bdb2a-b55a-11e1-a02d-1c7508fe3e89}\Shell\AutoRun\command - "" = E:\AutoRun.exeO33 - MountPoints2\{fd50b2f1-bbb0-11e1-abdd-1c7508fe3e89}\Shell - "" = AutoRunO33 - MountPoints2\{fd50b2f1-bbb0-11e1-abdd-1c7508fe3e89}\Shell\AutoRun\command - "" = E:\AutoRun.exeO33 - MountPoints2\E\Shell - "" = AutoRunO33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exeO33 - MountPoints2\F\Shell - "" = AutoRunO33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exeO34 - HKLM BootExecute: (autocheck autochk *)O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2012/06/21 22:37:34 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Local\Macromedia[2012/06/21 22:35:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed[2012/06/21 15:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG[2012/06/14 17:40:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo[2012/06/14 17:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer[2012/06/14 17:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon[2012/06/14 17:40:22 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Roaming\Babylon[2012/06/14 17:40:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLVPlayer[2012/06/14 17:40:19 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player[2012/06/14 17:32:53 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Local\AVG Secure Search[2012/06/14 17:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant[2012/06/14 17:31:07 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Local\Ilivid Player[2012/06/14 17:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess[2012/06/12 16:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems[2012/06/12 16:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Print Office 2000[2012/06/12 16:05:27 | 000,000,000 | ---D | C] -- C:\My Pictures[2012/06/12 16:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Corel[2012/06/12 16:01:54 | 000,000,000 | ---D | C] -- C:\Windows\Corel[2012/06/12 15:58:57 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Roaming\Share-to-Web Upload Folder[2012/06/12 15:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard[2012/06/12 15:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard[1 C:\Users\Denny\Desktop\*.tmp files -> C:\Users\Denny\Desktop\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2012/06/25 19:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2012/06/25 18:53:52 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/06/25 18:53:52 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/06/25 18:51:38 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/06/25 18:51:38 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/06/25 18:51:38 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/06/25 18:46:12 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/06/25 18:46:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/06/25 18:46:08 | 2299,416,576 | -HS- | M] () -- C:\hiberfil.sys[2012/06/25 17:46:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2967278288-68288702-3490197205-1001UA.job[2012/06/25 14:25:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/06/25 10:39:46 | 100,686,497 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm[2012/06/23 18:46:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2967278288-68288702-3490197205-1001Core.job[2012/06/21 15:17:29 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk[2012/06/21 15:09:12 | 000,042,722 | ---- | M] () -- C:\Users\Denny\Desktop\Snapshot_20120621_3.JPG[2012/06/21 15:08:20 | 000,041,227 | ---- | M] () -- C:\Users\Denny\Desktop\Snapshot_20120621_2.JPG[2012/06/21 15:07:56 | 000,041,035 | ---- | M] () -- C:\Users\Denny\Desktop\Snapshot_20120621_1.JPG[2012/06/21 15:07:26 | 000,039,798 | ---- | M] () -- C:\Users\Denny\Desktop\Snapshot_20120621.JPG[2012/06/19 17:58:25 | 000,303,465 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm[2012/06/18 22:20:00 | 000,084,809 | ---- | M] () -- C:\Users\Denny\Desktop\HD_Signature_menu.pdf[2012/06/18 22:09:16 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk[2012/06/14 17:41:01 | 000,000,992 | ---- | M] () -- C:\user.js[2012/06/14 17:40:19 | 000,001,049 | ---- | M] () -- C:\Users\Denny\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk[2012/06/14 17:40:19 | 000,001,025 | ---- | M] () -- C:\Users\Denny\Desktop\FLV Player.lnk[2012/06/14 09:41:42 | 000,482,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2012/06/12 21:48:06 | 000,002,401 | ---- | M] () -- C:\Users\Denny\Desktop\Google Chrome.lnk[2012/06/12 16:07:27 | 000,001,116 | ---- | M] () -- C:\Users\Denny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Corel Print Office Registration.lnk[2012/06/12 16:07:16 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\COREL.COM.LNK[2012/06/12 16:05:07 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp9AA91.FOT[2012/06/12 16:05:07 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp7EA91.FOT[2012/06/12 16:05:07 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp52B91.FOT[2012/06/12 16:05:07 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp37B91.FOT[2012/06/12 16:05:06 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpFB991.FOT[2012/06/12 16:05:06 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp23991.FOT[2012/06/06 13:27:30 | 000,065,592 | ---- | M] () -- C:\Users\Denny\Desktop\confirmation.pdf[2012/05/30 22:46:36 | 000,254,678 | ---- | M] () -- C:\Users\Denny\Desktop\CVDenisRyan.pdf[2012/05/30 22:07:54 | 000,066,603 | ---- | M] () -- C:\Users\Denny\Desktop\boi may.PNG[1 C:\Users\Denny\Desktop\*.tmp files -> C:\Users\Denny\Desktop\*.tmp -> ]========== Files Created - No Company Name ==========[2012/06/21 22:35:24 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2012/06/21 19:49:37 | 000,042,722 | ---- | C] () -- C:\Users\Denny\Desktop\Snapshot_20120621_3.JPG[2012/06/21 19:49:21 | 000,041,227 | ---- | C] () -- C:\Users\Denny\Desktop\Snapshot_20120621_2.JPG[2012/06/21 19:49:05 | 000,041,035 | ---- | C] () -- C:\Users\Denny\Desktop\Snapshot_20120621_1.JPG[2012/06/21 19:48:48 | 000,039,798 | ---- | C] () -- C:\Users\Denny\Desktop\Snapshot_20120621.JPG[2012/06/18 22:20:06 | 000,084,809 | ---- | C] () -- C:\Users\Denny\Desktop\HD_Signature_menu.pdf[2012/06/18 22:09:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk[2012/06/18 22:09:16 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk[2012/06/14 17:40:19 | 000,001,049 | ---- | C] () -- C:\Users\Denny\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk[2012/06/14 17:40:19 | 000,001,025 | ---- | C] () -- C:\Users\Denny\Desktop\FLV Player.lnk[2012/06/14 17:32:37 | 000,000,992 | ---- | C] () -- C:\user.js[2012/06/12 16:07:27 | 000,001,116 | ---- | C] () -- C:\Users\Denny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Corel Print Office Registration.lnk[2012/06/12 16:07:16 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\COREL.COM.LNK[2012/06/12 16:05:28 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\sh33w32.dll[2012/06/12 16:05:07 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp9AA91.FOT[2012/06/12 16:05:07 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp7EA91.FOT[2012/06/12 16:05:07 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp52B91.FOT[2012/06/12 16:05:07 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp37B91.FOT[2012/06/12 16:05:06 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpFB991.FOT[2012/06/12 16:05:06 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp23991.FOT[2012/06/06 13:27:29 | 000,065,592 | ---- | C] () -- C:\Users\Denny\Desktop\confirmation.pdf[2012/05/30 22:46:34 | 000,254,678 | ---- | C] () -- C:\Users\Denny\Desktop\CVDenisRyan.pdf[2012/05/30 22:07:54 | 000,066,603 | ---- | C] () -- C:\Users\Denny\Desktop\boi may.PNG[2011/11/14 17:16:27 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin[2011/11/14 04:32:19 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\mdvrmng.sys[2011/10/06 16:23:03 | 000,153,834 | ---- | C] () -- C:\Users\Denny\DenisRyanCV.Hosp.pdf[2011/08/01 16:14:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat[2011/04/01 12:09:12 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin[2011/04/01 12:09:11 | 000,214,760 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin[2011/04/01 12:09:11 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin[2011/04/01 12:09:11 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll[2011/04/01 12:09:10 | 013,355,008 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll[2011/03/09 14:08:03 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe[2011/03/09 13:09:26 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll========== LOP Check ==========[2012/01/19 19:41:40 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\AVG2012[2012/06/14 17:40:22 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\Babylon[2011/11/14 04:32:37 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\Birdstep Technology[2011/11/14 23:32:11 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\Blackberry Desktop[2011/08/03 14:26:38 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\PowerCinema[2011/11/16 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\Research In Motion[2012/01/24 10:29:53 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\Thunderbird[2011/12/13 02:53:05 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\Windows Live Writer[2012/06/24 22:06:46 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT========== Purity Check ==================== Alternate Data Streams ==========@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8173A019@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:798A3728< End of report > Link to post Share on other sites More sharing options...
denny222 Posted June 25, 2012 Author ID:564221 Share Posted June 25, 2012 OTL Extras logfile created on: 25/06/2012 19:07:09 - Run 1OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Denny\Downloads64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy2.86 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 51.91% Memory free5.71 Gb Paging File | 3.74 Gb Available in Paging File | 65.55% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 281.99 Gb Total Space | 227.97 Gb Free Space | 80.84% Space Free | Partition Type: NTFSComputer Name: DENNY-PC | User Name: Denny | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 164bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1========== Authorized Applications List ==================== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0900FD42-3BD2-4B47-BCA6-D15FD1B3D129}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{1A6FD6DC-8003-4F9B-B241-9BB86613A159}" = rport=445 | protocol=6 | dir=out | app=system | "{26FD1129-463E-4D14-870A-76EA44665365}" = lport=10243 | protocol=6 | dir=in | app=system | "{3BF1BCB8-A5CB-45C1-86F7-246882CEC326}" = lport=138 | protocol=17 | dir=in | app=system | "{3D3EB320-012F-4D20-A8F7-6C4918FD8BAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4A70D3F9-6F7B-417B-99E7-2541D9282EDA}" = rport=139 | protocol=6 | dir=out | app=system | "{517D681E-C576-4E18-AB1B-ABA00DC0F2D0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5CE859B6-DCAF-40E7-8A7E-41C7D51EE9A8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{6368CB19-4581-4D25-AE5F-EDF3BBF18C39}" = rport=137 | protocol=17 | dir=out | app=system | "{69147234-18D5-49C1-A3B4-62B6D9C5E7D6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{6F4E13B9-6500-4522-AABE-45CD376C6548}" = lport=445 | protocol=6 | dir=in | app=system | "{799DB135-CFF2-4886-9278-80E9AB1F20B3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{83A31D19-5698-40FF-B68B-145179B82DFA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{85B475D8-EB80-4F80-895E-7233E3C8D156}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{955E801D-968F-4A09-B4C5-D4EB3D797377}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A695BCFF-6A81-4397-AABC-4F1759D1968D}" = rport=10243 | protocol=6 | dir=out | app=system | "{BA7881DD-10AC-4D10-8DCA-29CAEC4F6B04}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C14134FE-8F80-43C8-AB19-D39143173965}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C458F18D-315E-461A-8E55-65FBED105E1E}" = lport=139 | protocol=6 | dir=in | app=system | "{D316EA35-D558-4C39-BA49-BB573FF87742}" = lport=137 | protocol=17 | dir=in | app=system | "{DAF8DEF4-1A36-4759-BBD1-D5A0E9C7F3ED}" = lport=2869 | protocol=6 | dir=in | app=system | "{EA44F943-E28C-40DC-8E72-865CF7815556}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EF0941DE-CAE5-4FE1-9AB5-D422E125B334}" = rport=138 | protocol=17 | dir=out | app=system | "{FE4C2571-BC74-416B-B00B-294F84A0A712}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0236CFA1-0E3F-4DDC-83B9-68B4521B07CE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | "{054F749F-C550-426A-8381-93DB68CFF2F7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{0B098876-92BF-437A-BAF3-2A2B525D3CB7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{0EB4617C-AF90-4EF1-9FBF-D5911A4477A8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{1BE58732-BA26-45E0-8F3D-30930A16821E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{202C8A99-AC4C-442A-8FCF-4344AF150BBA}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | "{26AFB074-08C7-44AB-B9E8-081FB0CC7DD4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{31AB5280-465A-49C1-AD07-43730B853B66}" = protocol=17 | dir=in | app=c:\users\denny\appdata\local\google\chrome\application\chrome.exe | "{31DC2C8B-3C41-4615-BC82-0145E36D5C79}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{35F7232C-0EFA-41EB-A77F-0935AC294F07}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{3A0E56D0-9A45-4B79-927A-4D4B263CB22E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{43B00C77-324F-4805-AE28-A6C9F2C5B0F1}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\clml\clmlsvc.exe | "{455968C2-BADF-4FB6-BD6D-D658E32BE64A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4624DE0F-4D22-4021-87C5-BC03DC0CFA64}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{46437BA4-2D01-40FD-88AB-35016DB69598}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{494020DE-61CC-4841-83BD-3E27E0EA258C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{50228DE9-9698-47F3-B973-7F36A73CD018}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | "{559CF663-8657-41DD-93EA-76217EA0AE34}" = protocol=6 | dir=in | app=c:\users\denny\appdata\local\google\chrome\application\chrome.exe | "{577E9C86-E36D-4E5A-AF73-52BFF301C43C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | "{5F783640-AE4D-4BDF-99B5-FE14868BDD87}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5FBBEA9E-2ED2-47A7-8218-5271ACAE2EAF}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe | "{652C6452-420C-4749-A9F8-4EBA55679C1E}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe | "{6D1BA6B1-7225-4976-9224-6809CC46C941}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{7155F3E3-D4D5-4788-90B8-FA87AEDB4252}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | "{7245A5D7-2496-4ADF-9CC7-E6B509E927BB}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe | "{78B75612-6D30-4EC5-A1FE-FAFE5789AAC2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{7EF1E4D8-13F5-4517-A503-9470D67FEA74}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{7F156120-5AE2-407B-B591-D3A8ABEF4C49}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{87508789-A604-42EB-9EC5-E9BE8D09FCDB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{87AE67E0-5662-4603-B8CB-54703BBF0EF8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9563D016-02AA-42DA-9C2E-6C1CD414F558}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | "{9AE63463-C6C9-4E41-9553-524D907FF6E1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9F783A35-799D-448E-8519-DBB8BD17C9E2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{AC1DF967-653A-4741-86C8-0314E941EA54}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{B6847A73-553F-4292-8894-13CB0A39E106}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | "{B73585C1-7203-4BEF-8634-EBCBA7AA14B5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{BC424157-8510-47E5-9550-44362E04A2C9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{BE21B830-098B-4C1E-BDCD-56AF0A6B18CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C106D0FC-6295-4BD7-B1EA-92AE2B3B0D98}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C630E213-0AA1-4418-BE44-CFA360E75B21}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{C6D48AA1-A21E-4AF9-80EF-063AF914C518}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | "{C9341BF1-BF59-4637-88DC-36BC23D6DF3E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | "{CA3E6262-971E-45D9-9EE5-EF3FADEC17F3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | "{CC488007-F00E-47A8-BCC5-FFD8E338C9A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D65A199B-FD69-4608-AB0D-D68C9F2BD660}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{D76C41A5-6A66-4A49-9BAD-DE2E66BC8A8E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D88FAB38-4C3C-4CD2-8512-4358601308A2}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | "{E2A4DB45-F543-411C-BCD3-2DA679C4F2E7}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe | "{E319D38E-48E4-47A9-BBEA-A10C0B03E9F6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{EA615B39-8689-44AD-A022-492D54D9A4DD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{EC649796-05FA-4997-A9B4-DEE5836B0F7E}" = protocol=6 | dir=out | app=system | "{ECCFFABB-60BB-4EF9-BA83-84C5F287B0E3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{ED8E296E-5B58-46D6-BCD5-C4A185A4A8A1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{F88A7447-91F6-4C94-B487-F2029069FB99}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{FFD16A42-F3B6-43E9-8B71-B785A3BC1B5C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.442"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources"{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources"{8F7F2D9C-2DBE-4F10-9C7C-2724110A3339}" = Windows Live Remote Service Resources"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources"{A6E0F6BE-30AC-4D36-97B0-1AC20E23CB83}" = Windows Live Remote Client Resources"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources"AVG" = AVG 2012"CCleaner" = CCleaner"CNXT_AUDIO_HDA" = Conexant HD Audio"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"SynTPDeinstKey" = Synaptics Pointing Device Driver[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar"{120C160F-F53D-4A15-A873-E79BF5B98B48}" = Windows Live Photo Common"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{20381A8A-808E-4A53-B6CD-AD2B85E16365}" = Windows Live UX Platform Language Pack"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack"{226F0D93-76DE-4F1C-B14D-DE10443ADB60}" = Windows Live Movie Maker"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaEspresso"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack"{4D7BAC8A-51B8-4243-8567-1415C4272D13}" = Windows Live Writer"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár"{72FD5F2E-1F7A-4E9B-8838-29E842E178CD}" = PC Suite"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources"{7D99B933-E29C-4599-92F0-DAED2AF041E3}" = Windows Live Essentials"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112623650}" = Belles Beauty Boutique"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}" = World of Goo"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117897550}" = 1912 Titanic Mystery"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117932650}" = Sprill and Ritchie"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118399487}" = Farm Frenzy 3 Ice Age"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery"{86F444A5-C9B9-41DC-AF28-B5E46F5497C7}" = Windows Live Argazki Galeria"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{8E285C75-9BE2-4349-972B-DECDDF472656}" = Windows Live Writer Resources"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{93C4B7D5-4E00-491F-BA3E-25B7B63EE7F6}" = Windows Live Mail"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker"{9E2C5B0E-7A2D-4767-A9B2-77469FB1873A}" = Windows Live Mesh"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common"{C97623E2-0614-4845-B199-8E8BEC8E131C}_is1" = Acer GameZone Console"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials"{F13587F7-AA4C-4C2E-AE7D-F33F3CCE57A9}" = Windows Live Messenger"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources"{F53A49E6-9FB1-4A5A-B1D9-82BA116196B7}" = Acer USB Charge Manager"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live"{FCBC19F7-E068-4B7A-ACBB-CE9CCEB4B21F}" = Windows Live Messenger"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker"Acer Registration" = Acer Registration"Acer Screensaver" = Acer ScreenSaver"Acer Welcome Center" = Welcome Center"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Adobe Photoshop 7.0" = Adobe Photoshop 7.0"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1"Corel Applications" = Corel Applications"Identity Card" = Identity Card"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9"LManager" = Launch Manager"McAfee Security Scan" = McAfee Security Scan Plus"Mozilla Firefox 8.0.1 (x86 en-GB)" = Mozilla Firefox 8.0.1 (x86 en-GB)"Office14.PROPLUS" = Microsoft Office Professional Plus 2010"Picasa 3" = Picasa 3"VLC media player" = VLC media player 1.1.10"WinGimp-2.0_is1" = GIMP 2.6.11"WinLiveSuite" = Windows Live Essentials"WinRAR archiver" = WinRAR 4.01 (32-bit)"ZTE_1.2059.0.8" = ZTE_1.2059.0.8========== HKEY_USERS Uninstall List ==========[HKEY_USERS\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"FLV Player" = FLV Player"Google Chrome" = Google Chrome========== Last 20 Event Log Errors ==========[ Application Events ]Error - 30/04/2012 17:03:43 | Computer Name = Denny-PC | Source = Software Protection Platform Service | ID = 8200Description = License acquisition failure details. hr=0x80072F8FError - 30/04/2012 17:03:43 | Computer Name = Denny-PC | Source = Software Protection Platform Service | ID = 8208Description = Acquisition of genuine ticket failed (hr=0x80072F8F) for template Id 66c92734-d682-4d71-983e-d6ec3f16059fError - 02/05/2012 15:29:38 | Computer Name = Denny-PC | Source = SideBySide | ID = 16842815Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.Error - 07/05/2012 11:56:10 | Computer Name = Denny-PC | Source = SideBySide | ID = 16842815Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.Error - 08/05/2012 14:37:33 | Computer Name = Denny-PC | Source = SideBySide | ID = 16842815Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.Error - 09/05/2012 12:47:31 | Computer Name = Denny-PC | Source = Application Error | ID = 1000Description = Faulting application name: chrome.exe, version: 18.0.1025.168, time stamp: 0x4f9b3c24 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005 Fault offset: 0x37383532 Faulting process id: 0x1238 Faulting application start time: 0x01cd2e03696cbb51 Faulting application path: C:\Users\Denny\AppData\Local\Google\Chrome\Application\chrome.exeFaulting module path: unknown Report Id: aaa63612-99f6-11e1-95c2-1c7508fe3e89Error - 15/05/2012 13:35:26 | Computer Name = Denny-PC | Source = RasClient | ID = 20227Description = Error - 22/05/2012 07:13:23 | Computer Name = Denny-PC | Source = .NET Runtime | ID = 1023Description = Error - 22/05/2012 07:13:24 | Computer Name = Denny-PC | Source = Application Error | ID = 1000Description = Faulting application name: chrome.exe, version: 19.0.1084.46, time stamp: 0x4fa9ca08 Faulting module name: coreclr.dll, version: 4.1.10329.0, time stamp: 0x4f740d41 Exception code: 0x8013150a Fault offset: 0x0013d2a6 Faulting process id: 0xbc0 Faulting application start time: 0x01cd380b8bf900b2 Faulting application path: C:\Users\Denny\AppData\Local\Google\Chrome\Application\chrome.exe Faulting module path: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\coreclr.dllReport Id: 251a9123-a3ff-11e1-abe7-1c7508fe3e89Error - 22/05/2012 08:02:29 | Computer Name = Denny-PC | Source = SideBySide | ID = 16842815Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.[ System Events ]Error - 25/06/2012 12:44:53 | Computer Name = Denny-PC | Source = Service Control Manager | ID = 7000Description = The CxAudMsg service failed to start due to the following error: %%2Error - 25/06/2012 12:45:25 | Computer Name = Denny-PC | Source = Service Control Manager | ID = 7009Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.Error - 25/06/2012 13:30:22 | Computer Name = Denny-PC | Source = Application Popup | ID = 1060Description = \??\C:\Windows\SysWow64\drivers\mdvrmng.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Error - 25/06/2012 13:30:22 | Computer Name = Denny-PC | Source = Service Control Manager | ID = 7000Description = The Mobile IP Route Manager service failed to start due to the following error: %%1275Error - 25/06/2012 13:30:23 | Computer Name = Denny-PC | Source = Service Control Manager | ID = 7000Description = The CxAudMsg service failed to start due to the following error: %%2Error - 25/06/2012 13:30:53 | Computer Name = Denny-PC | Source = Service Control Manager | ID = 7009Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.Error - 25/06/2012 13:46:10 | Computer Name = Denny-PC | Source = Application Popup | ID = 1060Description = \??\C:\Windows\SysWow64\drivers\mdvrmng.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Error - 25/06/2012 13:46:10 | Computer Name = Denny-PC | Source = Service Control Manager | ID = 7000Description = The Mobile IP Route Manager service failed to start due to the following error: %%1275Error - 25/06/2012 13:46:11 | Computer Name = Denny-PC | Source = Service Control Manager | ID = 7000Description = The CxAudMsg service failed to start due to the following error: %%2Error - 25/06/2012 13:46:41 | Computer Name = Denny-PC | Source = Service Control Manager | ID = 7009Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.< End of report > Link to post Share on other sites More sharing options...
MrCharlie Posted June 25, 2012 ID:564238 Share Posted June 25, 2012 Welcome to the forum.Can I 'paste the following' as per Maniacs post into my 'Custom Scan/Fixes'?No you can't use that, every system is different.See what you can remove manually first.....Following this guide usually works:http://deletemalware...tall-guide.htmlDon't download any of the scanners they recommend!When done, reboot and run a fresh OTL scan, post it and we'll clean up the rest of it.MrC Link to post Share on other sites More sharing options...
denny222 Posted June 26, 2012 Author ID:564432 Share Posted June 26, 2012 Hello Charlie, sound man for the repy. I thought this thread was deleted a while ago (probably searchnu messing with me!), started a new post http://forums.malwarebytes.org/index.php?showtopic=111667&hl=&fromsearch=1Basically I followed those instructions, still comes up as first tab in Chrome though.Here's my otl.txt:OTL logfile created on: 26/06/2012 12:04:10 - Run 2OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Denny\Downloads64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy2.86 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 43.35% Memory free5.71 Gb Paging File | 3.83 Gb Available in Paging File | 67.10% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 281.99 Gb Total Space | 227.95 Gb Free Space | 80.84% Space Free | Partition Type: NTFSComputer Name: DENNY-PC | User Name: Denny | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/06/25 18:53:52 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Denny\Downloads\OTL.exePRC - [2012/06/14 14:34:32 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exePRC - [2012/06/14 14:34:30 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exePRC - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exePRC - [2012/05/08 15:15:02 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exePRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exePRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exePRC - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exePRC - [2011/03/14 12:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exePRC - [2011/03/14 12:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exePRC - [2011/03/14 12:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exePRC - [2011/03/14 12:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exePRC - [2011/02/15 20:36:10 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exePRC - [2011/02/15 20:35:34 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exePRC - [2011/01/31 22:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exePRC - [2011/01/13 03:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exePRC - [2010/12/29 14:56:22 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exePRC - [2010/12/29 14:56:18 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exePRC - [2010/12/27 09:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exePRC - [2010/12/09 22:25:22 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exePRC - [2010/10/05 23:46:10 | 000,704,104 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exePRC - [2010/09/28 04:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exePRC - [2010/09/18 01:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exePRC - [2010/09/18 01:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exePRC - [2010/04/27 03:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exePRC - [2010/01/30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exePRC - [2010/01/28 14:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exePRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exePRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exePRC - [2009/11/19 23:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exePRC - [2009/11/18 11:15:22 | 000,242,688 | ---- | M] () -- C:\Program Files (x86)\PC Suite\JoinMEAssistantServices.exePRC - [2009/03/10 19:50:18 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\PC Suite\JoinMEUIExec.exe========== Modules (No Company Name) ==========MOD - [2012/06/14 14:34:33 | 000,132,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dllMOD - [2012/06/14 14:34:30 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exeMOD - [2012/06/14 13:58:03 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dllMOD - [2012/06/14 09:46:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dllMOD - [2012/06/14 09:46:48 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dllMOD - [2012/06/07 09:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dllMOD - [2012/06/07 09:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dllMOD - [2012/06/07 09:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dllMOD - [2012/06/07 09:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dllMOD - [2012/06/07 09:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dllMOD - [2012/06/07 09:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dllMOD - [2012/06/07 09:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dllMOD - [2012/05/11 18:56:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dllMOD - [2012/05/11 18:54:41 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dllMOD - [2012/05/11 18:54:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dllMOD - [2012/05/11 18:54:31 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dllMOD - [2012/05/11 18:54:10 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dllMOD - [2011/02/15 20:37:10 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dllMOD - [2010/12/29 14:56:18 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exeMOD - [2010/12/29 14:56:16 | 000,210,312 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dllMOD - [2009/03/10 19:50:18 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\PC Suite\JoinMEUIExec.exe========== Win32 Services (SafeList) ==========SRV:64bit: - [2012/05/08 15:15:02 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)SRV:64bit: - [2011/02/22 21:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)SRV:64bit: - [2011/01/31 22:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)SRV:64bit: - [2010/09/23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2012/06/21 23:00:46 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2012/06/14 14:34:32 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)SRV - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)SRV - [2012/01/13 12:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)SRV - [2011/04/25 07:41:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)SRV - [2011/03/14 12:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)SRV - [2011/02/15 20:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)SRV - [2011/02/01 22:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®SRV - [2011/02/01 22:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®SRV - [2011/01/13 03:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®SRV - [2010/12/27 09:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)SRV - [2010/09/28 03:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2010/01/30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)SRV - [2010/01/28 14:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)SRV - [2009/11/18 11:15:22 | 000,242,688 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PC Suite\JoinMEAssistantServices.exe -- (JoinMEUI Assistant Service)SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)DRV:64bit: - [2011/03/27 00:19:50 | 012,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2011/03/17 08:10:48 | 001,584,256 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/03/09 14:38:30 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)DRV:64bit: - [2011/03/09 14:38:30 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)DRV:64bit: - [2011/03/09 14:38:30 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)DRV:64bit: - [2011/01/13 12:46:18 | 001,412,144 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)DRV:64bit: - [2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2011/01/12 09:10:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/08 05:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®DRV:64bit: - [2010/10/15 09:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®DRV:64bit: - [2010/09/30 06:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)DRV:64bit: - [2010/09/30 06:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)DRV:64bit: - [2010/07/09 04:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)DRV:64bit: - [2010/05/11 11:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)DRV:64bit: - [2010/04/20 03:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)DRV:64bit: - [2010/01/19 12:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)DRV:64bit: - [2010/01/19 12:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)DRV:64bit: - [2010/01/19 12:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)DRV:64bit: - [2010/01/19 12:49:52 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)DRV:64bit: - [2009/12/31 14:36:24 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zgwhsnmea.sys -- (zgwhsnmea)DRV:64bit: - [2009/12/31 14:36:20 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zgwhsmdm.sys -- (zgwhsmdm)DRV:64bit: - [2009/12/31 14:36:16 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zgwhsdiag.sys -- (zgwhsdiag)DRV:64bit: - [2009/11/18 11:39:50 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)DRV:64bit: - [2008/05/20 20:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)DRV:64bit: - [2007/05/01 04:00:00 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)DRV - [2010/01/28 14:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\mdvrmng.sys -- (mdvrmng)DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.comIE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.comIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBoxIE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.comIE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBoxIE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.comIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ieIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ieIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ieIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ieIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\SearchScopes\{17B68CFB-29C2-4EAD-AA10-FDEB5383E062}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searc}IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Search Results"FF - prefs.js..browser.search.order.1: "Search Results"FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "http://www.google.com/"FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="FF - prefs.js..network.proxy.type: 0FF - user.js..browser.startup.homepage: "http://www.google.com/"FF - user.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="FF - user.js..browser.search.selectedEngine: "Google"FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Denny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Denny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/06/14 17:32:30 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/21 15:17:29 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/22 23:04:04 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/06/14 14:34:37 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/16 18:24:25 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/06/14 17:32:30 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/21 17:58:09 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins[2012/06/14 17:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denny\AppData\Roaming\Mozilla\Extensions[2012/06/26 11:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\vabb7f6c.default\extensions[2012/06/14 17:45:44 | 000,002,519 | ---- | M] () -- C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\vabb7f6c.default\searchplugins\Search_Results.xml[2012/06/14 17:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2012/02/05 22:47:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}[2012/06/14 17:40:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com[2012/06/14 17:32:30 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX[2012/06/14 14:34:37 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7[2011/12/21 17:58:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll[2011/12/21 17:58:06 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml[2012/06/14 14:34:30 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml[2012/06/14 17:40:45 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml[2011/12/21 17:58:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml[2011/12/21 17:58:06 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml[2011/12/21 17:58:06 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml[2012/06/14 17:45:44 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml[2011/12/21 17:58:06 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml========== Chrome ==========CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dllCHR - plugin: Shockwave Flash (Disabled) = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dllCHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dllCHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dllCHR - plugin: Skype Toolbars (Enabled) = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLLCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLLCHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dllCHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllCHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dllCHR - Extension: YouTube = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\CHR - Extension: Google Search = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\CHR - Extension: Web Assistant = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.442_0\CHR - Extension: SiteAdvisor = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\CHR - Extension: AdBlock = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.36_0\CHR - Extension: Earth = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jieopfhnlbjmbpckpdhfdedccdmngdac\1.5_0\CHR - Extension: Skype Click to Call = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\CHR - Extension: AVG Do Not Track = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\CHR - Extension: Evernote Web Clipper = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.5_1\CHR - Extension: Gmail = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)O3:64bit: - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)O4 - HKLM..\Run: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)O4 - HKLM..\Run: [JoinMEUIExec] C:\Program Files (x86)\PC Suite\JoinMEUIExec.exe ()O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not foundO8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2ADFB0D5-C8BF-45CC-A3E0-F1873182E31A}: DhcpNameServer = 192.168.1.1 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7004B3CA-E164-4EAC-8FC6-74F9604EA488}: DhcpNameServer = 192.168.1.254O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value foundO18:64bit: - Protocol\Handler\viprotocol - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O33 - MountPoints2\{0f64ab74-b61d-11e1-a004-1c7508fe3e89}\Shell - "" = AutoRunO33 - MountPoints2\{0f64ab74-b61d-11e1-a004-1c7508fe3e89}\Shell\AutoRun\command - "" = E:\AutoRun.exeO33 - MountPoints2\{126f3f05-0e70-11e1-a6a2-1c7508fe3e89}\Shell - "" = AutoRunO33 - MountPoints2\{126f3f05-0e70-11e1-a6a2-1c7508fe3e89}\Shell\AutoRun\command - "" = F:\AutoRun.exeO33 - MountPoints2\{7a9bdb28-b55a-11e1-a02d-1c7508fe3e89}\Shell - "" = AutoRunO33 - MountPoints2\{7a9bdb28-b55a-11e1-a02d-1c7508fe3e89}\Shell\AutoRun\command - "" = E:\AutoRun.exeO33 - MountPoints2\{7a9bdb2a-b55a-11e1-a02d-1c7508fe3e89}\Shell - "" = AutoRunO33 - MountPoints2\{7a9bdb2a-b55a-11e1-a02d-1c7508fe3e89}\Shell\AutoRun\command - "" = E:\AutoRun.exeO33 - MountPoints2\{fd50b2f1-bbb0-11e1-abdd-1c7508fe3e89}\Shell - "" = AutoRunO33 - MountPoints2\{fd50b2f1-bbb0-11e1-abdd-1c7508fe3e89}\Shell\AutoRun\command - "" = E:\AutoRun.exeO33 - MountPoints2\E\Shell - "" = AutoRunO33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exeO33 - MountPoints2\F\Shell - "" = AutoRunO33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exeO34 - HKLM BootExecute: (autocheck autochk *)O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2012/06/26 11:24:05 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Roaming\ParetoLogic[2012/06/26 11:24:05 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Roaming\DriverCure[2012/06/26 11:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic[2012/06/21 22:37:34 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Local\Macromedia[2012/06/21 22:35:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed[2012/06/21 15:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG[2012/06/14 17:40:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo[2012/06/14 17:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer[2012/06/14 17:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon[2012/06/14 17:40:22 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Roaming\Babylon[2012/06/14 17:40:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLVPlayer[2012/06/14 17:40:19 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player[2012/06/14 17:32:53 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Local\AVG Secure Search[2012/06/14 17:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant[2012/06/14 17:31:07 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Local\Ilivid Player[2012/06/14 17:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess[2012/06/12 16:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems[2012/06/12 16:05:27 | 000,000,000 | ---D | C] -- C:\My Pictures[2012/06/12 16:01:54 | 000,000,000 | ---D | C] -- C:\Windows\Corel[2012/06/12 15:58:57 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Roaming\Share-to-Web Upload Folder[2012/06/12 15:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard[2012/06/12 15:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard[1 C:\Users\Denny\Desktop\*.tmp files -> C:\Users\Denny\Desktop\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2012/06/26 12:10:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/06/26 12:10:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/06/26 12:08:56 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/06/26 12:08:56 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/06/26 12:08:56 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/06/26 12:03:06 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/06/26 12:02:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/06/26 12:02:57 | 2299,416,576 | -HS- | M] () -- C:\hiberfil.sys[2012/06/26 12:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2012/06/26 11:46:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2967278288-68288702-3490197205-1001UA.job[2012/06/26 11:25:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/06/26 11:21:23 | 100,725,600 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm[2012/06/23 18:46:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2967278288-68288702-3490197205-1001Core.job[2012/06/21 15:17:29 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk[2012/06/21 15:09:12 | 000,042,722 | ---- | M] () -- C:\Users\Denny\Desktop\Snapshot_20120621_3.JPG[2012/06/21 15:08:20 | 000,041,227 | ---- | M] () -- C:\Users\Denny\Desktop\Snapshot_20120621_2.JPG[2012/06/21 15:07:56 | 000,041,035 | ---- | M] () -- C:\Users\Denny\Desktop\Snapshot_20120621_1.JPG[2012/06/21 15:07:26 | 000,039,798 | ---- | M] () -- C:\Users\Denny\Desktop\Snapshot_20120621.JPG[2012/06/19 17:58:25 | 000,303,465 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm[2012/06/18 22:20:00 | 000,084,809 | ---- | M] () -- C:\Users\Denny\Desktop\HD_Signature_menu.pdf[2012/06/18 22:09:16 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk[2012/06/14 17:41:01 | 000,000,992 | ---- | M] () -- C:\user.js[2012/06/14 17:40:19 | 000,001,049 | ---- | M] () -- C:\Users\Denny\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk[2012/06/14 17:40:19 | 000,001,025 | ---- | M] () -- C:\Users\Denny\Desktop\FLV Player.lnk[2012/06/14 09:41:42 | 000,482,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2012/06/12 21:48:06 | 000,002,401 | ---- | M] () -- C:\Users\Denny\Desktop\Google Chrome.lnk[2012/06/12 16:05:07 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp9AA91.FOT[2012/06/12 16:05:07 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp7EA91.FOT[2012/06/12 16:05:07 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp52B91.FOT[2012/06/12 16:05:07 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp37B91.FOT[2012/06/12 16:05:06 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpFB991.FOT[2012/06/12 16:05:06 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp23991.FOT[2012/06/06 13:27:30 | 000,065,592 | ---- | M] () -- C:\Users\Denny\Desktop\confirmation.pdf[2012/05/30 22:46:36 | 000,254,678 | ---- | M] () -- C:\Users\Denny\Desktop\CVDenisRyan.pdf[2012/05/30 22:07:54 | 000,066,603 | ---- | M] () -- C:\Users\Denny\Desktop\boi may.PNG[1 C:\Users\Denny\Desktop\*.tmp files -> C:\Users\Denny\Desktop\*.tmp -> ]========== Files Created - No Company Name ==========[2012/06/21 22:35:24 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2012/06/21 19:49:37 | 000,042,722 | ---- | C] () -- C:\Users\Denny\Desktop\Snapshot_20120621_3.JPG[2012/06/21 19:49:21 | 000,041,227 | ---- | C] () -- C:\Users\Denny\Desktop\Snapshot_20120621_2.JPG[2012/06/21 19:49:05 | 000,041,035 | ---- | C] () -- C:\Users\Denny\Desktop\Snapshot_20120621_1.JPG[2012/06/21 19:48:48 | 000,039,798 | ---- | C] () -- C:\Users\Denny\Desktop\Snapshot_20120621.JPG[2012/06/18 22:20:06 | 000,084,809 | ---- | C] () -- C:\Users\Denny\Desktop\HD_Signature_menu.pdf[2012/06/18 22:09:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk[2012/06/18 22:09:16 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk[2012/06/14 17:40:19 | 000,001,049 | ---- | C] () -- C:\Users\Denny\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk[2012/06/14 17:40:19 | 000,001,025 | ---- | C] () -- C:\Users\Denny\Desktop\FLV Player.lnk[2012/06/14 17:32:37 | 000,000,992 | ---- | C] () -- C:\user.js[2012/06/12 16:05:28 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\sh33w32.dll[2012/06/12 16:05:07 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp9AA91.FOT[2012/06/12 16:05:07 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp7EA91.FOT[2012/06/12 16:05:07 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp52B91.FOT[2012/06/12 16:05:07 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp37B91.FOT[2012/06/12 16:05:06 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpFB991.FOT[2012/06/12 16:05:06 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp23991.FOT[2012/06/06 13:27:29 | 000,065,592 | ---- | C] () -- C:\Users\Denny\Desktop\confirmation.pdf[2012/05/30 22:46:34 | 000,254,678 | ---- | C] () -- C:\Users\Denny\Desktop\CVDenisRyan.pdf[2012/05/30 22:07:54 | 000,066,603 | ---- | C] () -- C:\Users\Denny\Desktop\boi may.PNG[2011/11/14 17:16:27 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin[2011/11/14 04:32:19 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\mdvrmng.sys[2011/10/06 16:23:03 | 000,153,834 | ---- | C] () -- C:\Users\Denny\DenisRyanCV.Hosp.pdf[2011/08/01 16:14:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat[2011/04/01 12:09:12 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin[2011/04/01 12:09:11 | 000,214,760 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin[2011/04/01 12:09:11 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin[2011/04/01 12:09:11 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll[2011/04/01 12:09:10 | 013,355,008 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll[2011/03/09 14:08:03 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe[2011/03/09 13:09:26 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll========== LOP Check ==========[2012/01/19 19:41:40 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\AVG2012[2012/06/14 17:40:22 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\Babylon[2011/11/14 04:32:37 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\Birdstep Technology[2011/11/14 23:32:11 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\Blackberry Desktop[2012/06/26 11:24:05 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\DriverCure[2012/06/26 11:24:05 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\ParetoLogic[2011/08/03 14:26:38 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\PowerCinema[2011/11/16 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\Research In Motion[2012/01/24 10:29:53 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\Thunderbird[2011/12/13 02:53:05 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\Windows Live Writer[2012/06/24 22:06:46 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT========== Purity Check ==================== Alternate Data Streams ==========@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8173A019@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:798A3728< End of report > Link to post Share on other sites More sharing options...
MrCharlie Posted June 26, 2012 ID:564454 Share Posted June 26, 2012 I see you also have Babylon on the system, is this something you installed and want?C:\Users\Denny\AppData\Local\Ilivid Player <---did you uninstall this?Please do this:Run OTLUnder the Custom Scans/Fixes box at the bottom, paste in the following :OTLFF - prefs.js..browser.search.defaultenginename: "Search Results"FF - prefs.js..browser.search.order.1: "Search Results"[2012/06/14 17:45:44 | 000,002,519 | ---- | M] () -- C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\vabb7f6c.default\searchplugins\Search_Results.xml[2012/06/14 17:45:44 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xmlO3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.O4 - HKLM..\Run: [] File not foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.:Commands[EMPTYJAVA][emptytemp]Then click the Run Fix button at the topLet the program run unhindered, when done it will say "Fix Complete press ok to open the log"Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.-----------------------------------------For Chrome they have to be changed manually as show in the link I gave you.Also copy and paste each one of these in Chromes address bar and hit enter to see a list of plugins and extensions.chrome:pluginschrome:extensionsLet me know, MrC Link to post Share on other sites More sharing options...
denny222 Posted June 26, 2012 Author ID:564517 Share Posted June 26, 2012 I thought I uninstalled both..I will give them a second look after I follow your instructions. Many thanks - will report back Link to post Share on other sites More sharing options...
denny222 Posted June 26, 2012 Author ID:564525 Share Posted June 26, 2012 It's still there!Ahhh!There isn't anything ominous showing up in extensions or plug-ins. Here's the file I got back after a reboot, after following your instructions. I uninstalled Babylon too in the mean time but Ilivid was defo uninstalled prior. All processes killed========== OTL ==========Prefs.js: "Search Results" removed from browser.search.defaultenginenamePrefs.js: "Search Results" removed from browser.search.order.1C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\vabb7f6c.default\searchplugins\Search_Results.xml moved successfully.C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.Registry value HKEY_USERS\S-1-5-21-2967278288-68288702-3490197205-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.========== COMMANDS ==========[EMPTYJAVA]User: All UsersUser: DefaultUser: Default UserUser: DennyUser: PublicTotal Java Files Cleaned = 0.00 mb[EMPTYTEMP]User: All UsersUser: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: Denny->Temp folder emptied: 2232971 bytes->Temporary Internet Files folder emptied: 295887 bytes->FireFox cache emptied: 47962534 bytes->Google Chrome cache emptied: 7894670 bytes->Flash cache emptied: 735 bytesUser: Public%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 147841187 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36045667 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 231.00 mbOTL by OldTimer - Version 3.2.53.0 log created on 06262012_181440Files\Folders moved on Reboot...C:\Users\Denny\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.C:\Users\Denny\AppData\Local\Temp\MMDUtl.log moved successfully.C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.File move failed. C:\Windows\temp\LMutilps.log scheduled to be moved on reboot.PendingFileRenameOperations files...File C:\Users\Denny\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!File C:\Users\Denny\AppData\Local\Temp\MMDUtl.log not found!File C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 not found!File C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 not found!File C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 not found!File C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 not found!File C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Cache\index not found![2012/06/26 18:16:44 | 001,492,339 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5[2012/06/26 18:16:43 | 001,631,983 | ---- | M] () C:\Windows\temp\LMutilps.log : Unable to obtain MD5Registry entries deleted on Reboot...Thank you for your time MrC.. Link to post Share on other sites More sharing options...
denny222 Posted June 26, 2012 Author ID:564539 Share Posted June 26, 2012 Just a few after thoughts - I believe it is gone from IE and Mozilla but it is still the first tab in Chrome. I uninstalled Ilivid but had Chrome open at the time - would this affect the process - I know I should have closed Chrome beforehand but it is gone now from my programmes and features in the Control Panel. Also, maybe if I reset my system to the day I mistakenly downloaded this garbage - it would get rid of it. Ireland V Spain at the Euro's is when it was - so can get that date no problem. Cheers. Link to post Share on other sites More sharing options...
MrCharlie Posted June 26, 2012 ID:564549 Share Posted June 26, 2012 Run another OTL scan and post the log, MrC Link to post Share on other sites More sharing options...
denny222 Posted June 26, 2012 Author ID:564556 Share Posted June 26, 2012 Here we go;OTL logfile created on: 26/06/2012 19:51:56 - Run 3OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Denny\Downloads64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy2.86 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 52.39% Memory free5.71 Gb Paging File | 3.99 Gb Available in Paging File | 69.85% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 281.99 Gb Total Space | 227.94 Gb Free Space | 80.83% Space Free | Partition Type: NTFSComputer Name: DENNY-PC | User Name: Denny | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/06/25 18:53:52 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Denny\Downloads\OTL.exePRC - [2012/06/14 14:34:32 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exePRC - [2012/06/14 14:34:30 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exePRC - [2012/05/08 15:15:02 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exePRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exePRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exePRC - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exePRC - [2011/03/14 12:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exePRC - [2011/03/14 12:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exePRC - [2011/03/14 12:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exePRC - [2011/03/14 12:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exePRC - [2011/02/15 20:36:10 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exePRC - [2011/02/15 20:35:34 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exePRC - [2011/02/01 22:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2011/02/01 22:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2011/01/31 22:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exePRC - [2011/01/13 03:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exePRC - [2011/01/13 03:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exePRC - [2010/12/29 14:56:22 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exePRC - [2010/12/29 14:56:18 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exePRC - [2010/12/27 09:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exePRC - [2010/12/09 22:25:22 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exePRC - [2010/10/05 23:46:10 | 000,704,104 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exePRC - [2010/09/28 04:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exePRC - [2010/09/18 01:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exePRC - [2010/09/18 01:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exePRC - [2010/04/27 03:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exePRC - [2010/01/30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exePRC - [2010/01/28 14:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exePRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exePRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exePRC - [2009/11/19 23:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exePRC - [2009/11/18 11:15:22 | 000,242,688 | ---- | M] () -- C:\Program Files (x86)\PC Suite\JoinMEAssistantServices.exePRC - [2009/03/10 19:50:18 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\PC Suite\JoinMEUIExec.exe========== Modules (No Company Name) ==========MOD - [2012/06/14 14:34:33 | 000,132,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dllMOD - [2012/06/14 14:34:30 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exeMOD - [2012/06/14 13:58:03 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dllMOD - [2012/06/14 09:46:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dllMOD - [2012/06/14 09:46:48 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dllMOD - [2012/06/07 09:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dllMOD - [2012/06/07 09:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dllMOD - [2012/06/07 09:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dllMOD - [2012/06/07 09:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dllMOD - [2012/06/07 09:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dllMOD - [2012/06/07 09:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dllMOD - [2012/06/07 09:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dllMOD - [2012/05/11 20:26:57 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dllMOD - [2012/05/11 18:56:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dllMOD - [2012/05/11 18:54:47 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dllMOD - [2012/05/11 18:54:41 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dllMOD - [2012/05/11 18:54:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dllMOD - [2012/05/11 18:54:31 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dllMOD - [2012/05/11 18:54:10 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dllMOD - [2011/02/15 20:37:10 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dllMOD - [2010/12/29 14:56:18 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exeMOD - [2010/12/29 14:56:16 | 000,210,312 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dllMOD - [2009/03/10 19:50:18 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\PC Suite\JoinMEUIExec.exe========== Win32 Services (SafeList) ==========SRV:64bit: - [2012/05/08 15:15:02 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)SRV:64bit: - [2011/02/22 21:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)SRV:64bit: - [2011/01/31 22:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)SRV:64bit: - [2010/09/23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2012/06/21 23:00:46 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2012/06/14 14:34:32 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)SRV - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)SRV - [2012/01/13 12:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)SRV - [2011/04/25 07:41:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)SRV - [2011/03/14 12:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)SRV - [2011/02/15 20:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)SRV - [2011/02/01 22:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®SRV - [2011/02/01 22:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®SRV - [2011/01/13 03:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®SRV - [2010/12/27 09:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)SRV - [2010/09/28 03:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2010/01/30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)SRV - [2010/01/28 14:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)SRV - [2009/11/18 11:15:22 | 000,242,688 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PC Suite\JoinMEAssistantServices.exe -- (JoinMEUI Assistant Service)SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)DRV:64bit: - [2011/03/27 00:19:50 | 012,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2011/03/17 08:10:48 | 001,584,256 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/03/09 14:38:30 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)DRV:64bit: - [2011/03/09 14:38:30 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)DRV:64bit: - [2011/03/09 14:38:30 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)DRV:64bit: - [2011/01/13 12:46:18 | 001,412,144 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)DRV:64bit: - [2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2011/01/12 09:10:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/08 05:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®DRV:64bit: - [2010/10/15 09:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®DRV:64bit: - [2010/09/30 06:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)DRV:64bit: - [2010/09/30 06:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)DRV:64bit: - [2010/07/09 04:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)DRV:64bit: - [2010/05/11 11:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)DRV:64bit: - [2010/04/20 03:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)DRV:64bit: - [2010/01/19 12:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)DRV:64bit: - [2010/01/19 12:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)DRV:64bit: - [2010/01/19 12:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)DRV:64bit: - [2010/01/19 12:49:52 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)DRV:64bit: - [2009/12/31 14:36:24 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zgwhsnmea.sys -- (zgwhsnmea)DRV:64bit: - [2009/12/31 14:36:20 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zgwhsmdm.sys -- (zgwhsmdm)DRV:64bit: - [2009/12/31 14:36:16 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zgwhsdiag.sys -- (zgwhsdiag)DRV:64bit: - [2009/11/18 11:39:50 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)DRV:64bit: - [2008/05/20 20:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)DRV:64bit: - [2007/05/01 04:00:00 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)DRV - [2010/01/28 14:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\mdvrmng.sys -- (mdvrmng)DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.comIE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.comIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBoxIE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.comIE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBoxIE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.comIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ieIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ieIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ieIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ieIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\SearchScopes\{17B68CFB-29C2-4EAD-AA10-FDEB5383E062}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searc}IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: ""FF - prefs.js..browser.search.order.1: ""FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "http://www.google.com/"FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="FF - prefs.js..network.proxy.type: 0FF - user.js..browser.startup.homepage: "http://www.google.com/"FF - user.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="FF - user.js..browser.search.selectedEngine: "Google"FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Denny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Denny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/06/14 17:32:30 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/21 15:17:29 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/22 23:04:04 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/06/14 14:34:37 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/16 18:24:25 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/06/14 17:32:30 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/21 17:58:09 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins[2012/06/14 17:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denny\AppData\Roaming\Mozilla\Extensions[2012/06/26 11:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\vabb7f6c.default\extensions[2012/06/14 17:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2012/02/05 22:47:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}[2012/06/14 17:40:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com[2012/06/14 17:32:30 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX[2012/06/14 14:34:37 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7[2011/12/21 17:58:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll[2011/12/21 17:58:06 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml[2012/06/14 14:34:30 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml[2012/06/14 17:40:45 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml[2011/12/21 17:58:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml[2011/12/21 17:58:06 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml[2011/12/21 17:58:06 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml[2011/12/21 17:58:06 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml========== Chrome ==========CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dllCHR - plugin: Shockwave Flash (Disabled) = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dllCHR - plugin: McAfee SiteAdvisor (Disabled) = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dllCHR - plugin: McAfee SiteAdvisor (Disabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dllCHR - plugin: Skype Toolbars (Enabled) = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dllCHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLLCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLLCHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dllCHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dllCHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllCHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dllCHR - Extension: YouTube = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\CHR - Extension: Google Search = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\CHR - Extension: Web Assistant = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.442_0\CHR - Extension: SiteAdvisor = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\CHR - Extension: AdBlock = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.36_0\CHR - Extension: Earth = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jieopfhnlbjmbpckpdhfdedccdmngdac\1.5_0\CHR - Extension: Skype Click to Call = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\CHR - Extension: AVG Do Not Track = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\CHR - Extension: Evernote Web Clipper = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.5_1\CHR - Extension: Gmail = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)O3:64bit: - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)O4 - HKLM..\Run: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)O4 - HKLM..\Run: [JoinMEUIExec] C:\Program Files (x86)\PC Suite\JoinMEUIExec.exe ()O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not foundO8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2ADFB0D5-C8BF-45CC-A3E0-F1873182E31A}: DhcpNameServer = 192.168.1.1 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7004B3CA-E164-4EAC-8FC6-74F9604EA488}: DhcpNameServer = 192.168.1.254O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value foundO18:64bit: - Protocol\Handler\viprotocol - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)O32 - HKLM CDRom: AutoRun - 1O33 - MountPoints2\{0f64ab74-b61d-11e1-a004-1c7508fe3e89}\Shell - "" = AutoRunO33 - MountPoints2\{0f64ab74-b61d-11e1-a004-1c7508fe3e89}\Shell\AutoRun\command - "" = E:\AutoRun.exeO33 - MountPoints2\{126f3f05-0e70-11e1-a6a2-1c7508fe3e89}\Shell - "" = AutoRunO33 - MountPoints2\{126f3f05-0e70-11e1-a6a2-1c7508fe3e89}\Shell\AutoRun\command - "" = F:\AutoRun.exeO33 - MountPoints2\{7a9bdb28-b55a-11e1-a02d-1c7508fe3e89}\Shell - "" = AutoRunO33 - MountPoints2\{7a9bdb28-b55a-11e1-a02d-1c7508fe3e89}\Shell\AutoRun\command - "" = E:\AutoRun.exeO33 - MountPoints2\{7a9bdb2a-b55a-11e1-a02d-1c7508fe3e89}\Shell - "" = AutoRunO33 - MountPoints2\{7a9bdb2a-b55a-11e1-a02d-1c7508fe3e89}\Shell\AutoRun\command - "" = E:\AutoRun.exeO33 - MountPoints2\{fd50b2f1-bbb0-11e1-abdd-1c7508fe3e89}\Shell - "" = AutoRunO33 - MountPoints2\{fd50b2f1-bbb0-11e1-abdd-1c7508fe3e89}\Shell\AutoRun\command - "" = E:\AutoRun.exeO33 - MountPoints2\E\Shell - "" = AutoRunO33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exeO33 - MountPoints2\F\Shell - "" = AutoRunO33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exeO34 - HKLM BootExecute: (autocheck autochk *)O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2012/06/26 18:14:40 | 000,000,000 | ---D | C] -- C:\_OTL[2012/06/26 11:24:05 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Roaming\ParetoLogic[2012/06/26 11:24:05 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Roaming\DriverCure[2012/06/26 11:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic[2012/06/21 22:37:34 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Local\Macromedia[2012/06/21 22:35:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed[2012/06/21 15:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG[2012/06/14 17:40:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo[2012/06/14 17:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer[2012/06/14 17:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon[2012/06/14 17:40:22 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Roaming\Babylon[2012/06/14 17:40:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLVPlayer[2012/06/14 17:40:19 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player[2012/06/14 17:32:53 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Local\AVG Secure Search[2012/06/14 17:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant[2012/06/14 17:31:07 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Local\Ilivid Player[2012/06/14 17:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess[2012/06/12 16:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems[2012/06/12 16:05:27 | 000,000,000 | ---D | C] -- C:\My Pictures[2012/06/12 16:01:54 | 000,000,000 | ---D | C] -- C:\Windows\Corel[2012/06/12 15:58:57 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Roaming\Share-to-Web Upload Folder[2012/06/12 15:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard[2012/06/12 15:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard[1 C:\Users\Denny\Desktop\*.tmp files -> C:\Users\Denny\Desktop\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2012/06/26 20:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2012/06/26 19:56:27 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/06/26 19:56:27 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/06/26 19:56:12 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/06/26 19:56:12 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/06/26 19:56:12 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/06/26 19:48:42 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/06/26 19:48:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/06/26 19:48:36 | 2299,416,576 | -HS- | M] () -- C:\hiberfil.sys[2012/06/26 18:46:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2967278288-68288702-3490197205-1001UA.job[2012/06/26 18:46:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2967278288-68288702-3490197205-1001Core.job[2012/06/26 18:25:18 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/06/26 11:21:23 | 100,725,600 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm[2012/06/21 15:17:29 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk[2012/06/21 15:09:12 | 000,042,722 | ---- | M] () -- C:\Users\Denny\Desktop\Snapshot_20120621_3.JPG[2012/06/21 15:08:20 | 000,041,227 | ---- | M] () -- C:\Users\Denny\Desktop\Snapshot_20120621_2.JPG[2012/06/21 15:07:56 | 000,041,035 | ---- | M] () -- C:\Users\Denny\Desktop\Snapshot_20120621_1.JPG[2012/06/21 15:07:26 | 000,039,798 | ---- | M] () -- C:\Users\Denny\Desktop\Snapshot_20120621.JPG[2012/06/19 17:58:25 | 000,303,465 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm[2012/06/18 22:20:00 | 000,084,809 | ---- | M] () -- C:\Users\Denny\Desktop\HD_Signature_menu.pdf[2012/06/18 22:09:16 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk[2012/06/14 17:41:01 | 000,000,992 | ---- | M] () -- C:\user.js[2012/06/14 17:40:19 | 000,001,049 | ---- | M] () -- C:\Users\Denny\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk[2012/06/14 17:40:19 | 000,001,025 | ---- | M] () -- C:\Users\Denny\Desktop\FLV Player.lnk[2012/06/14 09:41:42 | 000,482,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2012/06/12 21:48:06 | 000,002,401 | ---- | M] () -- C:\Users\Denny\Desktop\Google Chrome.lnk[2012/06/12 16:05:07 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp9AA91.FOT[2012/06/12 16:05:07 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp7EA91.FOT[2012/06/12 16:05:07 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp52B91.FOT[2012/06/12 16:05:07 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp37B91.FOT[2012/06/12 16:05:06 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpFB991.FOT[2012/06/12 16:05:06 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp23991.FOT[2012/06/06 13:27:30 | 000,065,592 | ---- | M] () -- C:\Users\Denny\Desktop\confirmation.pdf[2012/05/30 22:46:36 | 000,254,678 | ---- | M] () -- C:\Users\Denny\Desktop\CVDenisRyan.pdf[2012/05/30 22:07:54 | 000,066,603 | ---- | M] () -- C:\Users\Denny\Desktop\boi may.PNG[1 C:\Users\Denny\Desktop\*.tmp files -> C:\Users\Denny\Desktop\*.tmp -> ]========== Files Created - No Company Name ==========[2012/06/21 22:35:24 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2012/06/21 19:49:37 | 000,042,722 | ---- | C] () -- C:\Users\Denny\Desktop\Snapshot_20120621_3.JPG[2012/06/21 19:49:21 | 000,041,227 | ---- | C] () -- C:\Users\Denny\Desktop\Snapshot_20120621_2.JPG[2012/06/21 19:49:05 | 000,041,035 | ---- | C] () -- C:\Users\Denny\Desktop\Snapshot_20120621_1.JPG[2012/06/21 19:48:48 | 000,039,798 | ---- | C] () -- C:\Users\Denny\Desktop\Snapshot_20120621.JPG[2012/06/18 22:20:06 | 000,084,809 | ---- | C] () -- C:\Users\Denny\Desktop\HD_Signature_menu.pdf[2012/06/18 22:09:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk[2012/06/18 22:09:16 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk[2012/06/14 17:40:19 | 000,001,049 | ---- | C] () -- C:\Users\Denny\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk[2012/06/14 17:40:19 | 000,001,025 | ---- | C] () -- C:\Users\Denny\Desktop\FLV Player.lnk[2012/06/14 17:32:37 | 000,000,992 | ---- | C] () -- C:\user.js[2012/06/12 16:05:28 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\sh33w32.dll[2012/06/12 16:05:07 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp9AA91.FOT[2012/06/12 16:05:07 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp7EA91.FOT[2012/06/12 16:05:07 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp52B91.FOT[2012/06/12 16:05:07 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp37B91.FOT[2012/06/12 16:05:06 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpFB991.FOT[2012/06/12 16:05:06 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp23991.FOT[2012/06/06 13:27:29 | 000,065,592 | ---- | C] () -- C:\Users\Denny\Desktop\confirmation.pdf[2012/05/30 22:46:34 | 000,254,678 | ---- | C] () -- C:\Users\Denny\Desktop\CVDenisRyan.pdf[2012/05/30 22:07:54 | 000,066,603 | ---- | C] () -- C:\Users\Denny\Desktop\boi may.PNG[2011/11/14 17:16:27 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin[2011/11/14 04:32:19 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\mdvrmng.sys[2011/10/06 16:23:03 | 000,153,834 | ---- | C] () -- C:\Users\Denny\DenisRyanCV.Hosp.pdf[2011/08/01 16:14:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat[2011/04/01 12:09:12 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin[2011/04/01 12:09:11 | 000,214,760 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin[2011/04/01 12:09:11 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin[2011/04/01 12:09:11 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll[2011/04/01 12:09:10 | 013,355,008 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll[2011/03/09 14:08:03 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe[2011/03/09 13:09:26 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll========== LOP Check ==========[2012/01/19 19:41:40 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\AVG2012[2012/06/14 17:40:22 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\Babylon[2011/11/14 04:32:37 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\Birdstep Technology[2011/11/14 23:32:11 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\Blackberry Desktop[2012/06/26 11:24:05 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\DriverCure[2012/06/26 11:24:05 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\ParetoLogic[2011/08/03 14:26:38 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\PowerCinema[2011/11/16 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\Research In Motion[2012/01/24 10:29:53 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\Thunderbird[2011/12/13 02:53:05 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\Windows Live Writer[2012/06/24 22:06:46 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT========== Purity Check ==================== Alternate Data Streams ==========@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8173A019@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:798A3728< End of report > Link to post Share on other sites More sharing options...
MrCharlie Posted June 26, 2012 ID:564564 Share Posted June 26, 2012 Please delete this Chrome Extension:CHR - Extension: Web Assistant----------------------------------Please do this:Run OTLUnder the Custom Scans/Fixes box at the bottom, paste in the following :OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()O3:64bit: - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.[2012/06/14 17:40:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com[2012/06/14 17:40:45 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xmlPRC - [2012/05/08 15:15:02 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exeSRV:64bit: - [2012/05/08 15:15:02 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/06/14 17:32:30 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/06/14 17:32:30 | 000,000,000 | ---D | M]SRV:64bit: - [2012/05/08 15:15:02 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)[2012/06/14 17:32:30 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX[2012/06/14 17:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon[2012/06/14 17:40:22 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Roaming\Babylon[2012/06/14 17:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant[2012/06/14 17:31:07 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Local\Ilivid Player@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8173A019@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:798A3728:Commands[emptytemp]Then click the Run Fix button at the topLet the program run unhindered, when done it will say "Fix Complete press ok to open the log"Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.MrC Link to post Share on other sites More sharing options...
denny222 Posted June 26, 2012 Author ID:564570 Share Posted June 26, 2012 Still there I'm afraid. I ran your instructions with Chrome open so did it again with it closed, rebooted each time. Then I uninstalled Yontoo - didn't like the look of it and was unfamiliar with it. Anyway here is the file that was generated:All processes killed========== OTL ==========HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.File C:\Program Files\Web Assistant\Extension32.dll not found.64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.File C:\Program Files\Web Assistant\Extension64.dll not found.64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com folder moved successfully.C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.No active process named ExtensionUpdaterService.exe was found!Error: No service named Web Assistant Updater was found to stop!Service\Driver key Web Assistant Updater not found.File C:\Program Files\Web Assistant\ExtensionUpdaterService.exe not found.File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox not found.Error: No service named Web Assistant Updater was found to stop!Service\Driver key Web Assistant Updater not found.File C:\Program Files\Web Assistant\ExtensionUpdaterService.exe not found.Folder C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\ not found.C:\ProgramData\Babylon folder moved successfully.C:\Users\Denny\AppData\Roaming\Babylon folder moved successfully.Folder C:\Program Files\Web Assistant\ not found.C:\Users\Denny\AppData\Local\Ilivid Player folder moved successfully.ADS C:\ProgramData\Temp:8173A019 deleted successfully.ADS C:\ProgramData\Temp:798A3728 deleted successfully.========== COMMANDS ==========[EMPTYTEMP]User: All UsersUser: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: Denny->Temp folder emptied: 1622302 bytes->Temporary Internet Files folder emptied: 37415 bytes->FireFox cache emptied: 5787322 bytes->Google Chrome cache emptied: 41091256 bytes->Flash cache emptied: 379 bytesUser: Public%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 119080727 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 160.00 mbOTL by OldTimer - Version 3.2.53.0 log created on 06262012_212551Files\Folders moved on Reboot...C:\Users\Denny\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.C:\Users\Denny\AppData\Local\Temp\MMDUtl.log moved successfully.File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.File move failed. C:\Windows\temp\LMutilps.log scheduled to be moved on reboot.PendingFileRenameOperations files...File C:\Users\Denny\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!File C:\Users\Denny\AppData\Local\Temp\MMDUtl.log not found![2012/06/26 21:27:37 | 000,002,986 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5[2012/06/26 21:27:35 | 000,002,145 | ---- | M] () C:\Windows\temp\LMutilps.log : Unable to obtain MD5Registry entries deleted on Reboot...Sorry it has been difficult..much appreciated thus far.. Link to post Share on other sites More sharing options...
MrCharlie Posted June 26, 2012 ID:564585 Share Posted June 26, 2012 So it's still in Chrome????Run me another OTL scan, MrC Link to post Share on other sites More sharing options...
denny222 Posted June 26, 2012 Author ID:564594 Share Posted June 26, 2012 Yes MrC, it's the first tab on Chrome, the one I use all the time. I have taken a screen shot of my OTC settings for the scan which may be of interest I don't know - it is attached - wait can't seem to attach..Here is the latest OTC Quick Scan;OTL logfile created on: 26/06/2012 23:27:56 - Run 4OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Denny\Downloads64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy2.86 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 67.23% Memory free5.71 Gb Paging File | 4.18 Gb Available in Paging File | 73.20% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 281.99 Gb Total Space | 227.82 Gb Free Space | 80.79% Space Free | Partition Type: NTFSComputer Name: DENNY-PC | User Name: Denny | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/06/25 18:53:52 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Denny\Downloads\OTL.exePRC - [2012/06/14 14:34:32 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exePRC - [2012/06/14 14:34:30 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exePRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exePRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exePRC - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exePRC - [2011/03/14 12:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exePRC - [2011/03/14 12:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exePRC - [2011/03/14 12:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exePRC - [2011/03/14 12:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exePRC - [2011/02/15 20:36:10 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exePRC - [2011/02/15 20:35:34 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exePRC - [2011/02/01 22:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2011/02/01 22:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2011/01/31 22:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exePRC - [2011/01/13 03:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exePRC - [2011/01/13 03:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exePRC - [2010/12/29 14:56:22 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exePRC - [2010/12/29 14:56:18 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exePRC - [2010/12/27 09:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exePRC - [2010/12/09 22:25:22 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exePRC - [2010/10/05 23:46:10 | 000,704,104 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exePRC - [2010/09/28 04:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exePRC - [2010/09/18 01:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exePRC - [2010/09/18 01:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exePRC - [2010/04/27 03:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exePRC - [2010/01/30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exePRC - [2010/01/28 14:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exePRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exePRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exePRC - [2009/11/19 23:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exePRC - [2009/11/18 11:15:22 | 000,242,688 | ---- | M] () -- C:\Program Files (x86)\PC Suite\JoinMEAssistantServices.exePRC - [2009/03/10 19:50:18 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\PC Suite\JoinMEUIExec.exe========== Modules (No Company Name) ==========MOD - [2012/06/14 14:34:33 | 000,132,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dllMOD - [2012/06/14 14:34:30 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exeMOD - [2012/06/14 13:58:03 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dllMOD - [2012/06/14 09:46:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dllMOD - [2012/06/14 09:46:48 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dllMOD - [2012/05/11 20:26:57 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dllMOD - [2012/05/11 18:56:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dllMOD - [2012/05/11 18:54:47 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dllMOD - [2012/05/11 18:54:41 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dllMOD - [2012/05/11 18:54:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dllMOD - [2012/05/11 18:54:31 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dllMOD - [2012/05/11 18:54:10 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dllMOD - [2011/02/15 20:37:10 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dllMOD - [2010/12/29 14:56:18 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exeMOD - [2010/12/29 14:56:16 | 000,210,312 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dllMOD - [2009/03/10 19:50:18 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\PC Suite\JoinMEUIExec.exe========== Win32 Services (SafeList) ==========SRV:64bit: - [2011/02/22 21:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)SRV:64bit: - [2011/01/31 22:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)SRV:64bit: - [2010/09/23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2012/06/21 23:00:46 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2012/06/14 14:34:32 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)SRV - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)SRV - [2012/01/13 12:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)SRV - [2011/04/25 07:41:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)SRV - [2011/03/14 12:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)SRV - [2011/02/15 20:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)SRV - [2011/02/01 22:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®SRV - [2011/02/01 22:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®SRV - [2011/01/13 03:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®SRV - [2010/12/27 09:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)SRV - [2010/09/28 03:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2010/01/30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)SRV - [2010/01/28 14:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)SRV - [2009/11/18 11:15:22 | 000,242,688 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PC Suite\JoinMEAssistantServices.exe -- (JoinMEUI Assistant Service)SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)DRV:64bit: - [2011/03/27 00:19:50 | 012,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2011/03/17 08:10:48 | 001,584,256 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/03/09 14:38:30 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)DRV:64bit: - [2011/03/09 14:38:30 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)DRV:64bit: - [2011/03/09 14:38:30 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)DRV:64bit: - [2011/01/13 12:46:18 | 001,412,144 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)DRV:64bit: - [2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2011/01/12 09:10:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/08 05:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®DRV:64bit: - [2010/10/15 09:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®DRV:64bit: - [2010/09/30 06:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)DRV:64bit: - [2010/09/30 06:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)DRV:64bit: - [2010/07/09 04:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)DRV:64bit: - [2010/05/11 11:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)DRV:64bit: - [2010/04/20 03:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)DRV:64bit: - [2010/01/19 12:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)DRV:64bit: - [2010/01/19 12:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)DRV:64bit: - [2010/01/19 12:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)DRV:64bit: - [2010/01/19 12:49:52 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)DRV:64bit: - [2009/12/31 14:36:24 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zgwhsnmea.sys -- (zgwhsnmea)DRV:64bit: - [2009/12/31 14:36:20 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zgwhsmdm.sys -- (zgwhsmdm)DRV:64bit: - [2009/12/31 14:36:16 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zgwhsdiag.sys -- (zgwhsdiag)DRV:64bit: - [2009/11/18 11:39:50 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)DRV:64bit: - [2008/05/20 20:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)DRV:64bit: - [2007/05/01 04:00:00 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)DRV - [2010/01/28 14:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\mdvrmng.sys -- (mdvrmng)DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.comIE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.comIE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBoxIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.comIE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBoxIE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.comIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ieIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ieIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ieIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ieIE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\SearchScopes\{17B68CFB-29C2-4EAD-AA10-FDEB5383E062}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searc}IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}IE - HKU\S-1-5-21-2967278288-68288702-3490197205-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: ""FF - prefs.js..browser.search.order.1: ""FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "http://www.google.com/"FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="FF - prefs.js..network.proxy.type: 0FF - user.js..browser.startup.homepage: "http://www.google.com/"FF - user.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="FF - user.js..browser.search.selectedEngine: "Google"FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Denny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Denny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOXFF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/21 15:17:29 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/22 23:04:04 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/06/14 14:34:37 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/16 18:24:25 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\FirefoxFF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/21 17:58:09 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins[2012/06/14 17:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denny\AppData\Roaming\Mozilla\Extensions[2012/06/26 11:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\vabb7f6c.default\extensions[2012/06/26 21:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2012/02/05 22:47:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}File not found (No name found) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX[2012/06/14 14:34:37 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7[2011/12/21 17:58:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll[2011/12/21 17:58:06 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml[2012/06/14 14:34:30 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml[2011/12/21 17:58:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml[2011/12/21 17:58:06 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml[2011/12/21 17:58:06 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml[2011/12/21 17:58:06 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml========== Chrome ==========CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Users\Denny\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dllCHR - plugin: Shockwave Flash (Disabled) = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dllCHR - plugin: McAfee SiteAdvisor (Disabled) = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dllCHR - plugin: McAfee SiteAdvisor (Disabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dllCHR - plugin: Skype Toolbars (Enabled) = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dllCHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLLCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLLCHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dllCHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dllCHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllCHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dllCHR - Extension: YouTube = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\CHR - Extension: Google Search = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\CHR - Extension: SiteAdvisor = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\CHR - Extension: AdBlock = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.36_0\CHR - Extension: Earth = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jieopfhnlbjmbpckpdhfdedccdmngdac\1.5_0\CHR - Extension: Skype Click to Call = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\CHR - Extension: AVG Do Not Track = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\CHR - Extension: Evernote Web Clipper = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.5_1\CHR - Extension: Gmail = C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)O4 - HKLM..\Run: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)O4 - HKLM..\Run: [JoinMEUIExec] C:\Program Files (x86)\PC Suite\JoinMEUIExec.exe ()O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not foundO8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2ADFB0D5-C8BF-45CC-A3E0-F1873182E31A}: DhcpNameServer = 192.168.1.1 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7004B3CA-E164-4EAC-8FC6-74F9604EA488}: DhcpNameServer = 192.168.1.254O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value foundO18:64bit: - Protocol\Handler\viprotocol - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)O32 - HKLM CDRom: AutoRun - 1O33 - MountPoints2\{0f64ab74-b61d-11e1-a004-1c7508fe3e89}\Shell - "" = AutoRunO33 - MountPoints2\{0f64ab74-b61d-11e1-a004-1c7508fe3e89}\Shell\AutoRun\command - "" = E:\AutoRun.exeO33 - MountPoints2\{126f3f05-0e70-11e1-a6a2-1c7508fe3e89}\Shell - "" = AutoRunO33 - MountPoints2\{126f3f05-0e70-11e1-a6a2-1c7508fe3e89}\Shell\AutoRun\command - "" = F:\AutoRun.exeO33 - MountPoints2\{7a9bdb28-b55a-11e1-a02d-1c7508fe3e89}\Shell - "" = AutoRunO33 - MountPoints2\{7a9bdb28-b55a-11e1-a02d-1c7508fe3e89}\Shell\AutoRun\command - "" = E:\AutoRun.exeO33 - MountPoints2\{7a9bdb2a-b55a-11e1-a02d-1c7508fe3e89}\Shell - "" = AutoRunO33 - MountPoints2\{7a9bdb2a-b55a-11e1-a02d-1c7508fe3e89}\Shell\AutoRun\command - "" = E:\AutoRun.exeO33 - MountPoints2\{fd50b2f1-bbb0-11e1-abdd-1c7508fe3e89}\Shell - "" = AutoRunO33 - MountPoints2\{fd50b2f1-bbb0-11e1-abdd-1c7508fe3e89}\Shell\AutoRun\command - "" = E:\AutoRun.exeO33 - MountPoints2\E\Shell - "" = AutoRunO33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exeO33 - MountPoints2\F\Shell - "" = AutoRunO33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exeO34 - HKLM BootExecute: (autocheck autochk *)O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2012/06/26 18:14:40 | 000,000,000 | ---D | C] -- C:\_OTL[2012/06/26 11:24:05 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Roaming\ParetoLogic[2012/06/26 11:24:05 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Roaming\DriverCure[2012/06/26 11:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic[2012/06/21 22:37:34 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Local\Macromedia[2012/06/21 22:35:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed[2012/06/21 15:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG[2012/06/14 17:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer[2012/06/14 17:40:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLVPlayer[2012/06/14 17:40:19 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player[2012/06/14 17:32:53 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Local\AVG Secure Search[2012/06/14 17:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess[2012/06/12 16:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems[2012/06/12 16:05:27 | 000,000,000 | ---D | C] -- C:\My Pictures[2012/06/12 16:01:54 | 000,000,000 | ---D | C] -- C:\Windows\Corel[2012/06/12 15:58:57 | 000,000,000 | ---D | C] -- C:\Users\Denny\AppData\Roaming\Share-to-Web Upload Folder[2012/06/12 15:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard[2012/06/12 15:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard[1 C:\Users\Denny\Desktop\*.tmp files -> C:\Users\Denny\Desktop\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2012/06/26 23:31:07 | 000,170,589 | ---- | M] () -- C:\Users\Denny\Desktop\snip.PNG[2012/06/26 23:25:19 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/06/26 23:00:20 | 000,834,835 | ---- | M] () -- C:\Users\Denny\Desktop\joe 2.pdf[2012/06/26 23:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2012/06/26 22:57:48 | 000,528,366 | ---- | M] () -- C:\Users\Denny\Desktop\joe.pdf[2012/06/26 22:46:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2967278288-68288702-3490197205-1001UA.job[2012/06/26 21:44:38 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/06/26 21:44:38 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/06/26 21:42:12 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/06/26 21:42:12 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/06/26 21:42:12 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/06/26 21:36:57 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/06/26 21:36:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/06/26 21:36:53 | 2299,416,576 | -HS- | M] () -- C:\hiberfil.sys[2012/06/26 18:46:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2967278288-68288702-3490197205-1001Core.job[2012/06/26 11:21:23 | 100,725,600 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm[2012/06/21 15:17:29 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk[2012/06/21 15:09:12 | 000,042,722 | ---- | M] () -- C:\Users\Denny\Desktop\Snapshot_20120621_3.JPG[2012/06/21 15:08:20 | 000,041,227 | ---- | M] () -- C:\Users\Denny\Desktop\Snapshot_20120621_2.JPG[2012/06/21 15:07:56 | 000,041,035 | ---- | M] () -- C:\Users\Denny\Desktop\Snapshot_20120621_1.JPG[2012/06/21 15:07:26 | 000,039,798 | ---- | M] () -- C:\Users\Denny\Desktop\Snapshot_20120621.JPG[2012/06/19 17:58:25 | 000,303,465 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm[2012/06/18 22:20:00 | 000,084,809 | ---- | M] () -- C:\Users\Denny\Desktop\HD_Signature_menu.pdf[2012/06/18 22:09:16 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk[2012/06/14 17:41:01 | 000,000,992 | ---- | M] () -- C:\user.js[2012/06/14 17:40:19 | 000,001,049 | ---- | M] () -- C:\Users\Denny\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk[2012/06/14 17:40:19 | 000,001,025 | ---- | M] () -- C:\Users\Denny\Desktop\FLV Player.lnk[2012/06/14 09:41:42 | 000,482,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2012/06/12 21:48:06 | 000,002,401 | ---- | M] () -- C:\Users\Denny\Desktop\Google Chrome.lnk[2012/06/12 16:05:07 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp9AA91.FOT[2012/06/12 16:05:07 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp7EA91.FOT[2012/06/12 16:05:07 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp52B91.FOT[2012/06/12 16:05:07 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp37B91.FOT[2012/06/12 16:05:06 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpFB991.FOT[2012/06/12 16:05:06 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp23991.FOT[2012/06/06 13:27:30 | 000,065,592 | ---- | M] () -- C:\Users\Denny\Desktop\confirmation.pdf[2012/05/30 22:46:36 | 000,254,678 | ---- | M] () -- C:\Users\Denny\Desktop\CVDenisRyan.pdf[2012/05/30 22:07:54 | 000,066,603 | ---- | M] () -- C:\Users\Denny\Desktop\boi may.PNG[1 C:\Users\Denny\Desktop\*.tmp files -> C:\Users\Denny\Desktop\*.tmp -> ]========== Files Created - No Company Name ==========[2012/06/26 23:31:07 | 000,170,589 | ---- | C] () -- C:\Users\Denny\Desktop\snip.PNG[2012/06/26 23:00:34 | 000,834,835 | ---- | C] () -- C:\Users\Denny\Desktop\joe 2.pdf[2012/06/26 22:58:01 | 000,528,366 | ---- | C] () -- C:\Users\Denny\Desktop\joe.pdf[2012/06/21 22:35:24 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2012/06/21 19:49:37 | 000,042,722 | ---- | C] () -- C:\Users\Denny\Desktop\Snapshot_20120621_3.JPG[2012/06/21 19:49:21 | 000,041,227 | ---- | C] () -- C:\Users\Denny\Desktop\Snapshot_20120621_2.JPG[2012/06/21 19:49:05 | 000,041,035 | ---- | C] () -- C:\Users\Denny\Desktop\Snapshot_20120621_1.JPG[2012/06/21 19:48:48 | 000,039,798 | ---- | C] () -- C:\Users\Denny\Desktop\Snapshot_20120621.JPG[2012/06/18 22:20:06 | 000,084,809 | ---- | C] () -- C:\Users\Denny\Desktop\HD_Signature_menu.pdf[2012/06/18 22:09:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk[2012/06/18 22:09:16 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk[2012/06/14 17:40:19 | 000,001,049 | ---- | C] () -- C:\Users\Denny\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk[2012/06/14 17:40:19 | 000,001,025 | ---- | C] () -- C:\Users\Denny\Desktop\FLV Player.lnk[2012/06/14 17:32:37 | 000,000,992 | ---- | C] () -- C:\user.js[2012/06/12 16:05:28 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\sh33w32.dll[2012/06/12 16:05:07 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp9AA91.FOT[2012/06/12 16:05:07 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp7EA91.FOT[2012/06/12 16:05:07 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp52B91.FOT[2012/06/12 16:05:07 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp37B91.FOT[2012/06/12 16:05:06 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpFB991.FOT[2012/06/12 16:05:06 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp23991.FOT[2012/06/06 13:27:29 | 000,065,592 | ---- | C] () -- C:\Users\Denny\Desktop\confirmation.pdf[2012/05/30 22:46:34 | 000,254,678 | ---- | C] () -- C:\Users\Denny\Desktop\CVDenisRyan.pdf[2012/05/30 22:07:54 | 000,066,603 | ---- | C] () -- C:\Users\Denny\Desktop\boi may.PNG[2011/11/14 17:16:27 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin[2011/11/14 04:32:19 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\mdvrmng.sys[2011/10/06 16:23:03 | 000,153,834 | ---- | C] () -- C:\Users\Denny\DenisRyanCV.Hosp.pdf[2011/08/01 16:14:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat[2011/04/01 12:09:12 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin[2011/04/01 12:09:11 | 000,214,760 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin[2011/04/01 12:09:11 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin[2011/04/01 12:09:11 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll[2011/04/01 12:09:10 | 013,355,008 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll[2011/03/09 14:08:03 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe[2011/03/09 13:09:26 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll========== LOP Check ==========[2012/01/19 19:41:40 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\AVG2012[2011/11/14 04:32:37 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\Birdstep Technology[2011/11/14 23:32:11 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\Blackberry Desktop[2012/06/26 11:24:05 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\DriverCure[2012/06/26 11:24:05 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\ParetoLogic[2011/08/03 14:26:38 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\PowerCinema[2011/11/16 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\Research In Motion[2012/01/24 10:29:53 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\Thunderbird[2011/12/13 02:53:05 | 000,000,000 | ---D | M] -- C:\Users\Denny\AppData\Roaming\Windows Live Writer[2012/06/24 22:06:46 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT========== Purity Check ==========< End of report > Link to post Share on other sites More sharing options...
denny222 Posted June 26, 2012 Author ID:564595 Share Posted June 26, 2012 There we go!.. Link to post Share on other sites More sharing options...
MrCharlie Posted June 27, 2012 ID:564625 Share Posted June 27, 2012 Lets make sure you have the latest version of Chrome:Open up Chrome > in the upper right corner click the wrench > scroll down to "About Google Chrome", click on it > if an update is available it will be installed.Then.......Clear Browser Data:Go to Tools > Clear Browser DataSee if that makes a difference.If not.......Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingc...to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
denny222 Posted June 27, 2012 Author ID:564722 Share Posted June 27, 2012 Heya..Thanks for that but still there. I should point out that I use CCleaner to delete temp files etc on a regular basis. When Chrome starts there's the Searchnu tab, Google.com and Google.co.uk - it used to be ThreeMobile (internet provider) and one Google - maybe irrelevant. Here's a snapshot of the Searchnu as a first tab.The report;ComboFix 12-06-26.02 - Denny 27/06/2012 11:48:31.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2924.1581 [GMT 1:00]Running from: c:\users\Denny\Downloads\ComboFix.exeAV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\FullRemove.exe..((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))..2012-06-27 10:53 . 2012-06-27 10:53 -------- d-----w- c:\users\Default\AppData\Local\temp2012-06-26 17:14 . 2012-06-26 17:14 -------- d-----w- C:\_OTL2012-06-26 10:24 . 2012-06-26 10:24 -------- d-----w- c:\users\Denny\AppData\Roaming\ParetoLogic2012-06-26 10:24 . 2012-06-26 10:24 -------- d-----w- c:\users\Denny\AppData\Roaming\DriverCure2012-06-26 10:23 . 2012-06-26 10:55 -------- d-----w- c:\programdata\ParetoLogic2012-06-21 21:37 . 2012-06-21 21:37 -------- d-----w- c:\users\Denny\AppData\Local\Macromedia2012-06-21 21:35 . 2012-06-21 22:00 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-06-21 21:35 . 2012-06-21 21:35 -------- d-----w- c:\windows\system32\Macromed2012-06-21 10:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll2012-06-21 10:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll2012-06-21 10:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe2012-06-21 10:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll2012-06-21 10:13 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll2012-06-21 10:13 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll2012-06-21 10:13 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll2012-06-21 10:12 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll2012-06-21 10:12 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe2012-06-14 16:40 . 2012-06-26 20:34 -------- d-----w- c:\programdata\Tarma Installer2012-06-14 16:40 . 2012-06-14 16:40 -------- d-----w- c:\program files (x86)\FLVPlayer2012-06-14 16:32 . 2012-06-14 16:32 -------- d-----w- c:\users\Denny\AppData\Local\AVG Secure Search2012-06-14 16:32 . 2012-06-14 16:41 992 ----a-w- C:\user.js2012-06-14 16:30 . 2012-06-14 22:44 -------- d-----w- c:\programdata\boost_interprocess2012-06-13 13:31 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll2012-06-13 13:31 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll2012-06-13 13:31 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe2012-06-13 13:31 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll2012-06-13 13:31 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe2012-06-13 13:31 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2012-06-13 13:31 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2012-06-13 13:31 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys2012-06-13 13:31 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-06-13 13:31 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll2012-06-13 13:31 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll2012-06-13 13:31 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll2012-06-13 13:31 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll2012-06-13 13:30 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll2012-06-13 13:30 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll2012-06-13 13:30 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll2012-06-13 13:30 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll2012-06-12 15:07 . 2012-06-12 15:07 -------- d-----w- c:\program files\ACD Systems2012-06-12 15:05 . 2000-03-29 18:17 133904 ------w- c:\windows\SysWow64\mfcans32.dll2012-06-12 15:05 . 2000-03-29 18:17 108032 ------w- c:\windows\SysWow64\mfcuia32.dll2012-06-12 15:05 . 2000-03-29 18:17 108032 ------w- c:\windows\SysWow64\sh33w32.dll2012-06-12 15:05 . 2012-06-12 15:05 -------- d-----w- C:\My Pictures2012-06-12 15:05 . 2012-06-12 15:05 1409 ----a-w- c:\windows\SysWow64\tmp9AA91.FOT2012-06-12 15:05 . 2012-06-12 15:05 1409 ----a-w- c:\windows\SysWow64\tmp7EA91.FOT2012-06-12 15:05 . 2012-06-12 15:05 1409 ----a-w- c:\windows\SysWow64\tmp52B91.FOT2012-06-12 15:05 . 2012-06-12 15:05 1409 ----a-w- c:\windows\SysWow64\tmp37B91.FOT2012-06-12 15:05 . 2012-06-12 15:05 1409 ----a-w- c:\windows\SysWow64\tmpFB991.FOT2012-06-12 15:05 . 2012-06-12 15:05 1409 ----a-w- c:\windows\SysWow64\tmp23991.FOT2012-06-12 15:01 . 2012-06-26 11:02 -------- d-----w- c:\windows\Corel2012-06-12 15:00 . 1997-01-22 19:26 565760 ----a-w- c:\windows\SysWow64\MSVCP50.DLL2012-06-12 14:58 . 2012-06-12 14:58 -------- d-----w- c:\users\Denny\AppData\Roaming\Share-to-Web Upload Folder2012-06-12 14:57 . 2012-06-12 14:57 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard2012-06-12 14:57 . 2012-06-12 20:17 -------- d-----w- c:\program files (x86)\Hewlett-Packard...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-06-21 22:00 . 2011-08-05 13:32 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-04-19 03:50 . 2012-04-19 03:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys2012-03-30 11:35 . 2012-05-10 18:54 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]2012-06-14 13:34 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-14 2068536].[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}][HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1][HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-18 407920]"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-18 201584]"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-02-15 297280]"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]"Dolby Home Theater v4"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]"MDS_Menu"="c:\program files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2010-12-09 177448]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-19 623960]"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]"JoinMEUIExec"="c:\program files (x86)\PC Suite\JoinMEUIExec.exe" [2009-03-10 131072]"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-14 1104440]"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-04 928096]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2011-3-9 704104]Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-8-1 113664]McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 CxAudMsg;CxAudMsg;c:\windows\system32\CxAudMsg64.exe [x]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-10 136176]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 257696]R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-10 136176]R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 11776]R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2009-11-18 12800]R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-01 1255736]R3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\DRIVERS\zgwhsdiag.sys [2009-12-31 122624]R3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\DRIVERS\zgwhsmdm.sys [2009-12-31 122624]R3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\DRIVERS\zgwhsnmea.sys [2009-12-31 122624]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-05-01 52856]S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-03-09 22912]S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-03-09 20328]S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-03-09 62584]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-02-22 873064]S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-27 1817088]S2 JoinMEUI Assistant Service;JoinMEUI Assistant Service;c:\program files (x86)\PC Suite\JoinMEAssistantServices.exe [2009-11-18 242688]S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624]S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2012-01-13 103440]S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-02-15 257344]S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-14 935480]S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912]S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-12 333928]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.Contents of the 'Scheduled Tasks' folder.2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 22:00].2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-10 19:15].2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-10 19:15].2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2967278288-68288702-3490197205-1001Core.job- c:\users\Denny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01 14:55].2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2967278288-68288702-3490197205-1001UA.job- c:\users\Denny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01 14:55]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-31 167960]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-31 392216]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-31 415768]"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-22 1796200].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x1.------- Supplementary Scan -------.uStart Page = hxxp://www.google.co.uk/uLocal Page = c:\windows\system32\blank.htmuDefault_Search_URL = hxxp://www.google.com/iemStart Page = hxxp://acer.msn.commLocal Page = c:\windows\SysWOW64\blank.htmuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.1.1 192.168.1.1Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dllFF - ProfilePath - c:\users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\vabb7f6c.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=FF - prefs.js: network.proxy.type - 0FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6R8vZq5L19FF - user.js: extensions.incredibar_i.upn2n - 92824534867393435FF - user.js: extensions.incredibar_i.productid - 26FF - user.js: extensions.incredibar_i.installerproductid - 26FF - user.js: extensions.incredibar_i.did - 10657FF - user.js: extensions.incredibar_i.ppd - FF - user.js: extensions.incredibar_i.newTab - falseFF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8vZq5L19&loc=IB_TB&i=26&search=FF - user.js: extensions.incredibar_i.id - 80ab623a000000000000c0f8da13eae1FF - user.js: extensions.incredibar_i.instlDay - 15505FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1417:32FF - user.js: extensions.incredibar_i.prtnrId - IncredibarFF - user.js: extensions.incredibar_i.prdct - incredibarFF - user.js: extensions.incredibar_i.aflt - orgnlFF - user.js: extensions.incredibar_i.smplGrp - noneFF - user.js: extensions.incredibar_i.tlbrId - baseFF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - falseFF - user.js: extensions.autoDisableScopes - 14FF - user.js: security.csp.enable - falseFF - user.js: browser.startup.homepage - hxxp://www.google.com/FF - user.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=FF - user.js: browser.search.selectedEngine - Google.- - - - ORPHANS REMOVED - - - -.HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Launch Manager\LMutilps32.exec:\windows\SysWOW64\rundll32.exec:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exec:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe.**************************************************************************.Completion time: 2012-06-27 12:25:59 - machine was rebootedComboFix-quarantined-files.txt 2012-06-27 11:25.Pre-Run: 244,225,970,176 bytes freePost-Run: 243,941,584,896 bytes free.- - End Of File - - 8E0E0A2319F78B4C817C15921575DAC0 Link to post Share on other sites More sharing options...
denny222 Posted June 27, 2012 Author ID:564723 Share Posted June 27, 2012 searchnu tab Link to post Share on other sites More sharing options...
MrCharlie Posted June 27, 2012 ID:564725 Share Posted June 27, 2012 Please download SystemLook from the link below and save it to your Desktop.http://jpshortstuff....temLook_x64.exeDouble-click SystemLook.exe to run it.Copy the content of the following codebox into the main textfield::filefind*searchnu*:folderfind*searchnu*:regfind*searchnu*Click the Look button to start the scan.When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txtEDIT: I'll be away from the forum for a while, so please be patient.MrC Link to post Share on other sites More sharing options...
denny222 Posted June 27, 2012 Author ID:564731 Share Posted June 27, 2012 Interesting;SystemLook 30.07.11 by jpshortstuffLog created at 13:05 on 27/06/2012 by DennyAdministrator - Elevation successful========== filefind ==========Searching for "*searchnu*"No files found.========== folderfind ==========Searching for "*searchnu*"No folders found.========== regfind ==========Searching for "*searchnu*"No data found.-= EOF =-No worries, patient is my middle name. Link to post Share on other sites More sharing options...
denny222 Posted June 27, 2012 Author ID:564733 Share Posted June 27, 2012 Thought the page source info might be useful i.e. searchnu. <!doctype HTML> <HEAD> <META http-equiv=content-type content="text/html; charset=UTF-8"> <LINK rel="shortcut icon" type="image/x-icon" href="/favicon.ico" /> <LINK rel="icon" type="image/x-icon" href="/favicon.ico" /> <SCRIPT language="javaScript" src="/scripts/general.js"></SCRIPT> <TITLE>Search</TITLE> <STYLE> BODY {margin-top:6px;font-family: arial,sans-serif;background:url('/images/search/gradients.gif') repeat-x 0 -31px;} FORM {margin:0;padding:0;} .searchButton {display:-moz-inline-box;display:inline-block;height:32px;margin:0;border-bottom:1px solid #e7e7e7;border-right:1px solid #e7e7e7;cursor:pointer;} .searchButton span {display:-moz-box;display:inline-block;height:30px;border-width:1px;border-style:solid;border-color:#cccccc #999999 #999999 #cccccc;border-left:none;cursor:pointer;} .searchButton span input {line-height:0.9em;font-size:15px;height:30px;vertical-align:top;background:url('/images/search/gradients.gif') repeat-x 0 0;border:0 !important;padding-left:0;padding-right:0;margin:0 !important;width:78px;cursor:pointer;} .sepText {font: arial,sans-serif;color:#A5A5A5;} .tabText {font: arial,sans-serif; font-weight:bold;color:#000000;text-decoration: none;cursor:text} .copyrightsText {font: arial,sans-serif;color:#000000;} .regLink:link {font: arial,sans-serif;color:#0000C6;} .regLink:visited {font: arial,sans-serif;color:#0000C6;} .regLink:hover {font: arial,sans-serif;color:#0000C6;} .optLink:link {display:block;padding:0.2em 0.5em;text-decoration:none;color:#0000C6;width:69px;} .optLink:visited {display:block;padding:0.2em 0.5em;text-decoration:none;color:#0000C6;width:69px;} .optLink:hover {display:block;padding:0.2em 0.5em;text-decoration:underline;color:#ecfff6;background-color:#558be3;width:69px;} .smallLink:link {font: arial,sans-serif;color:#0000C6;} .smallLink:visited {font: arial,sans-serif;color:#0000C6;} .smallLink:hover {font: arial,sans-serif;color:#0000C6;} LABEL {font-size:12px;} .boxHeader {border-top:1px solid #E5ECF9;border-left:1px solid #E5ECF9;border-right:1px solid #E5ECF9;padding:5px; font: arial,sans-serif; color:#000000;} .boxContent {border:1px solid #E5ECF9;background-color:#E5ECF9;padding:5px;} .searchLanguageHidden { visibility:hidden; } .searchCountryHidden { display:none; } .logoHidden {display:none;} .quickLinksArea {text-align:left;color:#414141; font-size:16px; font:arial; font-weight:normal;} .quickLinksAreaMainTable {width:220px;} .quickLinksMainTable {width:220px;} .quickLinksArea {text-align:center;} .quickLinksAreaMainTable {width:320px;} .quickLinksMainTable {width:320px;} .quickLinksTitle {white-space:nowrap;} .quickLinksTable TD {text-align:left;height:26px;white-space:nowrap;} .quickLinksTable TD A {font-size:12px;height:26px;line-height:26px;text-decoration:none;color:#0000C6;white-space:nowrap;} .quickLinksTable TD A DIV {float:left;width:26px;margin-right:5px;height:26px;background-image:url('/images/search/spritesV4.gif');background-repeat:no-repeat;} #languageSelection {position:absolute;} #languageTable {border-top:1px solid #c9d7f1;border-left:1px solid #a2bae7;border-bottom:1px solid #3366cc;border-right:1px solid #3366cc;} #languageTable TD {font-size:12px;text-align:center;border:1px solid #ffffff} #bottomLinks A {color:#0000C6;} #languageTable A {display:block;padding:6px;color:#0000C6;} #languageTable A:hover {display:block;padding:6px;background-color:#4169e1;color:#ffffff;} #languagesLink {color:#0000C6;text-decoration: none;} .tableDir {direction:ltr} #headerMenu {float:left;height:22px;font-size:13px;} #headerMenu TD {vertical-align:top;} #dateTimeHeader {text-align:right;font-size:12px;color:#747272;padding-top:1px;} #moreOpts {margin:6px 0 0 0;background-color:#ffffff;border-width:1px;border-style:solid;border-color:#c9d7f1 #3366cc #3366cc #a2bae7;} INPUT, DIV {-moz-box-sizing:content-box;outline: none;font-family:arial, sans-serif;} .queryContainer { zoom: 1;border-width:1px;border-style:solid;border-color:#cccccc #a6a498 #999999 #a6a498;} #query {display:block;width:100%;border:0;height:25px;margin:0;padding:5px 6px 0 6px;float:left;vertical-align:top;font-size:18px;font-weight:400;} .rtlInputPadding {padding-left:0;} .ltrInputPadding {padding-left:12px;} .SGTable {font-size:17px;font-weight:400;cursor:default;line-height:22px;border-right:1px solid white;z-index:99;background:white;position:absolute;margin:31px 0 0 0;visibility:hidden;} .SGTable .topTd {border-width:1px 1px 0 1px;border-style:solid;border-color:#a2bff0 #558be3 #558be3 #a2bff0;} .SGTable TD {border-width:0 1px;border-style:solid;border-color:#a2bff0 #558be3 #558be3 #a2bff0;} .SGLineHighlight {background:#d5e2ff;} .SGLine {white-space:nowrap;overflow:hidden;text-align:left;padding-left:6px;padding-bottom:1px;} .SGLineRtl {white-space:nowrap;overflow:hidden;text-align:right;padding-right:6px;padding-bottom:1px;} .SGClose td {padding:0 3px 2px;text-align:right;font-size:10px;line-height:15px;border-width:0 1px 1px 1px;border-style:solid;border-color:#a2bff0 #558be3 #558be3 #a2bff0;} .SGClose span {color:#00c;text-decoration:underline;cursor:pointer;padding-right:5px;} </STYLE> <SCRIPT> var suggestCountry = "gb"; var suggestLanguage = "en"; var dirName = ""; var localeCountry = "gb"; localeCountry = localeCountry == "za" ? "" : localeCountry; systemId = "406"; var gaCodePrefix = "/searchnu/system[406]/en"; webResultsUrl = "http://uk.search-results.com/web?l=dis&o=100000051&q="; imageResultsUrl = "http://uk.search-results.com/pictures?l=dis&o=14899&q="; videoResultsUrl = "http://uk.search-results.com/videos?l=dis&o=14900&q="; useAtb = {web:true, images:true, videos:true}; atbOrigin = {web:"100000051", images:"14899", videos:"14900"}; atb = "sysid%3D406%3Auid%3D4ac2133a1aa6b639%3Auc%3D1340796705%3Ab%3DSearchnu"; var languageOptionData = {name: "dm", value: ["", "lang", "ctry"]}; function toggleMoreOptions(pShow) { var moreOpts = document.getElementById("moreOpts"); if (pShow && moreOpts.style.display == "none") { moreOpts.style.display = ""; } else { moreOpts.style.display = "none"; } } function closeMoreOptions(event) { elem = getEventElement(event); if (elem.id != "moreOptsLink" && (elem.parentNode && elem.parentNode.id != "moreOptsLink")) { toggleMoreOptions(false); } } function getDateTime() { var days = new Array("Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"); var monthes = new Array("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"); var date = new Date(); var currDay = date.getDay(); var currDate = date.getDate(); var currMonth = date.getMonth(); var currHour = date.getHours(); var amPm = ""; if (currHour < 12) { amPm = "AM"; if (currHour == 0) { currHour = 12; } } else { amPm = "PM"; if (currHour > 12) { currHour = currHour - 12; } } var currMinute = date.getMinutes() + ""; if (currMinute.length == 1) currMinute = "0" + currMinute; document.getElementById("date").innerHTML = days[currDay] + ", " + monthes[currMonth] + " " + currDate; document.getElementById("time").innerHTML = currHour + ":" + currMinute + " " + amPm; document.getElementById("dateTimeHeader").style.visibility = ""; setTimeout(getDateTime, 60 * 1000); } function trackLink(linkObj, trackingCode) { pageTracker._trackPageview(trackingCode); setTimeout(function(){location=linkObj.href;}, 100); return false; } window.ssgObj = {}; window.onload = function () { ssgObj.y={first:[]};window.setTimeout(function(){var xjs=document.createElement('script');xjs.src='/scripts/searchSuggest.js';document.getElementsByTagName('head')[0].appendChild(xjs)},0);ssgObj.y.first.push(function(){ssgObj.ac.i(document.f,document.f.q, suggestLanguage, suggestCountry, true, document.getElementById('SGTable'));try{ssgObj.ac.tc("close");}catch(e){}}); ssgObj.xjs_ready=1; sf(); handleLanguageTableDisplay(); _addEventToObj(document, "click", closeMoreOptions); getDateTime(); var ebayPixel = new Image(); ebayPixel.src = "http://rover.ebay.com/ar/1/710-53481-19255-0/1?adtype=1&size=1x1&type=1&campid=5336102271&toolid=10001&customid=&mpt="+Math.floor(Math.random()*999999999999); } </SCRIPT> </HEAD> <BODY> <DIV> <DIV> <DIV id="headerMenu"> <NOBR> <TABLE cellspacing="0" cellpadding="0" border="0" class="tableDir"> <TR> <TD><A id="0a" onClick="pageTracker._trackPageview(gaCodePrefix+'/Web');showWebTab();document.getElementById('query').focus();return false;" class="tabText" href="#">Web</A> </TD> <TD><A id="1a" onClick="pageTracker._trackPageview(gaCodePrefix+'/Images');showImagesTab();document.getElementById('query').focus();return false;" class="regLink" href="#">Images</A> </TD> <TD><A id="2a" onClick="pageTracker._trackPageview(gaCodePrefix+'/Videos');showVideosTab();document.getElementById('query').focus();return false;" class="regLink" href="#">Videos</A> </TD> <TD><A class="regLink" onClick="return trackLink(this, gaCodePrefix+'/Maps');" href="http://maps.google.com/">Maps</A> </TD> <TD><A class="regLink" onClick="return trackLink(this, gaCodePrefix+'/News');" href="http://news.google.com/">News</A> </TD> <TD><A id="8a" onClick="pageTracker._trackPageview(gaCodePrefix+'/Shopping');showShoppingTab();document.getElementById('query').focus();return false;" class="regLink" href="#">Shopping</A> </TD> <TD><A id="moreOptsLink" class="regLink" style="text-decoration:none;" onclick="this.blur();toggleMoreOptions(true);return false;" href="#"><U>more</U> <SMALL>▼</SMALL></A> <DIV id="moreOpts" style="display:none;"> <TABLE cellpadding="0" cellspacing="0" border="0" style="direction:ltr;"> <TR> <TD> <A class="regLink optLink" onClick="return trackLink(this, gaCodePrefix+'/Translation');" href="http://translate.google.com/">Translation</A> </TD> </TR> <TR> <TD> <A class="regLink optLink" onClick="return trackLink(this, gaCodePrefix+'/Recipes');" href="http://allrecipes.com/">Recipes</A> </TD> </TR> <TR> <TD> <A class="regLink optLink" onClick="return trackLink(this, gaCodePrefix+'/Finance');" href="http://finance.google.com/">Finance</A> </TD> </TR> </TABLE> </DIV> </TD> </TR> </TABLE> </NOBR> </DIV> <DIV id="dateTimeHeader" width="100%" style="visibility:hidden;"> <NOBR> <SPAN id="date"></SPAN> | <SPAN id="time"></SPAN> </NOBR> </DIV> </DIV> </DIV> <CENTER> <DIV style="padding-top:118px;"> <FORM action="web" onSubmit="submitForm();try{ssgObj.ac.hs();}catch(e){}return false;" onkeypress="if (event.keyCode == 13) { this.onsubmit();return false;}" name="f" target="_top"> <DIV style="position: relative;min-width:424px;max-width:553px;_width:553px;"> <TABLE cellspacing="0" cellpadding="0" border="0" width="100%"> <TR> <TD width="100%" style="text-align:left;"> <INPUT type="hidden" name="src" id="src" value=""/> <INPUT type="hidden" name="hl" id="hl" value="en"> <TABLE width="100%" class="SGTable" id="SGTable" cellspacing="0" cellpadding="0" border="0"> </TABLE> <TABLE cellspacing="0" cellpadding="0" border="0" width="100%"> <TR> <TD align="left" width="100%" style="border-bottom:1px solid #e7e7e7;"> <DIV class="queryContainer" id="queryContainer"> <TABLE cellspacing="0" cellpadding="0" border="0" width="100%" class="tableDir"> <TR> <TD class="rtlInputPadding"> </TD> <TD style="width:100%"> <INPUT title="Web Search" maxLength="2048" name="q" id="query" autocomplete="off"> </TD> <TD class="ltrInputPadding"> </TD> </TR> </TABLE> </DIV> </TD> <TD> <SPAN class="searchButton"><SPAN><INPUT type="submit" value="Search" id="btnWebSearch" onClick="gotoResults(1,1);return false;"><INPUT type="submit" value="Search" id="btnImagesSearch" style="display:none" onClick="gotoImages(document.f.q.value);return false;"><INPUT type="submit" value="Search" id="btnVideosSearch" style="display:none" onClick="gotoVideos(document.f.q.value);return false;"><INPUT type="submit" value="Search" id="btnShoppingSearch" onClick="gotoShopping(document.f.q.value);return false;" style="display:none;"></SPAN></SPAN> </TD> </TR> </TABLE> </TD> </TR> <TR> <TD align="center" style="padding-top:4px;"> <SPAN style="line-height:20px;"><BR/></SPAN> </TD> </TR> </TABLE> </DIV> <DIV style="min-width:424px;max-width:728px;_width:728px;text-align:center;"> <TABLE cellspacing="0" cellpadding="0" border="0" width="100%" style="margin:0 auto;"> <TR> <TD height="47"></TD> </TR> <!-- Banner Layout Start --> <TR> <TD class="quickLinksArea"> <TABLE cellpadding="0" cellspacing="0" border="0" class="quickLinksAreaMainTable" style="margin:0 auto;"> <TR> <TD class="quickLinksTitle">Recommended Sites:</TD> </TR> <TR> <TD height="8"></TD> </TR> <TR> <TD class="quickLinksTable"> <TABLE cellpadding="0" cellspacing="0" border="0" class="quickLinksMainTable tableDir"> <TR> <TD style="width:100px;"><A href="http://www.facebook.com" onClick="return trackLink(this, gaCodePrefix+'/Facebook');" title="Facebook"><DIV style="background-position:0 0;"></DIV><U>Facebook</U></A></TD> <TD style="width:110px;"><A href="http://fungames.miniclip.com" onClick="pageTracker._trackPageview(gaCodePrefix+'/GamesFG');" title="Free Games" target="_blank"><DIV style="background-position:0 -78px;"></DIV><U>Free Games</U></A></TD> <TD style="width:100px;"><A href="http://www.oneclickdeal.net/cgi/ia.cgi" onClick="return trackLink(this, gaCodePrefix+'/Amazon');" title="Amazon"><DIV style="background-position:0 -130px;"></DIV><U>Amazon</U></A></TD> </TR> <TR><TD style="background-image:none;height:8px;"></TD></TR> <TR> <TD style="width:100px;"><A href="http://www.ftalk.com/?r=128" onClick="return trackLink(this, gaCodePrefix+'/fTalk');" title="Chat Now"><DIV style="background-position:0 -104px;"></DIV><U>Chat Now</U></A></TD> <TD style="width:110px;"><A href="http://www.youtube.com" onClick="return trackLink(this, gaCodePrefix+'/YouTube');" title="YouTube"><DIV style="background-position:0 -26px;"></DIV><U>YouTube</U></A></TD> <TD style="width:100px;"><A href="http://www.ebay.com/" onClick="return trackLink(this, gaCodePrefix+'/eBay');" onmousedown="this.href='http://www.ebay.com/';return true;" title="eBay"><DIV style="background-position:0 -52px;"></DIV><U>eBay</U></A></TD> </TR> </TABLE> </TD> </TR> </TABLE> </TD> </TR> <!-- Banner Layout End --> <TR> <TD height="70px"></TD> </TR> <!--TR> <TD height="90px" style="width:728px;height:92px;padding-bottom:30px;"><IFRAME id="adContainer" width="728" height="90" frameborder="0" scrolling="no" hspace="0" vspace="0" marginwidth="0" marginheight="0" allowtransparency="yes" style="border:0;width:728px;height:90px;"></IFRAME></TD> </TR--> <TR> <TD align="center" id="bottomLinks" style="padding-top:20px;"> <TABLE cellpadding="0" cellspacing="0" border="0"> <TR> <TD style="padding-top:16px;"><FONT size="-1"><A href="#" id="languagesLink" onclick="showHideLanguages(true);return false;" onfocus="this.blur();"><U>More Languages</U> <FONT size="-2">▼</FONT></A> </FONT></TD> <TD><div id="languageSelection" style="display:none;"><table id="languageTable" class="languageTable" cellpadding="0" cellspacing="0" border="0"><tr><td><a href="#" onclick="gotoTranslation('ar');return false;">العربية</a></td><td><a href="#" onclick="gotoTranslation('cs');return false;">Česky</a></td><td><a href="#" onclick="gotoTranslation('da');return false;">Dansk</a></td><tr><tr><td><a href="#" onclick="gotoTranslation('de');return false;">Deutsch</a></td><td><a href="#" onclick="gotoTranslation('el');return false;">Ελληνικά</a></td><td><a href="#" onclick="gotoTranslation('en');return false;">English</a></td><tr><tr><td><a href="#" onclick="gotoTranslation('es');return false;">Español</a></td><td><a href="#" onclick="gotoTranslation('fr');return false;">Français</a></td><td><a href="#" onclick="gotoTranslation('he');return false;">עברית</a></td><tr><tr><td><a href="#" onclick="gotoTranslation('hr');return false;">Hrvatski</a></td><td><a href="#" onclick="gotoTranslation('it');return false;">Italiano</a></td><td><a href="#" onclick="gotoTranslation('nl');return false;">Nederlands</a></td><tr><tr><td><a href="#" onclick="gotoTranslation('no');return false;">Norsk</a></td><td><a href="#" onclick="gotoTranslation('pl');return false;">Polski</a></td><td><a href="#" onclick="gotoTranslation('pt');return false;">Português</a></td><tr><tr><td><a href="#" onclick="gotoTranslation('ro');return false;">Română</a></td><td><a href="#" onclick="gotoTranslation('sk');return false;">Slovenčina</a></td><td><a href="#" onclick="gotoTranslation('sr');return false;">Српски</a></td><tr><tr><td><a href="#" onclick="gotoTranslation('sv');return false;">Svensk</a></td><td><a href="#" onclick="gotoTranslation('th');return false;">ภาษาไทย</a></td><td><a href="#" onclick="gotoTranslation('tr');return false;">Türk</a></td><tr><tr><td><a href="#" onclick="gotoTranslation('vi');return false;">Việt</a></td><td><a href="#" onclick="gotoTranslation('zh');return false;">中文</a></td></table></div></TD> </TR> </TABLE> </TD> </TR> <TR> <TD align="center" class="copyrightsText" style="padding-top:11px;"><FONT size="-2">©2012 - <a href="http://www.searchnu.com/privacy/" class="regLink">Privacy</a></FONT></TD> </TR> </TABLE> </DIV> </FORM> </DIV> </CENTER> <script type="text/javascript"> document.write(unescape("%3Cscript src='http://www.google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> document.getElementById("src").value = params["src"]!= undefined ? params["src"] : (dirName != "" ? "hmp_" + dirName : "hmp"); atb = addAtbElement(atb, "src", document.getElementById("src").value); try { var pageTracker = _gat._getTracker("UA-2753884-6"); pageTracker._setDomainName("."+SEARCH_SITE_DOMAIN); pageTracker._setDetectFlash(false); pageTracker._initData(); pageTracker._trackPageview(gaCodePrefix); } catch(e) { } </script> </BODY> </HTML> Link to post Share on other sites
Recommended Posts